CVE-2025-9101 - Zhenfeng13 My-Blog Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9101
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9101
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9102 - "1&1 Mail & Media mail.com App Android Improper Component Export Vulnerability"
CVE ID : CVE-2025-9102
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9102
Published : Aug. 18, 2025, 3:15 a.m. | 55 minutes ago
Description : A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9103 - ZenCart CKEditor Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9103
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators".
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9103
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators".
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9104 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9104
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9104
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9105 - Portabilis i-Diario Cross Site Scripting Vulnerability
CVE ID : CVE-2025-9105
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9105
Published : Aug. 18, 2025, 4:15 a.m. | 3 hours, 55 minutes ago
Description : A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9106 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9106
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9106
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9107 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9107
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9107
Published : Aug. 18, 2025, 5:15 a.m. | 2 hours, 55 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9108 - Apache Struts Cross-Site Scripting (XSS)
CVE ID : CVE-2025-9108
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9108
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9109 - Portabilis i-Diario Password Recovery Endpoint Remote Response Discrepancy Vulnerability
CVE ID : CVE-2025-9109
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9109
Published : Aug. 18, 2025, 6:15 a.m. | 1 hour, 55 minutes ago
Description : A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57700 - DIAEnergie Stored Cross-site Scripting Vulnerability
CVE ID : CVE-2025-57700
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Stored Cross-site Scripting
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57700
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Stored Cross-site Scripting
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57701 - DIAEnergie Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-57701
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57701
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57702 - DIAEnergie Reflected Cross-site Scripting
CVE ID : CVE-2025-57702
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57702
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57703 - DIAEnergie Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-57703
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57703
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : DIAEnergie - Reflected Cross-site Scripting
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6625 - Cisco FTP Denial Of Service
CVE ID : CVE-2025-6625
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6625
Published : Aug. 18, 2025, 7:15 a.m. | 55 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5296 - Apache Link Following Privilege Escalation
CVE ID : CVE-2025-5296
Published : Aug. 18, 2025, 8:15 a.m. | 3 hours, 55 minutes ago
Description : CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5296
Published : Aug. 18, 2025, 8:15 a.m. | 3 hours, 55 minutes ago
Description : CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41242 - Apache Tomcat and Eclipse Jetty Spring Framework MVC Path Traversal Vulnerability
CVE ID : CVE-2025-41242
Published : Aug. 18, 2025, 9:15 a.m. | 2 hours, 55 minutes ago
Description : Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41242
Published : Aug. 18, 2025, 9:15 a.m. | 2 hours, 55 minutes ago
Description : Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47206 - File Station Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-47206
Published : Aug. 18, 2025, 9:15 a.m. | 2 hours, 55 minutes ago
Description : An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47206
Published : Aug. 18, 2025, 9:15 a.m. | 2 hours, 55 minutes ago
Description : An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43733 - Liferay Portal Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-43733
Published : Aug. 18, 2025, 1:15 p.m. | 2 hours, 56 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user's browser when viewing the "document View Usages" page.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43733
Published : Aug. 18, 2025, 1:15 p.m. | 2 hours, 56 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user's browser when viewing the "document View Usages" page.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49827 - IBM Concert Software Information Disclosure
CVE ID : CVE-2024-49827
Published : Aug. 18, 2025, 2:15 p.m. | 1 hour, 56 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49827
Published : Aug. 18, 2025, 2:15 p.m. | 1 hour, 56 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1759 - IBM Concert Software Heap Information Disclosure Vulnerability
CVE ID : CVE-2025-1759
Published : Aug. 18, 2025, 2:15 p.m. | 1 hour, 56 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1759
Published : Aug. 18, 2025, 2:15 p.m. | 1 hour, 56 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27909 - IBM Concert Software CORS Privilege Escalation
CVE ID : CVE-2025-27909
Published : Aug. 18, 2025, 2:15 p.m. | 1 hour, 56 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27909
Published : Aug. 18, 2025, 2:15 p.m. | 1 hour, 56 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...