CVE-2025-8395 - "CVE-xxxx: Apache Struts SQL Injection Vulnerability"
CVE ID : CVE-2025-8395
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8395
Published : Aug. 12, 2025, 11:15 p.m. | 3 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4276 - Intel UsbCoreDxe SMM Arbitrary Code Execution
CVE ID : CVE-2025-4276
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4276
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4277 - Intel Tcg2Smm SMM Execute Code Arbitrary Memory Write
CVE ID : CVE-2025-4277
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4277
Published : Aug. 13, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4410 - Cisco SetupUtility Buffer Overflow Vulnerability
CVE ID : CVE-2025-4410
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4410
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8879 - Google Chrome Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-8879
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8879
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8880 - Google Chrome V8 Race Condition Execution of Arbitrary Code
CVE ID : CVE-2025-8880
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8880
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8881 - Google Chrome File Picker Cross-Origin Data Leak
CVE ID : CVE-2025-8881
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8881
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8882 - Google Chrome Aura Use-After-Free Vulnerability
CVE ID : CVE-2025-8882
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8882
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8901 - Google Chrome ANGLE Out-of-Bounds Memory Access Vulnerability
CVE ID : CVE-2025-8901
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8901
Published : Aug. 13, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0818 - elFinder WordPress Plugin Directory Traversal Vulnerability
CVE ID : CVE-2025-0818
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0818
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8491 - Easy Restaurant Menu Manager for WordPress CSRF
CVE ID : CVE-2025-8491
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8491
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8891 - OceanWP Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-8891
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8891
Published : Aug. 13, 2025, 4:16 a.m. | 2 hours, 2 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7384 - "Elementor Forms PHP Object Injection Vulnerability"
CVE ID : CVE-2025-7384
Published : Aug. 13, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7384
Published : Aug. 13, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6715 - LatePoint WordPress Local File Inclusion Vulnerability
CVE ID : CVE-2025-6715
Published : Aug. 13, 2025, 6:15 a.m. | 2 hours, 4 minutes ago
Description : The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6715
Published : Aug. 13, 2025, 6:15 a.m. | 2 hours, 4 minutes ago
Description : The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6184 - Tutor LMS Pro WordPress SQL Injection Vulnerability
CVE ID : CVE-2025-6184
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6184
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8760 - INSTAR fcgi_server Buffer Overflow Vulnerability
CVE ID : CVE-2025-8760
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8760
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8761 - INSTAR Denial of Service Vulnerability in Backend IPC Server
CVE ID : CVE-2025-8761
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8761
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8762 - INSTAR UART Interface Physical Access Control Bypass
CVE ID : CVE-2025-8762
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8762
Published : Aug. 13, 2025, 7:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55345 - Codex Symlink File Overwrite RCE
CVE ID : CVE-2025-55345
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 4 minutes ago
Description : Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55345
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 4 minutes ago
Description : Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8909 - WellChoose Organization Portal System Arbitrary File Reading Vulnerability
CVE ID : CVE-2025-8909
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 4 minutes ago
Description : Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8909
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 4 minutes ago
Description : Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8910 - WellChoose Organization Portal System Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-8910
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 4 minutes ago
Description : Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8910
Published : Aug. 13, 2025, 9:15 a.m. | 3 hours, 4 minutes ago
Description : Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...