CVE-2025-54766 - Apache Appliance Unauthorized Configuration Export Vulnerability
CVE ID : CVE-2025-54766
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54766
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54767 - Xormon Original Process Kill Vulnerability
CVE ID : CVE-2025-54767
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54767
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54768 - Fortinet Web Application Configuration Log Download Information Disclosure Vulnerability
CVE ID : CVE-2025-54768
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54768
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54769 - Apache PERL Directory Traversal RCE
CVE ID : CVE-2025-54769
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54769
Published : July 29, 2025, 12:15 a.m. | 1 hour, 46 minutes ago
Description : An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54661 - Citrix NetScaler Denial of Service
CVE ID : CVE-2025-54661
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54661
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54662 - VMware Server Remote Code Execution
CVE ID : CVE-2025-54662
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54662
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
❤1
CVE-2025-54663 - Google Maps Unvalidated Redirect
CVE ID : CVE-2025-54663
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54663
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54664 - Apache HTTP Server Cross-Site Scripting (XSS)
CVE ID : CVE-2025-54664
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54664
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54665 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-54665
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54665
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54666 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-54666
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54666
Published : July 29, 2025, 3:15 a.m. | 2 hours, 46 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7809 - StreamWeasels Twitch Integration Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7809
Published : July 29, 2025, 4:15 a.m. | 1 hour, 46 minutes ago
Description : The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7809
Published : July 29, 2025, 4:15 a.m. | 1 hour, 46 minutes ago
Description : The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7810 - StreamWeasels Kick Integration Stored Cross-Site Scripting
CVE ID : CVE-2025-7810
Published : July 29, 2025, 4:15 a.m. | 1 hour, 46 minutes ago
Description : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7810
Published : July 29, 2025, 4:15 a.m. | 1 hour, 46 minutes ago
Description : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7811 - StreamWeasels YouTube Integration WordPress Stored Cross-Site Scripting
CVE ID : CVE-2025-7811
Published : July 29, 2025, 4:15 a.m. | 1 hour, 46 minutes ago
Description : The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7811
Published : July 29, 2025, 4:15 a.m. | 1 hour, 46 minutes ago
Description : The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3075 - Elementor Website Builder Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3075
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts sites with 'Element Caching' enabled.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3075
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts sites with 'Element Caching' enabled.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4370 - Brizy – Page Builder Unauthenticated File Upload Vulnerability
CVE ID : CVE-2025-4370
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4370
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4566 - Elementor Website Builder Stored Cross-Site Scripting
CVE ID : CVE-2025-4566
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This attack affects only Chrome/Edge browsers
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4566
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This attack affects only Chrome/Edge browsers
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53077 - Samsung DMS Execution After Redirect Privilege Escalation Vulnerability
CVE ID : CVE-2025-53077
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53077
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53078 - Samsung DMS Deserialization Code Execution Vulnerability
CVE ID : CVE-2025-53078
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53078
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53079 - Samsung DMS Path Traversal Vulnerability
CVE ID : CVE-2025-53079
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53079
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53080 - Samsung DMS Data Management Server Path Traversal Vulnerability
CVE ID : CVE-2025-53080
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53080
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53649 - "SwitchBot Sensitive Information Exposure"
CVE ID : CVE-2025-53649
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53649
Published : July 29, 2025, 5:15 a.m. | 46 minutes ago
Description : "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...