CVE-2025-8537 - Axiomatic Bento4 AP4_DataBuffer Buffer Overflow
CVE ID : CVE-2025-8537
Published : Aug. 5, 2025, 1:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8537
Published : Aug. 5, 2025, 1:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8538 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8538
Published : Aug. 5, 2025, 1:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8538
Published : Aug. 5, 2025, 1:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8539 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8539
Published : Aug. 5, 2025, 2:15 a.m. | 20 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8539
Published : Aug. 5, 2025, 2:15 a.m. | 20 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53417 - DIAView Directory Traversal Information Disclosure Vulnerability
CVE ID : CVE-2025-53417
Published : Aug. 5, 2025, 3:15 a.m. | 3 hours, 20 minutes ago
Description : DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53417
Published : Aug. 5, 2025, 3:15 a.m. | 3 hours, 20 minutes ago
Description : DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8540 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8540
Published : Aug. 5, 2025, 3:15 a.m. | 3 hours, 20 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8540
Published : Aug. 5, 2025, 3:15 a.m. | 3 hours, 20 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8541 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8541
Published : Aug. 5, 2025, 3:15 a.m. | 3 hours, 20 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8541
Published : Aug. 5, 2025, 3:15 a.m. | 3 hours, 20 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54974 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-54974
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54974
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54975 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54975
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54975
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution
CVE ID : CVE-2025-54976
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54976
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54977 - Microsoft Azure Storage Rejected Reason
CVE ID : CVE-2025-54977
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54977
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54978 - Apache HTTP Server HTTP Header Injection
CVE ID : CVE-2025-54978
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54978
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54979 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-54979
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54979
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54980 - Adobe Flash Player Arbitrary Command Execution
CVE ID : CVE-2025-54980
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54980
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8542 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8542
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8542
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8543 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8543
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8543
Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54868 - LibreChat Meilisearch Engine Information Disclosure
CVE ID : CVE-2025-54868
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54868
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8544 - Portabilis i-Educar Cross Site Scripting Vulnerability
CVE ID : CVE-2025-8544
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8544
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8545 - Portabilis i-Educar Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8545
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8545
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8546 - Atjiu Pybbs Captcha Guessing Vulnerability (Remote)
CVE ID : CVE-2025-8546
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8546
Published : Aug. 5, 2025, 5:15 a.m. | 1 hour, 19 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54982 - Zscaler SAML Authentication Signature Forgery
CVE ID : CVE-2025-54982
Published : Aug. 5, 2025, 6:15 a.m. | 20 minutes ago
Description : An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54982
Published : Aug. 5, 2025, 6:15 a.m. | 20 minutes ago
Description : An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8547 - Atjiu Pybbs Email Verification Handler Remote Authorization Bypass Vulnerability
CVE ID : CVE-2025-8547
Published : Aug. 5, 2025, 6:15 a.m. | 20 minutes ago
Description : A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8547
Published : Aug. 5, 2025, 6:15 a.m. | 20 minutes ago
Description : A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...