CVE-2025-38497 - Linux Kernel USB Gadget configfs Out-of-Bounds Read
CVE ID : CVE-2025-38497
Published : July 28, 2025, 12:15 p.m. | 1 hour, 46 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38497
Published : July 28, 2025, 12:15 p.m. | 1 hour, 46 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5997 - Beamsec PhishPro Privileged API Abuse
CVE ID : CVE-2025-5997
Published : July 28, 2025, 12:15 p.m. | 1 hour, 46 minutes ago
Description : Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5997
Published : July 28, 2025, 12:15 p.m. | 1 hour, 46 minutes ago
Description : Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8274 - Campcodes Online Recruitment Management System SQL Injection Vulnerability
CVE ID : CVE-2025-8274
Published : July 28, 2025, 12:15 p.m. | 1 hour, 46 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8274
Published : July 28, 2025, 12:15 p.m. | 1 hour, 46 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4056 - GLib Windows Command Line Denial of Service
CVE ID : CVE-2025-4056
Published : July 28, 2025, 1:15 p.m. | 46 minutes ago
Description : A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4056
Published : July 28, 2025, 1:15 p.m. | 46 minutes ago
Description : A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54569 - Malwarebytes Binisoft Windows Firewall Control Privilege Escalation
CVE ID : CVE-2025-54569
Published : July 28, 2025, 1:15 p.m. | 46 minutes ago
Description : In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54569
Published : July 28, 2025, 1:15 p.m. | 46 minutes ago
Description : In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8275 - Peru Cocktails App Android Improper Component Export Vulnerability
CVE ID : CVE-2025-8275
Published : July 28, 2025, 1:15 p.m. | 46 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8275
Published : July 28, 2025, 1:15 p.m. | 46 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53695 - iSTAR Ultra OS Command Injection Vulnerability
CVE ID : CVE-2025-53695
Published : July 28, 2025, 2:15 p.m. | 3 hours, 46 minutes ago
Description : OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53695
Published : July 28, 2025, 2:15 p.m. | 3 hours, 46 minutes ago
Description : OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8279 - GitLab Language Server GraphQL Query Injection Vulnerability
CVE ID : CVE-2025-8279
Published : July 28, 2025, 2:15 p.m. | 3 hours, 46 minutes ago
Description : Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8279
Published : July 28, 2025, 2:15 p.m. | 3 hours, 46 minutes ago
Description : Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30125 - Marbella KR8s Dashcam Weak Password Authentication Vulnerability
CVE ID : CVE-2025-30125
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30125
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53696 - iSTAR Ultra Firmware Verification Bypass Vulnerability
CVE ID : CVE-2025-53696
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53696
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54418 - CodeIgniter ImageMagick Command Injection Vulnerability
CVE ID : CVE-2025-54418
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54418
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49342 - IBM Informix Dynamic Server Authentication Bypass
CVE ID : CVE-2024-49342
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49342
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49343 - IBM Informix Dynamic Server HTML Injection Vulnerability
CVE ID : CVE-2024-49343
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49343
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2297 - Apache Struts Privilege Escalation Vulnerability
CVE ID : CVE-2025-2297
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2297
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6250 - Symantec Defendpoint Service Bypass
CVE ID : CVE-2025-6250
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6250
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50490 - PHPGurukul Student Result Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50493 - PHPGurukul Doctor Appointment Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50494 - PHPGurukul Car Washing Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50494
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50494
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54527 - JetBrains YouTrack Iframe Sandbox Bypass
CVE ID : CVE-2025-54527
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54527
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54528 - JetBrains TeamCity GitHub App CSRF Vulnerability
CVE ID : CVE-2025-54528
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54528
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54529 - JetBrains TeamCity CSRF Vulnerability
CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...