CVE-2025-9253 - Linksys Router Stack-Based Buffer Overflow
CVE ID : CVE-2025-9253
Published : Aug. 20, 2025, 11:15 p.m. | 59 minutes ago
Description : A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9253
Published : Aug. 20, 2025, 11:15 p.m. | 59 minutes ago
Description : A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9262 - "Wong2 mcp-cli OAuth Handler Remote OS Command Injection Vulnerability"
CVE ID : CVE-2025-9262
Published : Aug. 20, 2025, 11:15 p.m. | 59 minutes ago
Description : A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9262
Published : Aug. 20, 2025, 11:15 p.m. | 59 minutes ago
Description : A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9263 - Xuxueli XXL-Job Remote Resource Identifier Manipulation Vulnerability
CVE ID : CVE-2025-9263
Published : Aug. 20, 2025, 11:15 p.m. | 59 minutes ago
Description : A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9263
Published : Aug. 20, 2025, 11:15 p.m. | 59 minutes ago
Description : A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9264 - Xuxueli XXL-Job ID Resource Manipulation Remote Code Execution Vulnerability
CVE ID : CVE-2025-9264
Published : Aug. 21, 2025, 12:15 a.m. | 4 hours ago
Description : A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9264
Published : Aug. 21, 2025, 12:15 a.m. | 4 hours ago
Description : A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24285 - "UniFi Connect EV Station Lite Command Injection Vulnerability"
CVE ID : CVE-2025-24285
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite (Version 1.5.1 and earlier) Mitigation: Update UniFi Connect EV Station Lite to Version 1.5.2 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24285
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite (Version 1.5.1 and earlier) Mitigation: Update UniFi Connect EV Station Lite to Version 1.5.2 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27213 - Ubiquiti UniFi Connect Improper Access Control Vulnerability
CVE ID : CVE-2025-27213
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.9.301 and earlier) UniFi Connect Display Cast Pro (Version 1.0.78 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later Update UniFi Connect Display to Version 1.13.6 or later Update UniFi Connect Display Cast to Version 1.10.3 or later Update UniFi Connect Display Cast Pro to Version 1.0.83 or later Update UniFi Connect Display Cast Lite to Version 1.1.3 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27213
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.9.301 and earlier) UniFi Connect Display Cast Pro (Version 1.0.78 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later Update UniFi Connect Display to Version 1.13.6 or later Update UniFi Connect Display Cast to Version 1.10.3 or later Update UniFi Connect Display Cast Pro to Version 1.0.83 or later Update UniFi Connect Display Cast Lite to Version 1.1.3 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27214 - "UniFi Connect EV Station Pro Authentication Bypass"
CVE ID : CVE-2025-27214
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27214
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27215 - Ubiquiti UniFi Connect Display Cast Insufficient Authentication Access Control Vulnerability
CVE ID : CVE-2025-27215
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27215
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27216 - "UISP Privilege Escalation Vulnerability"
CVE ID : CVE-2025-27216
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27216
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27217 - "UISP Server-Side Request Forgery Vulnerability"
CVE ID : CVE-2025-27217
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27217
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43300 - Apple macOS and iPadOS Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-43300
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43300
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48978 - Ubiquiti Networks EdgeMAX EdgeSwitch Command Injection Vulnerability
CVE ID : CVE-2025-48978
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48978
Published : Aug. 21, 2025, 1:15 a.m. | 2 hours, 59 minutes ago
Description : An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48355 - ProveSource Social Proof Information Exposure Vulnerability
CVE ID : CVE-2025-48355
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48355
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57824 - "Apache Struts Deserialization Vulnerability"
CVE ID : CVE-2025-57824
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57824
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57825 - Cisco WebEx Meeting Center Cross-Site Request Forgery
CVE ID : CVE-2025-57825
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57825
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57826 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-57826
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57826
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57827 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-57827
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57827
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57828 - Apache HTTP Server Unsecured Configuration
CVE ID : CVE-2025-57828
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57828
Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57829 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-57829
Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57829
Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57830 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-57830
Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57830
Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57831 - Apache HTTP Server Unknown Method Response
CVE ID : CVE-2025-57831
Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57831
Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...