CVE-2025-58416 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58416
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58417 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58417
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58418 - WhatsApp Audio Format Vulnerability
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58418
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58419 - Cisco WebEx Meeting Center Cross-Site Request Forgery
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58419
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58420 - Apache HTTP Server Directory Traversal Vulnerability
CVE ID : CVE-2025-58420
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58420
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58421 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-58421
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58421
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8662 - OpenAM Consortium Edition SAML IdP Request Tampering Vulnerability
CVE ID : CVE-2025-8662
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8662
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9811 - Campcodes Farm Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9811
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9811
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9812 - Tenda CH22 Remote Buffer Overflow Vulnerability
CVE ID : CVE-2025-9812
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9812
Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago
Description : A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9813 - Tenda CH22 Buffer Overflow Vulnerability
CVE ID : CVE-2025-9813
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9813
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9814 - PHPGurukul Beauty Parlour Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9814
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9814
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9815 - Apple NSXPCListener Unauthenticated Local Privilege Escalation
CVE ID : CVE-2025-9815
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9815
Published : Sept. 2, 2025, 5:15 a.m. | 3 hours, 37 minutes ago
Description : A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41690 - Cisco Bluetooth Event Log Password Disclosure Vulnerability
CVE ID : CVE-2025-41690
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41690
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44017 - Gunosy JWT Token Exposure Vulnerability
CVE ID : CVE-2025-44017
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44017
Published : Sept. 2, 2025, 8:15 a.m. | 4 hours, 37 minutes ago
Description : "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41030 - T-INNOVA Deporsite Unauthenticated Information Disclosure
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41031 - T-INNOVA Deporsite Unauthenticated Profile Picture Upload Vulnerability
CVE ID : CVE-2025-41031
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41031
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9573 - "TYPO3 ns_backup Command Injection Vulnerability"
CVE ID : CVE-2025-9573
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9573
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12972 - Akinsoft OctoCloud - Cross-Site Scripting (XSS)
CVE ID : CVE-2024-12972
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12972
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12973 - Akinsoft OctoCloud Origin Validation Error HTTP Response Splitting
CVE ID : CVE-2024-12973
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12973
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52284 - Helm Unauthorized Data Disclosure Vulnerability
CVE ID : CVE-2024-52284
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52284
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58259 - Rancher Manager Denial of Service (DoS) via Excessive Payload Attack
CVE ID : CVE-2024-58259
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58259
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...