CVE-2025-36133 - IBM App Connect Enterprise Certified Container Log Information Disclosure Vulnerability
CVE ID : CVE-2025-36133
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36133
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9778 - Tenda W12 Hard-Coded Credentials Vulnerability
CVE ID : CVE-2025-9778
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9778
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12914 - Akınsoft QR Menü Cross-Site Scripting (XSS)
CVE ID : CVE-2024-12914
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12914
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12924 - Akınsoft QR Menü Open Redirect Vulnerability
CVE ID : CVE-2024-12924
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12924
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12925 - Akınsoft QR Menü Certificate Validation HTTP Response Splitting
CVE ID : CVE-2024-12925
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12925
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0610 - Akınsoft QR Menü CSRF
CVE ID : CVE-2025-0610
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0610
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2412 - Akinsoft QR Menu Authentication Bypass
CVE ID : CVE-2025-2412
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2412
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9779 - TOTOLINK A702R Remote Buffer Overflow Vulnerability
CVE ID : CVE-2025-9779
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9779
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9780 - TOTOLINK A702R Buffer Overflow Vulnerability
CVE ID : CVE-2025-9780
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9780
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9781 - TOTOLINK A702R Buffer Overflow in FormFilter Function
CVE ID : CVE-2025-9781
Published : Sept. 1, 2025, 2:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9781
Published : Sept. 1, 2025, 2:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9782 - TOTOLINK A702R Buffer Overflow Vulnerability
CVE ID : CVE-2025-9782
Published : Sept. 1, 2025, 2:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9782
Published : Sept. 1, 2025, 2:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0656 - IBM Concert Software Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-0656
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0656
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33082 - IBM Concert Software Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-33082
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33082
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33083 - IBM Concert Software Cross-Site Scripting (XSS)
CVE ID : CVE-2025-33083
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33083
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33084 - IBM Concert Software Information Disclosure
CVE ID : CVE-2025-33084
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33084
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33099 - IBM Concert Software SSL/TLS Certificate Validation Vulnerability
CVE ID : CVE-2025-33099
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33099
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33102 - IBM Concert Software Weak Cryptography Vulnerability
CVE ID : CVE-2025-33102
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33102
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9783 - TOTOLINK A702R Buffer Overflow Vulnerability
CVE ID : CVE-2025-9783
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9783
Published : Sept. 1, 2025, 3:15 p.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55007 - Knowage Server-Side Request Forgery Vulnerability
CVE ID : CVE-2025-55007
Published : Sept. 1, 2025, 4:15 p.m. | 37 minutes ago
Description : Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55007
Published : Sept. 1, 2025, 4:15 p.m. | 37 minutes ago
Description : Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57799 - StreamVault Command Injection Vulnerability
CVE ID : CVE-2025-57799
Published : Sept. 1, 2025, 4:15 p.m. | 37 minutes ago
Description : StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57799
Published : Sept. 1, 2025, 4:15 p.m. | 37 minutes ago
Description : StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9786 - Campcodes Online Learning Management System SQL Injection
CVE ID : CVE-2025-9786
Published : Sept. 1, 2025, 4:15 p.m. | 37 minutes ago
Description : A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9786
Published : Sept. 1, 2025, 4:15 p.m. | 37 minutes ago
Description : A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...