CVE-2025-8419 - Keycloak SMTP Injection Vulnerability
CVE ID : CVE-2025-8419
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8419
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8665 - Agno-agi Agno Os Command Injection Vulnerability
CVE ID : CVE-2025-8665
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8665
Published : Aug. 6, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8667 - SkyworkAI DeepResearchAgent OS Command Injection Vulnerability
CVE ID : CVE-2025-8667
Published : Aug. 6, 2025, 6:15 p.m. | 20 minutes ago
Description : A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8667
Published : Aug. 6, 2025, 6:15 p.m. | 20 minutes ago
Description : A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38746 - Dell SupportAssist OS Recovery Exposure of Sensitive Information to an Unauthorized Actor
CVE ID : CVE-2025-38746
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38746
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38747 - Dell SupportAssist Elevation of Privileges Vulnerability
CVE ID : CVE-2025-38747
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38747
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45764 - jsrsasign RSA Key Encryption Weakness
CVE ID : CVE-2025-45764
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : jsrsasign v11.1.0 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45764
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : jsrsasign v11.1.0 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45766 - Poco Weak Encryption Vulnerability
CVE ID : CVE-2025-45766
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : poco v1.14.1-release was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45766
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : poco v1.14.1-release was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46659 - "4C Strategies Exonaut External HTTPS Information Disclosure"
CVE ID : CVE-2025-46659
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46659
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51624 - Zone Bitaqati Cross-Site Scripting (XSS)
CVE ID : CVE-2025-51624
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51624
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 20 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55398 - 4C Strategies Exonaut Insecure Permissions Vulnerability
CVE ID : CVE-2024-55398
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55398
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55399 - 4C Strategies Exonaut SSRF
CVE ID : CVE-2024-55399
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55399
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55402 - 4C Strategies Exonaut Authentication Bypass Vulnerability
CVE ID : CVE-2024-55402
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55402
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46660 - 4C Strategies Exonaut Hashing Without Salt Vulnerability
CVE ID : CVE-2025-46660
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46660
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47908 - Apache Middleware Denial of Service Vulnerability
CVE ID : CVE-2025-47908
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47908
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50740 - AutoConnect Arduino Library XSS Vulnerability
CVE ID : CVE-2025-50740
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50740
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51052 - Vedo Suite Path Traversal Vulnerability
CVE ID : CVE-2025-51052
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51052
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51053 - Vedo Suite Cross-site Scripting (XSS)
CVE ID : CVE-2025-51053
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51053
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51054 - Vedo Suite Authentication Bypass
CVE ID : CVE-2025-51054
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51054
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51055 - Vedo Suite Insecure Data Storage Vulnerability
CVE ID : CVE-2025-51055
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51055
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51056 - Vedo Suite Unrestricted File Upload RCE
CVE ID : CVE-2025-51056
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51056
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51057 - Vedo Suite LFI Vulnerability
CVE ID : CVE-2025-51057
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51057
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 20 minutes ago
Description : A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...