CVE-2025-8369 - Portabilis i-Educar Cross Site Scripting Vulnerability
CVE ID : CVE-2025-8369
Published : July 31, 2025, 6:15 a.m. | 3 hours, 47 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the argument titulo_avaliacao leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8369
Published : July 31, 2025, 6:15 a.m. | 3 hours, 47 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the argument titulo_avaliacao leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8370 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8370
Published : July 31, 2025, 7:15 a.m. | 2 hours, 47 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8370
Published : July 31, 2025, 7:15 a.m. | 2 hours, 47 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8371 - Code-projects Exam Form Submission SQL Injection Vulnerability
CVE ID : CVE-2025-8371
Published : July 31, 2025, 7:15 a.m. | 2 hours, 47 minutes ago
Description : A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8371
Published : July 31, 2025, 7:15 a.m. | 2 hours, 47 minutes ago
Description : A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36563 - PowerCMS Cross-Site Scripting (XSS)
CVE ID : CVE-2025-36563
Published : July 31, 2025, 8:15 a.m. | 1 hour, 48 minutes ago
Description : Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36563
Published : July 31, 2025, 8:15 a.m. | 1 hour, 48 minutes ago
Description : Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41391 - PowerCMS Cross-Site Scripting (XSS)
CVE ID : CVE-2025-41391
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41391
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41396 - PowerCMS Path Traversal Vulnerability
CVE ID : CVE-2025-41396
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41396
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46359 - PowerCMS Path Traversal RCE Vulnerability
CVE ID : CVE-2025-46359
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46359
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54752 - PowerCMS CSV Injection Vulnerability
CVE ID : CVE-2025-54752
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54752
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54757 - PowerCMS Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-54757
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54757
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7205 - GiveWP Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7205
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with GiveWP worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Additionally, they need to trick an administrator into visiting the legacy version of the site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7205
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with GiveWP worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Additionally, they need to trick an administrator into visiting the legacy version of the site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8372 - Exam Form Submission SQL Injection Vulnerability
CVE ID : CVE-2025-8372
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8372
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8373 - Code-projects Vehicle Management SQL Injection
CVE ID : CVE-2025-8373
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8373
Published : July 31, 2025, 8:15 a.m. | 1 hour, 47 minutes ago
Description : A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24853 - Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-24853
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this kind of attack too. Apache JSPWiki users should upgrade to 2.12.3 or later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24853
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this kind of attack too. Apache JSPWiki users should upgrade to 2.12.3 or later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24854 - Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-24854
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24854
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8192 - Android TvSettings AppRestrictionsFragment Launch Anywhere Vulnerability
CVE ID : CVE-2025-8192
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8192
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8374 - Code-projects Vehicle Management SQL Injection Vulnerability
CVE ID : CVE-2025-8374
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8374
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8375 - Apache Code-projects Vehicle Management SQL Injection Vulnerability
CVE ID : CVE-2025-8375
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8375
Published : July 31, 2025, 9:15 a.m. | 47 minutes ago
Description : A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2813 - Apache HTTP Server DoS
CVE ID : CVE-2025-2813
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2813
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40980 - UltimateFosters UltimatePOS Stored Cross Site Scripting
CVE ID : CVE-2025-40980
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40980
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41688 - Apache Solr Command Injection Vulnerability
CVE ID : CVE-2025-41688
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41688
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8376 - Code-projects Vehicle Management SQL Injection Vulnerability
CVE ID : CVE-2025-8376
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8376
Published : July 31, 2025, 10:15 a.m. | 1 hour, 56 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...