CVE-2025-5942 - Netskope NS Client Windows Heap Overflow Denial-of-Service
CVE ID : CVE-2025-5942
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5942
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8936 - "1000 Projects Sales Management System SQL Injection"
CVE ID : CVE-2025-8936
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8936
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8937 - TOTOLINK N350R Command Injection Vulnerability
CVE ID : CVE-2025-8937
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8937
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8938 - TOTOLINK N350R Telnet Service Remote Backdoor Vulnerability
CVE ID : CVE-2025-8938
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8938
Published : Aug. 14, 2025, 5:15 a.m. | 3 hours, 12 minutes ago
Description : A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3414 - WordPress Structured Content (JSON-LD) Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3414
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3414
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6790 - Quiz and Survey Master WordPress CSRF Vulnerability
CVE ID : CVE-2025-6790
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6790
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7808 - Shopify WP WordPress Stored Cross-Site Scripting
CVE ID : CVE-2025-7808
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7808
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8046 - "WordPress Injection Guard Reflected Cross-Site Scripting"
CVE ID : CVE-2025-8046
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8046
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8939 - Tenda AC20 Buffer Overflow in WifiGuestSet
CVE ID : CVE-2025-8939
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8939
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8940 - "Tenda AC20 strcpy Buffer Overflow Vulnerability"
CVE ID : CVE-2025-8940
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8940
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8946 - Projectworlds Online Notes Sharing Platform SQL Injection Vulnerability
CVE ID : CVE-2025-8946
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8946
Published : Aug. 14, 2025, 6:15 a.m. | 2 hours, 12 minutes ago
Description : A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8947 - Projectworlds Visitor Management System SQL Injection
CVE ID : CVE-2025-8947
Published : Aug. 14, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8947
Published : Aug. 14, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8948 - Projectworlds Visitor Management System SQL Injection
CVE ID : CVE-2025-8948
Published : Aug. 14, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8948
Published : Aug. 14, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8949 - D-Link DIR-825 HTTPd Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8949
Published : Aug. 14, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8949
Published : Aug. 14, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54685 - Brainstorm Force SureDash Information Disclosure Vulnerability
CVE ID : CVE-2025-54685
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54685
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54686 - Exertio Scriptsbundle Object Injection Vulnerability
CVE ID : CVE-2025-54686
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54686
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54687 - Crocoblock JetTabs Cross-site Scripting Vulnerability
CVE ID : CVE-2025-54687
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54687
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54688 - Crocoblock JetEngine Cross-site Scripting (XSS)
CVE ID : CVE-2025-54688
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54688
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54689 - ThemBay Urna PHP Remote File Inclusion
CVE ID : CVE-2025-54689
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/a through 2.5.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54689
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/a through 2.5.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54690 - ThemeStek Xinterio PHP RFI Vulnerability
CVE ID : CVE-2025-54690
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinterio: from n/a through 4.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54690
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinterio: from n/a through 4.2.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54691 - Stylemix Motors Authorization Bypass
CVE ID : CVE-2025-54691
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54691
Published : Aug. 14, 2025, 11:15 a.m. | 1 hour, 12 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...