CVE-2025-8294 - WordPress Download Counter Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8294
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8294
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8295 - WordPress Employee Directory Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8295
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8295
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8551 - Atjiu Pybbs Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8551
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8551
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8552 - Atjiu Pybbs Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8552
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8552
Published : Aug. 5, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8553 - Atjiu Pybbs Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8553
Published : Aug. 5, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8553
Published : Aug. 5, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8554 - Atjiu Pybbs Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8554
Published : Aug. 5, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8554
Published : Aug. 5, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8555 - Atjiu Pybbs Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8555
Published : Aug. 5, 2025, 10:15 a.m. | 20 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8555
Published : Aug. 5, 2025, 10:15 a.m. | 20 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54948 - Trend Micro Apex One Remote Code Execution
CVE ID : CVE-2025-54948
Published : Aug. 5, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54948
Published : Aug. 5, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54987 - Trend Micro Apex One Remote Code Execution Vulnerability
CVE ID : CVE-2025-54987
Published : Aug. 5, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54987
Published : Aug. 5, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52890 - IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-52890
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52890
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7025 - Rockwell Automation Arena Out-of-Bounds Memory Access Vulnerability
CVE ID : CVE-2025-7025
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7025
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7032 - Rockwell Automation Arena Memory Corruption Vulnerability
CVE ID : CVE-2025-7032
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7032
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7033 - Rockwell Automation Arena Memory Corruption Vulnerability
CVE ID : CVE-2025-7033
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7033
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27931 - PDF-XChange Editor Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-27931
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27931
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29745 - Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure
CVE ID : CVE-2025-29745
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29745
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2611 - ICTBroadcast Unauthenticated Remote Code Execution
CVE ID : CVE-2025-2611
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2611
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44964 - BlueStacks SSL Certificate Validation Weakness - Man-in-the-Middle
CVE ID : CVE-2025-44964
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44964
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46958 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-46958
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46958
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47152 - PDF-XChange Editor Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-47152
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47152
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50706 - Apache ThinkPHP Remote Code Execution Vulnerability
CVE ID : CVE-2025-50706
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50706
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50707 - ThinkPHP3 Remote Code Execution Vulnerability
CVE ID : CVE-2025-50707
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50707
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...