CVE-2025-9527 - Linksys E1700 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-9527
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9527
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9528 - Linksys E1700 OS Command Injection Vulnerability
CVE ID : CVE-2025-9528
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9528
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9529 - Campcodes Payroll Management System Remote File Inclusion Vulnerability
CVE ID : CVE-2025-9529
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9529
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9531 - Portabilis i-Educar Agenda Module SQL Injection
CVE ID : CVE-2025-9531
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument cod_agenda results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9531
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument cod_agenda results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9532 - Portabilis i-Educar SQL Injection Vulnerability
CVE ID : CVE-2025-9532
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9532
Published : Aug. 27, 2025, 2:15 p.m. | 25 minutes ago
Description : A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57821 - Basecamp Open-Redirect Vulnerability
CVE ID : CVE-2025-57821
Published : Aug. 27, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a session cookie may be vulnerable, if this can be chained with an attack that allows injection of arbitrary data into the session cookie. This issue has been patched in version 1.3.0. If upgrading is not possible at this time, a way to mitigate the chained attack can be done by explicitly setting SameSite=Lax or SameSite=Strict on the application session cookie.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57821
Published : Aug. 27, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a session cookie may be vulnerable, if this can be chained with an attack that allows injection of arbitrary data into the session cookie. This issue has been patched in version 1.3.0. If upgrading is not possible at this time, a way to mitigate the chained attack can be done by explicitly setting SameSite=Lax or SameSite=Strict on the application session cookie.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5187 - Kubernetes NodeRestriction OwnerReference Deletion Vulnerability
CVE ID : CVE-2025-5187
Published : Aug. 27, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5187
Published : Aug. 27, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50979 - NodeBB SQL Injection
CVE ID : CVE-2025-50979
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50979
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51667 - Simple-Admin-Core SQL Injection Vulnerability
CVE ID : CVE-2025-51667
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51667
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55422 - FoxCMS Reflected Cross Site Scripting (XSS)
CVE ID : CVE-2025-55422
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55422
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58192 - Xylus Themes WP Bulk Delete Missing Authorization Vulnerability
CVE ID : CVE-2025-58192
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in Xylus Themes WP Bulk Delete allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Bulk Delete: from n/a through 1.3.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58192
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in Xylus Themes WP Bulk Delete allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Bulk Delete: from n/a through 1.3.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58193 - Uncanny Automator Missing Authorization Vulnerability
CVE ID : CVE-2025-58193
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uncanny Automator: from n/a through 6.7.0.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58193
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uncanny Automator: from n/a through 6.7.0.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58194 - **Boldthemes Bold Page Builder Stored Cross-Site Scripting (XSS)**
CVE ID : CVE-2025-58194
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58194
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58195 - Xpro Elementor Addons Cross-site Scripting
CVE ID : CVE-2025-58195
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.17.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58195
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.17.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58196 - UiCore Elements Cross-site Scripting Vulnerability
CVE ID : CVE-2025-58196
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58196
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58197 - Simple Download Monitor Cross-site Scripting (XSS)
CVE ID : CVE-2025-58197
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 / Team Tips and Tricks HQ Simple Download Monitor allows Stored XSS. This issue affects Simple Download Monitor: from n/a through 3.9.34.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58197
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mra13 / Team Tips and Tricks HQ Simple Download Monitor allows Stored XSS. This issue affects Simple Download Monitor: from n/a through 3.9.34.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58198 - Xpro Theme Builder Missing Authorization
CVE ID : CVE-2025-58198
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58198
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58201 - AfterShip Tracking Missing Authorization Vulnerability
CVE ID : CVE-2025-58201
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AfterShip Tracking: from n/a through 1.17.17.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58201
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AfterShip Tracking: from n/a through 1.17.17.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58202 - WordPress Simple Page Access Restriction CSRF
CVE ID : CVE-2025-58202
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58202
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58203 - Solace Extra SSRF Vulnerability
CVE ID : CVE-2025-58203
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58203
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58204 - Eric Teubert Podlove Podcast Publisher Open Redirect Phishing
CVE ID : CVE-2025-58204
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher allows Phishing. This issue affects Podlove Podcast Publisher: from n/a through 4.2.5.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58204
Published : Aug. 27, 2025, 6:15 p.m. | 26 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher allows Phishing. This issue affects Podlove Podcast Publisher: from n/a through 4.2.5.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...