CVE-2025-9806 - Tenda Administrative Interface Local Hard-Coded Credential Injection Vulnerability
CVE ID : CVE-2025-9806
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9806
Published : Sept. 2, 2025, 1:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58414 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-58414
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58414
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58415 - Apache Web Server Information Disclosure
CVE ID : CVE-2025-58415
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58415
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58416 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58417 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58418 - WhatsApp Audio Format Vulnerability
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58419 - Cisco WebEx Meeting Center Cross-Site Request Forgery
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58420 - Apache HTTP Server Directory Traversal Vulnerability
CVE ID : CVE-2025-58420
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58420
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58421 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58421
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58421
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8662 - OpenAM Consortium Edition SAML IdP Request Tampering Vulnerability
CVE ID : CVE-2025-8662
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8662
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9811 - Campcodes Farm Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9811
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9811
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9812 - Tenda CH22 Remote Buffer Overflow Vulnerability
CVE ID : CVE-2025-9812
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9812
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9813 - Tenda CH22 Buffer Overflow Vulnerability
CVE ID : CVE-2025-9813
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9813
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9814 - PHPGurukul Beauty Parlour Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9814
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9814
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9815 - Apple NSXPCListener Unauthenticated Local Privilege Escalation
CVE ID : CVE-2025-9815
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9815
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41690 - Cisco Bluetooth Event Log Password Disclosure Vulnerability
CVE ID : CVE-2025-41690
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41690
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44017 - Gunosy JWT Token Exposure Vulnerability
CVE ID : CVE-2025-44017
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44017
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41030 - T-INNOVA Deporsite Unauthenticated Information Disclosure
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41031 - T-INNOVA Deporsite Unauthenticated Profile Picture Upload Vulnerability
CVE ID : CVE-2025-41031
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41031
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9573 - "TYPO3 ns_backup Command Injection Vulnerability"
CVE ID : CVE-2025-9573
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9573
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12972 - Akinsoft OctoCloud - Cross-Site Scripting (XSS)
CVE ID : CVE-2024-12972
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12972
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...