CVE-2025-9794 - Campcodes Computer Sales and Inventory System SQL Injection Vulnerability
CVE ID : CVE-2025-9794
Published : Sept. 1, 2025, 9:15 p.m. | 3 hours, 37 minutes ago
Description : A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9794
Published : Sept. 1, 2025, 9:15 p.m. | 3 hours, 37 minutes ago
Description : A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9795 - xujeff tianti Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-9795
Published : Sept. 1, 2025, 9:15 p.m. | 3 hours, 37 minutes ago
Description : A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9795
Published : Sept. 1, 2025, 9:15 p.m. | 3 hours, 37 minutes ago
Description : A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-28988 - SolarWinds Web Help Desk Java Deserialization Remote Code Execution
CVE ID : CVE-2024-28988
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-28988
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9796 - JeeSite Thinkgem Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-9796
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9796
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 5.13.0 mitigates this issue. The patch is identified as 63773c97a56bdb3649510e83b66c16db4754965b. Upgrading the affected component is recommended.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9797 - ExpressCart Remote Code Injection Vulnerability
CVE ID : CVE-2025-9797
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9797
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9799 - Langfuse SSRF Vulnerability
CVE ID : CVE-2025-9799
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9799
Published : Sept. 1, 2025, 10:15 p.m. | 2 hours, 37 minutes ago
Description : A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9800 - SimStudioAI HTML File Parser Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-9800
Published : Sept. 1, 2025, 11:15 p.m. | 1 hour, 37 minutes ago
Description : A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. This patch is called 45372aece5e05e04b417442417416a52e90ba174. A patch should be applied to remediate this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9800
Published : Sept. 1, 2025, 11:15 p.m. | 1 hour, 37 minutes ago
Description : A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. This patch is called 45372aece5e05e04b417442417416a52e90ba174. A patch should be applied to remediate this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9801 - SimStudioAI Path Traversal Remote Vulnerability
CVE ID : CVE-2025-9801
Published : Sept. 1, 2025, 11:15 p.m. | 1 hour, 37 minutes ago
Description : A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9801
Published : Sept. 1, 2025, 11:15 p.m. | 1 hour, 37 minutes ago
Description : A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9802 - RemoteClinic SQL Injection Vulnerability
CVE ID : CVE-2025-9802
Published : Sept. 2, 2025, 12:15 a.m. | 4 hours, 37 minutes ago
Description : A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9802
Published : Sept. 2, 2025, 12:15 a.m. | 4 hours, 37 minutes ago
Description : A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57808 - ESPHome Web Server Authentication Bypass Vulnerability
CVE ID : CVE-2025-57808
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57808
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58161 - MobSF Directory Traversal Vulnerability
CVE ID : CVE-2025-58161
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWD_DIR (e.g., .../downloads_bak, .../downloads.old). This is a Directory Traversal (escape) leading to a data leak. This issue has been patched in version 4.4.1.
Severity: 1.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58161
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWD_DIR (e.g., .../downloads_bak, .../downloads.old). This is a Directory Traversal (escape) leading to a data leak. This issue has been patched in version 4.4.1.
Severity: 1.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58162 - MobSF File Write Arbitrary Directory Local File Inclusion
CVE ID : CVE-2025-58162
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58162
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58178 - SonarQube Server and Cloud Command Injection Vulnerability
CVE ID : CVE-2025-58178
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. A fix has been released in SonarQube Scan GitHub Action 5.3.1.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58178
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. A fix has been released in SonarQube Scan GitHub Action 5.3.1.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9805 - SimStudioAI Server-Side Request Forgery Vulnerability
CVE ID : CVE-2025-9805
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9805
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9806 - Tenda Administrative Interface Local Hard-Coded Credential Injection Vulnerability
CVE ID : CVE-2025-9806
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9806
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58414 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-58414
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58414
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58415 - Apache Web Server Information Disclosure
CVE ID : CVE-2025-58415
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58415
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58416 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58417 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58418 - WhatsApp Audio Format Vulnerability
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58419 - Cisco WebEx Meeting Center Cross-Site Request Forgery
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...