CVE-2025-9761 - Campcodes Online Feeds Product Inventory System SQL Injection Vulnerability
CVE ID : CVE-2025-9761
Published : Sept. 1, 2025, 5:15 a.m. | 3 hours, 35 minutes ago
Description : A security vulnerability has been detected in Campcodes Online Feeds Product Inventory System 1.0. This vulnerability affects unknown code of the file /feeds/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9761
Published : Sept. 1, 2025, 5:15 a.m. | 3 hours, 35 minutes ago
Description : A security vulnerability has been detected in Campcodes Online Feeds Product Inventory System 1.0. This vulnerability affects unknown code of the file /feeds/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9763 - Campcodes Online Learning Management System SQL Injection
CVE ID : CVE-2025-9763
Published : Sept. 1, 2025, 5:15 a.m. | 3 hours, 35 minutes ago
Description : A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /student_signup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9763
Published : Sept. 1, 2025, 5:15 a.m. | 3 hours, 35 minutes ago
Description : A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /student_signup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20703 - Huawei Modem Out-of-Bounds Read Remote Denial of Service Vulnerability
CVE ID : CVE-2025-20703
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20703
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20704 - "ZTE Modem Out-of-Bounds Write Privilege Escalation Vulnerability"
CVE ID : CVE-2025-20704
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20704
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20705 - Citrix Hypervisor Memory Corruption (Use After Free)
CVE ID : CVE-2025-20705
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20705
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20706 - mbrain Use After Free Memory Corruption Vulnerability
CVE ID : CVE-2025-20706
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20706
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20707 - Geniezone Use After Free Memory Corruption Vulnerability
CVE ID : CVE-2025-20707
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20707
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20708 - "Qualcomm Modem Out-of-Bounds Write Privilege Escalation Vulnerability"
CVE ID : CVE-2025-20708
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20708
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54857 - SkyBridge BASIC OS Command Injection Vulnerability
CVE ID : CVE-2025-54857
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54857
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6507 - H2Oai H2o-3 Untrusted Data Deserialization Vulnerability
CVE ID : CVE-2025-6507
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The vulnerability arises from the ability to bypass regular expression filters intended to prevent malicious parameter injection in JDBC connections. Attackers can manipulate spaces between parameters to evade detection, allowing for unauthorized file access and code execution. The vulnerability is addressed in version 3.46.0.8.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6507
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The vulnerability arises from the ability to bypass regular expression filters intended to prevent malicious parameter injection in JDBC connections. Attackers can manipulate spaces between parameters to evade detection, allowing for unauthorized file access and code execution. The vulnerability is addressed in version 3.46.0.8.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9764 - iSourcecode Sports Management System SQL Injection
CVE ID : CVE-2025-9764
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : A flaw has been found in itsourcecode Sports Management System 1.0. Impacted is an unknown function of the file /Admin/resultdetails.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9764
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : A flaw has been found in itsourcecode Sports Management System 1.0. Impacted is an unknown function of the file /Admin/resultdetails.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9765 - iSourcecode Sports Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9765
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournament_details.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9765
Published : Sept. 1, 2025, 6:15 a.m. | 2 hours, 35 minutes ago
Description : A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournament_details.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9766 - iSourcecode Sports Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9766
Published : Sept. 1, 2025, 7:15 a.m. | 1 hour, 35 minutes ago
Description : A vulnerability was found in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9766
Published : Sept. 1, 2025, 7:15 a.m. | 1 hour, 35 minutes ago
Description : A vulnerability was found in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9767 - iSourcecode Sports Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9767
Published : Sept. 1, 2025, 7:15 a.m. | 1 hour, 35 minutes ago
Description : A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9767
Published : Sept. 1, 2025, 7:15 a.m. | 1 hour, 35 minutes ago
Description : A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38691 - Cisco BootROM Certificate Type 0 Privilege Escalation Vulnerability
CVE ID : CVE-2022-38691
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38691
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38692 - Cisco BootROM RSA Key Validation Buffer Overflow
CVE ID : CVE-2022-38692
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38692
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38693 - Apache FDL1 Buffer Overflow Vulnerability
CVE ID : CVE-2022-38693
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38693
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38694 - Cisco BootRom Bootloader Unchecked Write Address Privilege Escalation Vulnerability
CVE ID : CVE-2022-38694
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38694
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38695 - Citrix BootRom Command Index Overflow Vulnerability
CVE ID : CVE-2022-38695
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38695
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38696 - "Microsoft BootRom Buffer Overflow Vulnerability"
CVE ID : CVE-2022-38696
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38696
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58318 - Delta Electronics DIAView Authentication Bypass
CVE ID : CVE-2025-58318
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : Delta Electronics DIAView has an authentication bypass vulnerability.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58318
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : Delta Electronics DIAView has an authentication bypass vulnerability.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...