CVE-2025-31713 - F5 Networks Engineer Mode Command Injection Vulnerability
CVE ID : CVE-2025-31713
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31713
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31714 - Apache HTTP Server Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-31714
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31714
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31715 - Vowifi Command Injection Vulnerability
CVE ID : CVE-2025-31715
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31715
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9098 - "Elseplus File Recovery App Android Component Export Vulnerability"
CVE ID : CVE-2025-9098
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9098
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9099 - Acrel Environmental Monitoring Cloud Platform Remote File Upload Vulnerability
CVE ID : CVE-2025-9099
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9099
Published : Aug. 18, 2025, 1:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9100 - Zhenfeng13 My-Blog Authentication Bypass Vulnerability
CVE ID : CVE-2025-9100
Published : Aug. 18, 2025, 2:15 a.m. | 1 hour, 55 minutes ago
Description : A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9100
Published : Aug. 18, 2025, 2:15 a.m. | 1 hour, 55 minutes ago
Description : A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9101 - Zhenfeng13 My-Blog Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9101
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9101
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9102 - "1&1 Mail & Media mail.com App Android Improper Component Export Vulnerability"
CVE ID : CVE-2025-9102
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9102
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9103 - ZenCart CKEditor Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9103
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators".
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9103
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators".
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9104 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9104
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9104
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9105 - Portabilis i-Diario Cross Site Scripting Vulnerability
CVE ID : CVE-2025-9105
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9105
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9106 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9106
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9106
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9107 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9107
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9107
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9108 - Apache Struts Cross-Site Scripting (XSS)
CVE ID : CVE-2025-9108
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9108
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9109 - Portabilis i-Diario Password Recovery Endpoint Remote Response Discrepancy Vulnerability
CVE ID : CVE-2025-9109
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9109
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57700 - DIAEnergie Stored Cross-site Scripting Vulnerability
CVE ID : CVE-2025-57700
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Stored Cross-site Scripting
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57700
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Stored Cross-site Scripting
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57701 - DIAEnergie Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-57701
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57701
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57702 - DIAEnergie Reflected Cross-site Scripting
CVE ID : CVE-2025-57702
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57702
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57703 - DIAEnergie Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-57703
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57703
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6625 - Cisco FTP Denial Of Service
CVE ID : CVE-2025-6625
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6625
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5296 - Apache Link Following Privilege Escalation
CVE ID : CVE-2025-5296
Published : Aug. 18, 2025, 8:15 a.m. | 3 hours, 55 minutes ago
Description : CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5296
Published : Aug. 18, 2025, 8:15 a.m. | 3 hours, 55 minutes ago
Description : CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...