CVE-2025-1740 - Akinsoft MyRezzta Authentication Bypass
CVE ID : CVE-2025-1740
Published : Sept. 3, 2025, 9:15 a.m. | 1 hour, 39 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1740
Published : Sept. 3, 2025, 9:15 a.m. | 1 hour, 39 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2415 - Akinsoft MyRezzta Authentication Bypass
CVE ID : CVE-2025-2415
Published : Sept. 3, 2025, 9:15 a.m. | 1 hour, 39 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2415
Published : Sept. 3, 2025, 9:15 a.m. | 1 hour, 39 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9219 - Post SMTP WordPress Plugin Unauthorized Data Modification Vulnerability
CVE ID : CVE-2025-9219
Published : Sept. 3, 2025, 9:15 a.m. | 1 hour, 39 minutes ago
Description : The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_post_smtp_pro_option_callback' function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable pro extensions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9219
Published : Sept. 3, 2025, 9:15 a.m. | 1 hour, 39 minutes ago
Description : The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_post_smtp_pro_option_callback' function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable pro extensions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-43166 - Apache DolphinScheduler Default Permissions Vulnerability
CVE ID : CVE-2024-43166
Published : Sept. 3, 2025, 10:15 a.m. | 39 minutes ago
Description : Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-43166
Published : Sept. 3, 2025, 10:15 a.m. | 39 minutes ago
Description : Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9821 - Apache Server-Side Request Forgery (SSRF)
CVE ID : CVE-2025-9821
Published : Sept. 3, 2025, 10:15 a.m. | 39 minutes ago
Description : SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9821
Published : Sept. 3, 2025, 10:15 a.m. | 39 minutes ago
Description : SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41000 - BoomCMS XFS Cross-Site Scripting (XSS)
CVE ID : CVE-2025-41000
Published : Sept. 3, 2025, 11:15 a.m. | 2 hours, 45 minutes ago
Description : Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41000
Published : Sept. 3, 2025, 11:15 a.m. | 2 hours, 45 minutes ago
Description : Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13066 - Akinsoft LimonDesk Clickjacking
CVE ID : CVE-2024-13066
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13066
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38678 - Linux Netfilter Duplicate Device Registration Vulnerability
CVE ID : CVE-2025-38678
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving unregistered the hook of the duplicated device. Check if a duplicated device exists in the transaction batch, bail out with EEXIST in such case. WARNING is hit when unregistering the hook: [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150 [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full) [...] [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38678
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving unregistered the hook of the duplicated device. Check if a duplicated device exists in the transaction batch, bail out with EEXIST in such case. WARNING is hit when unregistering the hook: [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150 [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full) [...] [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3701 - Malcure Malware Scanner Missing Authorization Vulnerability
CVE ID : CVE-2025-3701
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through 16.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3701
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through 16.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53691 - Sitecore Experience Manager (XM) & Experience Platform (XP) Deserialization RCE Vulnerability
CVE ID : CVE-2025-53691
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53691
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53693 - Sitecore Experience Manager/Xperience Platform Unsafe Reflection Cache Poisoning
CVE ID : CVE-2025-53693
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53693
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53694 - Sitecore Experience Manager XM/XP Sensitive Information Exposure
CVE ID : CVE-2025-53694
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53694
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9901 - Apache Libsoup Vary Header Ignored Cache Vulnerability
CVE ID : CVE-2025-9901
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9901
Published : Sept. 3, 2025, 1:15 p.m. | 45 minutes ago
Description : A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13068 - Akinsoft LimonDesk Origin Validation Error Forceful Browsing Vulnerability
CVE ID : CVE-2024-13068
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13068
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0878 - Akinsoft LimonDesk Cross-Site Scripting (XSS)
CVE ID : CVE-2025-0878
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0878
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26210 - DeepSeek XSS
CVE ID : CVE-2025-26210
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input fields.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26210
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input fields.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2416 - Akinsoft LimonDesk Authentication Bypass Vulnerability
CVE ID : CVE-2025-2416
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2416
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47421 - Crestron Touchscreens Argument Injection Vulnerability
CVE ID : CVE-2025-47421
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device. Following Products Models are affected: TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E *Note: additional firmware updates will be published once made available
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47421
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device. Following Products Models are affected: TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E *Note: additional firmware updates will be published once made available
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9822 - Mautic Configuration Disclosure Vulnerability
CVE ID : CVE-2025-9822
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9822
Published : Sept. 3, 2025, 2:15 p.m. | 2 hours, 40 minutes ago
Description : SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9919 - "1000projects Beauty Parlour Management System SQL Injection"
CVE ID : CVE-2025-9919
Published : Sept. 3, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9919
Published : Sept. 3, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9920 - Campcodes Recruitment Management System Remote File Inclusion Vulnerability
CVE ID : CVE-2025-9920
Published : Sept. 3, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9920
Published : Sept. 3, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...