CVE-2025-58162 - MobSF File Write Arbitrary Directory Local File Inclusion
CVE ID : CVE-2025-58162
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58162
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58178 - SonarQube Server and Cloud Command Injection Vulnerability
CVE ID : CVE-2025-58178
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. A fix has been released in SonarQube Scan GitHub Action 5.3.1.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58178
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. A fix has been released in SonarQube Scan GitHub Action 5.3.1.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9805 - SimStudioAI Server-Side Request Forgery Vulnerability
CVE ID : CVE-2025-9805
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9805
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9806 - Tenda Administrative Interface Local Hard-Coded Credential Injection Vulnerability
CVE ID : CVE-2025-9806
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9806
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58414 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-58414
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58414
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58415 - Apache Web Server Information Disclosure
CVE ID : CVE-2025-58415
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58415
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58416 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58417 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58418 - WhatsApp Audio Format Vulnerability
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58419 - Cisco WebEx Meeting Center Cross-Site Request Forgery
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58420 - Apache HTTP Server Directory Traversal Vulnerability
CVE ID : CVE-2025-58420
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58420
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58421 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58421
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58421
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8662 - OpenAM Consortium Edition SAML IdP Request Tampering Vulnerability
CVE ID : CVE-2025-8662
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8662
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9811 - Campcodes Farm Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9811
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9811
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9812 - Tenda CH22 Remote Buffer Overflow Vulnerability
CVE ID : CVE-2025-9812
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9812
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9813 - Tenda CH22 Buffer Overflow Vulnerability
CVE ID : CVE-2025-9813
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9813
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9814 - PHPGurukul Beauty Parlour Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9814
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9814
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9815 - Apple NSXPCListener Unauthenticated Local Privilege Escalation
CVE ID : CVE-2025-9815
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9815
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41690 - Cisco Bluetooth Event Log Password Disclosure Vulnerability
CVE ID : CVE-2025-41690
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41690
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44017 - Gunosy JWT Token Exposure Vulnerability
CVE ID : CVE-2025-44017
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44017
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41030 - T-INNOVA Deporsite Unauthenticated Information Disclosure
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...