CVE-2025-55170 - WeGIA Reflected Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-55170
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 1 minute ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55170
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 1 minute ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55171 - WeGIA Unauthenticated File Deletion Vulnerability
CVE ID : CVE-2025-55171
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 1 minute ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55171
Published : Aug. 12, 2025, 9:15 p.m. | 1 hour, 1 minute ago
Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54222 - Substance3D Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-54222
Published : Aug. 12, 2025, 10:15 p.m. | 4 hours, 3 minutes ago
Description : Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54222
Published : Aug. 12, 2025, 10:15 p.m. | 4 hours, 3 minutes ago
Description : Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49456 - Zoom Windows Installer Race Condition Vulnerability
CVE ID : CVE-2025-49456
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49456
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49457 - Zoom Untrusted Search Path Privilege Escalation Vulnerability
CVE ID : CVE-2025-49457
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49457
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54229 - Adobe Framemaker Use After Free Vulnerability
CVE ID : CVE-2025-54229
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54229
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54230 - Adobe Framemaker Use-After-Free Vulnerability
CVE ID : CVE-2025-54230
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54230
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54231 - Adobe Framemaker Use After Free Vulnerability
CVE ID : CVE-2025-54231
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54231
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54232 - Adobe Framemaker Use After Free Vulnerability
CVE ID : CVE-2025-54232
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54232
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54233 - Adobe Framemaker Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-54233
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54233
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54238 - Dimension Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-54238
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54238
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8395 - "CVE-xxxx: Apache Struts SQL Injection Vulnerability"
CVE ID : CVE-2025-8395
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8395
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4276 - Intel UsbCoreDxe SMM Arbitrary Code Execution
CVE ID : CVE-2025-4276
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4276
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4277 - Intel Tcg2Smm SMM Execute Code Arbitrary Memory Write
CVE ID : CVE-2025-4277
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4277
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4410 - Cisco SetupUtility Buffer Overflow Vulnerability
CVE ID : CVE-2025-4410
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4410
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8879 - Google Chrome Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-8879
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8879
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8880 - Google Chrome V8 Race Condition Execution of Arbitrary Code
CVE ID : CVE-2025-8880
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8880
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8881 - Google Chrome File Picker Cross-Origin Data Leak
CVE ID : CVE-2025-8881
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8881
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8882 - Google Chrome Aura Use-After-Free Vulnerability
CVE ID : CVE-2025-8882
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8882
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8901 - Google Chrome ANGLE Out-of-Bounds Memory Access Vulnerability
CVE ID : CVE-2025-8901
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8901
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0818 - elFinder WordPress Plugin Directory Traversal Vulnerability
CVE ID : CVE-2025-0818
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0818
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...