CVE-2025-56630 - FoxCMS SQL Injection Vulnerability
CVE ID : CVE-2025-56630
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56630
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57141 - RSBI-OS SQLite-JDBC RCE
CVE ID : CVE-2025-57141
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57141
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59033 - Microsoft Windows Defender Application Control HVCI Bypass Vulnerability
CVE ID : CVE-2025-59033
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate’s TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) will not be blocked. This vulnerability affects any Windows system that does not have HVCI enabled or supported (HVCI is available in Windows 10, Windows 11, and Windows Server 2016 and later). NOTE: The vendor states that the driver blocklist is intended for use with HVCI, while systems without HVCI should use App Control, and any custom blocklist entries require a granular approach for proper enforcement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59033
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate’s TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) will not be blocked. This vulnerability affects any Windows system that does not have HVCI enabled or supported (HVCI is available in Windows 10, Windows 11, and Windows Server 2016 and later). NOTE: The vendor states that the driver blocklist is intended for use with HVCI, while systems without HVCI should use App Control, and any custom blocklist entries require a granular approach for proper enforcement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7709 - Out Of Bounds write in FTS5 Extension in SQLite
CVE ID : CVE-2025-7709
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7709
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 38 minutes ago
Description : An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10096 - SimStudioAI sim route.ts server-side request forgery
CVE ID : CVE-2025-10096
Published : Sept. 8, 2025, 4:15 p.m. | 38 minutes ago
Description : A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10096
Published : Sept. 8, 2025, 4:15 p.m. | 38 minutes ago
Description : A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10097 - SimStudioAI sim route.ts code injection
CVE ID : CVE-2025-10097
Published : Sept. 8, 2025, 4:32 p.m. | 21 minutes ago
Description : A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10097
Published : Sept. 8, 2025, 4:32 p.m. | 21 minutes ago
Description : A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10098 - PHPGurukul User Management System edit-user-profile.php sql injection
CVE ID : CVE-2025-10098
Published : Sept. 8, 2025, 5:15 p.m. | 3 hours, 38 minutes ago
Description : A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10098
Published : Sept. 8, 2025, 5:15 p.m. | 3 hours, 38 minutes ago
Description : A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51586 - PrestaShop Information Disclosure Vulnerability
CVE ID : CVE-2025-51586
Published : Sept. 8, 2025, 5:15 p.m. | 3 hours, 38 minutes ago
Description : An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51586
Published : Sept. 8, 2025, 5:15 p.m. | 3 hours, 38 minutes ago
Description : An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10099 - Portabilis i-Educar Editar usuário educar_usuario_cad.php cross site scripting
CVE ID : CVE-2025-10099
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10099
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10100 - SourceCodester Simple Forum Discussion System admin_class.php sql injection
CVE ID : CVE-2025-10100
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10100
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56265 - N8N Arbitrary File Upload Code Execution Vulnerability
CVE ID : CVE-2025-56265
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56265
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56266 - Avigilon ACM Host Header Injection Remote Code Execution
CVE ID : CVE-2025-56266
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56266
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56267 - Avigilon ACM CSV Injection Code Execution
CVE ID : CVE-2025-56267
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56267
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57285 - Codeceptjs Command Injection Vulnerability
CVE ID : CVE-2025-57285
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57285
Published : Sept. 8, 2025, 6:15 p.m. | 2 hours, 38 minutes ago
Description : codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-48341 - Dingfanzu CMS CSRF
CVE ID : CVE-2024-48341
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-48341
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10102 - code-projects Online Event Judging System index.php sql injection
CVE ID : CVE-2025-10102
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10102
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10103 - code-projects Online Event Judging System home.php sql injection
CVE ID : CVE-2025-10103
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument main_event can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10103
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument main_event can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43722 - Dell PowerScale OneFS Privilege Escalation Vulnerability
CVE ID : CVE-2025-43722
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43722
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55849 - WeiPHP SQL Injection Vulnerability
CVE ID : CVE-2025-55849
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55849
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9112 - Doccure <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload
CVE ID : CVE-2025-9112
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9112
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9113 - Doccure <= 1.4.8 - Unauthenticated Arbitrary File Upload
CVE ID : CVE-2025-9113
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9113
Published : Sept. 8, 2025, 7:15 p.m. | 1 hour, 38 minutes ago
Description : The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...