CVE-2025-43187 - Apple macOS HDIUTIL Code Execution Vulnerability
CVE ID : CVE-2025-43187
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43187
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43255 - Apple macOS IOMemoryDescriptor Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-43255
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43255
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43268 - Apple macOS Sequoia Root Privilege Escalation
CVE ID : CVE-2025-43268
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43268
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43284 - Apple macOS Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-43284
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43284
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54142 - Akamai Ghost HTTP Request Smuggling
CVE ID : CVE-2025-54142
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54142
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9599 - iSourcecode Apartment Management System SQL Injection
CVE ID : CVE-2025-9599
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9599
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9600 - "Isourcecode Apartment Management System SQL Injection Vulnerability"
CVE ID : CVE-2025-9600
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9600
Published : Aug. 29, 2025, 1:15 a.m. | 1 hour, 29 minutes ago
Description : A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9601 - iSourcecode Apartment Management System SQL Injection
CVE ID : CVE-2025-9601
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9601
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9602 - Xinhu RockOA Remote Authorization Bypass
CVE ID : CVE-2025-9602
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9602
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9603 - Telesquare TLR-2005KSH Command Injection Vulnerability
CVE ID : CVE-2025-9603
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9603
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9604 - Coze-Studio Hardcoded Cryptographic Key Vulnerability
CVE ID : CVE-2025-9604
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt."
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9604
Published : Aug. 29, 2025, 2:15 a.m. | 29 minutes ago
Description : A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt."
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58327 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-58327
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58327
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58328 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58328
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58328
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58329 - Oracle WebLogic Server Deserialization RCE
CVE ID : CVE-2025-58329
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58329
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58330 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58330
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58330
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58331 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58331
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58331
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58332 - Apache HTTP Server Command Injection Vulnerability
CVE ID : CVE-2025-58332
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58332
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58333 - Apache HTTPD Cross-Site Request Forgery
CVE ID : CVE-2025-58333
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58333
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9605 - Tenda AC21/AC23 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-9605
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9605
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9606 - Portabilis i-Educar SQL Injection Vulnerability
CVE ID : CVE-2025-9606
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9606
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9607 - Portabilis i-Educar SQL Injection Vulnerability
CVE ID : CVE-2025-9607
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9607
Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago
Description : A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...