CVE-2025-41030 - T-INNOVA Deporsite Unauthenticated Information Disclosure
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41030
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41031 - T-INNOVA Deporsite Unauthenticated Profile Picture Upload Vulnerability
CVE ID : CVE-2025-41031
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41031
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9573 - "TYPO3 ns_backup Command Injection Vulnerability"
CVE ID : CVE-2025-9573
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9573
Published : Sept. 2, 2025, 9:15 a.m. | 3 hours, 37 minutes ago
Description : The ns_backup extension through 13.0.2 for TYPO3 allows command injection.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12972 - Akinsoft OctoCloud - Cross-Site Scripting (XSS)
CVE ID : CVE-2024-12972
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12972
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12973 - Akinsoft OctoCloud Origin Validation Error HTTP Response Splitting
CVE ID : CVE-2024-12973
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12973
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52284 - Helm Unauthorized Data Disclosure Vulnerability
CVE ID : CVE-2024-52284
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52284
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-58259 - Rancher Manager Denial of Service (DoS) via Excessive Payload Attack
CVE ID : CVE-2024-58259
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-58259
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0640 - Akinsoft OctoCloud Authorization Bypass Resource Leak
CVE ID : CVE-2025-0640
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0640
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2414 - Akinsoft OctoCloud Authentication Bypass
CVE ID : CVE-2025-2414
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2414
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46810 - Traefik2 openSUSE Tumbleweed Symlink Following Root Escalation
CVE ID : CVE-2025-46810
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46810
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52543 - D-Link E3 Site Supervisor Control Password Hashing Weakness
CVE ID : CVE-2025-52543
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52543
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52544 - E3 Site Supervisor File System Access Vulnerability (File Upload)
CVE ID : CVE-2025-52544
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52544
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52545 - E3 Site Supervisor Authentication Information Disclosure
CVE ID : CVE-2025-52545
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52545
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52546 - E3 Site Supervisor Stored XSS Vulnerability
CVE ID : CVE-2025-52546
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52546
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan web page.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52547 - E3 Site Supervisor Control MGW Denial of Service
CVE ID : CVE-2025-52547
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52547
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52548 - E3 Site Supervisor Unauthenticated Remote Command Execution
CVE ID : CVE-2025-52548
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52548
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52549 - E3 Site Supervisor Root Password Generation Vulnerability
CVE ID : CVE-2025-52549
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52549
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52550 - E3 Site Supervisor Firmware Upgrade Package Spoofing Vulnerability
CVE ID : CVE-2025-52550
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52550
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52551 - E2 Facility Management Systems Unauthenticated File Operations Vulnerability
CVE ID : CVE-2025-52551
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52551
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56254 - PHPGurukul Employee Leave Management System IDOR
CVE ID : CVE-2025-56254
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56254
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57140 - "rsbi-pom SQL Injection Vulnerability"
CVE ID : CVE-2025-57140
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57140
Published : Sept. 2, 2025, 12:15 p.m. | 37 minutes ago
Description : rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...