CVE-2025-37109 - HPE Telco Service Activator Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-37109
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37109
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37110 - HPE Telco Network Function Virtual Orchestrator Information Disclosure
CVE ID : CVE-2025-37110
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37110
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37111 - HPE Telco Network Function Virtual Orchestrator Authentication Key Storage Policy Information Disclosure
CVE ID : CVE-2025-37111
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37111
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37112 - HPE Telco Network Function Virtual Orchestrator Key Storage Policy Information Disclosure
CVE ID : CVE-2025-37112
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37112
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45769 - PHP JWT Weak Encryption Vulnerability
CVE ID : CVE-2025-45769
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : php-jwt v6.11.0 was discovered to contain weak encryption.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45769
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : php-jwt v6.11.0 was discovered to contain weak encryption.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45770 - "Auth0 JWT Weak Encryption Vulnerability"
CVE ID : CVE-2025-45770
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : jwt v5.4.3 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45770
Published : July 31, 2025, 8:15 p.m. | 1 hour, 56 minutes ago
Description : jwt v5.4.3 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50572 - Archer Technology RSA Archer Code Execution Vulnerability
CVE ID : CVE-2025-50572
Published : July 31, 2025, 8:15 p.m. | 1 hour, 55 minutes ago
Description : An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50572
Published : July 31, 2025, 8:15 p.m. | 1 hour, 55 minutes ago
Description : An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8286 - Güralp FMUS series Telnet Command Injection Vulnerability
CVE ID : CVE-2025-8286
Published : July 31, 2025, 8:15 p.m. | 1 hour, 55 minutes ago
Description : Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8286
Published : July 31, 2025, 8:15 p.m. | 1 hour, 55 minutes ago
Description : Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-32251 - Linux Kernel ksmbd Dictionary Attack Bypass
CVE ID : CVE-2023-32251
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-32251
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23289 - NVIDIA Omniverse Launcher Information Disclosure Vulnerability
CVE ID : CVE-2025-23289
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23289
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45768 - PyJWT Weak Encryption
CVE ID : CVE-2025-45768
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : pyjwt v2.10.1 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45768
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : pyjwt v2.10.1 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48071 - OpenEXR ZIPS-packed Deep Scan-Line Heap Buffer Overflow
CVE ID : CVE-2025-48071
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48071
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48072 - OpenEXR Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-48072
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48072
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48073 - OpenEXR NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 56 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8431 - PHPGurukul Boat Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5954 - WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability
CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54840 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54841 - Apache Struts SQL Injection
CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54842 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54843 - Fortinet DNS Server Insufficient Input Validation
CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54844 - Apache Struts Command Execution
CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...