CVE-2025-8579 - Google Chrome Picture In Picture UI Spoofing Vulnerability
CVE ID : CVE-2025-8579
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8579
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8580 - Google Chrome Filesystems UI Spoofing Vulnerability
CVE ID : CVE-2025-8580
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8580
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8581 - Google Chrome Extensions Cross-Origin Data Leakage
CVE ID : CVE-2025-8581
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8581
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8582 - Google Chrome URL Bar Spoofing Vulnerability
CVE ID : CVE-2025-8582
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8582
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8583 - Google Chrome Permissions UI Spoofing Vulnerability
CVE ID : CVE-2025-8583
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8583
Published : Aug. 7, 2025, 2:15 a.m. | 21 minutes ago
Description : Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32094 - Akamai Ghost HTTP Request Smuggling Vulnerability
CVE ID : CVE-2025-32094
Published : Aug. 7, 2025, 5:15 a.m. | 1 hour, 20 minutes ago
Description : An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32094
Published : Aug. 7, 2025, 5:15 a.m. | 1 hour, 20 minutes ago
Description : An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29866 - TAGFREE X-Free Uploader Path Traversal Vulnerability
CVE ID : CVE-2025-29866
Published : Aug. 7, 2025, 6:15 a.m. | 20 minutes ago
Description : : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29866
Published : Aug. 7, 2025, 6:15 a.m. | 20 minutes ago
Description : : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35970 - SEIKO EPSON and FUJIFILM SNMP Guessable Administrator Password Vulnerability
CVE ID : CVE-2025-35970
Published : Aug. 7, 2025, 6:15 a.m. | 20 minutes ago
Description : On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35970
Published : Aug. 7, 2025, 6:15 a.m. | 20 minutes ago
Description : On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8533 - Fantastical XPC Services Unauthenticated Remote Code Execution
CVE ID : CVE-2025-8533
Published : Aug. 7, 2025, 10:15 a.m. | 21 minutes ago
Description : A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8533
Published : Aug. 7, 2025, 10:15 a.m. | 21 minutes ago
Description : A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52680 - EyouCMS Cross Site Scripting Vulnerability
CVE ID : CVE-2024-52680
Published : Aug. 7, 2025, 2:15 p.m. | 21 minutes ago
Description : EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52680
Published : Aug. 7, 2025, 2:15 p.m. | 21 minutes ago
Description : EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55401 - 4C Strategies Exonaut Directory Traversal Vulnerability
CVE ID : CVE-2024-55401
Published : Aug. 7, 2025, 2:15 p.m. | 21 minutes ago
Description : An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55401
Published : Aug. 7, 2025, 2:15 p.m. | 21 minutes ago
Description : An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34152 - "Aitemi M300 Wi-Fi Repeater OS Command Injection"
CVE ID : CVE-2025-34152
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34152
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54392 - Netwrix Directory Manager Cross-Site Scripting
CVE ID : CVE-2025-54392
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54392
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54393 - Netwrix Directory Manager Static Code Injection Vulnerability
CVE ID : CVE-2025-54393
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54393
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54394 - Netwrix Directory Manager Insufficiently Protected Credentials Vulnerability
CVE ID : CVE-2025-54394
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54394
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54395 - Netwrix Directory Manager XSS Vulnerability
CVE ID : CVE-2025-54395
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54395
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54396 - Netwrix Directory Manager SQL Injection
CVE ID : CVE-2025-54396
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54396
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54397 - Netwrix Directory Manager Information Disclosure Vulnerability
CVE ID : CVE-2025-54397
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54397
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55137 - Apache LinkJoin Authentication Bypass
CVE ID : CVE-2025-55137
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : LinkJoin through 882f196 mishandles lacks type checking in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55137
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : LinkJoin through 882f196 mishandles lacks type checking in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55138 - LinkJoin Password Reset Token Ownership Vulnerability
CVE ID : CVE-2025-55138
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : LinkJoin through 882f196 mishandles token ownership in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55138
Published : Aug. 7, 2025, 5:15 p.m. | 1 hour, 21 minutes ago
Description : LinkJoin through 882f196 mishandles token ownership in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-40992 - Apache Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2023-40992
Published : Aug. 7, 2025, 6:15 p.m. | 21 minutes ago
Description : Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-40992
Published : Aug. 7, 2025, 6:15 p.m. | 21 minutes ago
Description : Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...