CVE-2025-54259 - Substance3D - Modeler | Integer Overflow or Wraparound (CWE-190)
CVE ID : CVE-2025-54259
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54259
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54260 - Substance3D - Modeler | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-54260
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54260
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58131 - Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon - Race Condition
CVE ID : CVE-2025-58131
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58131
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Race condition in the Zoom Workplace VDI Plugin macOS Universal installer for VMware Horizon before version 6.4.10 (or before 6.2.15 and 6.3.12 in their respective tracks) may allow an authenticated user to conduct a disclosure of information via network access.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58134 - Zoom Workplace Clients for Windows - Incorrect Authorization
CVE ID : CVE-2025-58134
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58134
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58135 - Zoom Workplace Clients for Windows - Improper Action Enforcement
CVE ID : CVE-2025-58135
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58135
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59036 - Infrahub allows authentication with deleted and expired API tokens
CVE ID : CVE-2025-59036
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. This issue is fixed in versions 1.3.9 and 1.4.5. As a workaround, users can delete or deactivate the account associated with a deleted API token to prevent that token from authenticating.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59036
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. This issue is fixed in versions 1.3.9 and 1.4.5. As a workaround, users can delete or deactivate the account associated with a deleted API token to prevent that token from authenticating.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9997 - BLMon OS Command Injection Vulnerability
CVE ID : CVE-2025-9997
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9997
Published : Sept. 9, 2025, 10:15 p.m. | 2 hours, 1 minute ago
Description : CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10172 - UTT 750W formPictureUrl buffer overflow
CVE ID : CVE-2025-10172
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10172
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58447 - rAthena has heap-based buffer overflow in login server
CVE ID : CVE-2025-58447
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted `CA_SSO_LOGIN_REQ` with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58447
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted `CA_SSO_LOGIN_REQ` with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58448 - rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.
CVE ID : CVE-2025-58448
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58448
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58750 - rAthena missing bound check in chclif_parse_moveCharSlot
CVE ID : CVE-2025-58750
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using input from the user. The problem has been fixed in commit 0cc348b.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58750
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using input from the user. The problem has been fixed in commit 0cc348b.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59038 - Prebid.js NPM package briefly compromised
CVE ID : CVE-2025-59038
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fixes the issue. As a workaround, it is also possible to downgrade to 10.9.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59038
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fixes the issue. As a workaround, it is also possible to downgrade to 10.9.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59039 - Prebid Universal Creative on npm briefly compromised
CVE ID : CVE-2025-59039
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : Prebid Universal Creative (PUC) is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should see Prebid.js 9 release notes for suggestions on moving off the deprecated workflow of using the PUC or pointing to a dynamic version of it. PUC users pointing to latest should transition to 1.17.2 as soon as possible to avoid similar attacks in the future.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59039
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : Prebid Universal Creative (PUC) is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should see Prebid.js 9 release notes for suggestions on moving off the deprecated workflow of using the PUC or pointing to a dynamic version of it. PUC users pointing to latest should transition to 1.17.2 as soon as possible to avoid similar attacks in the future.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59042 - PyInstaller has local privilege escalation vulnerability
CVE ID : CVE-2025-59042
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to `sys.path` during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in `sys.path`, an application built with PyInstaller < 6.0.0 may be tricked by an unprivileged attacker into executing arbitrary python code when **all** of the following conditions are met. First, the application is built with PyInstaller < 6.0.0; both onedir and onefile mode are affected. Second, the optional bytecode encryption code feature was not enabled during the application build. Third, the attacker can create files/directories in the same directory where the executable is located. Fourth, the filesystem supports creation of files/directories that contain `?` in their name (i.e., non-Windows systems). Fifth, the attacker is able to determine the offset at which the PYZ archive is embedded in the executable. The attacker can create a directory (or a zip archive) next to the executable, with the name that matches the format used by PyInstaller's bootloader to transmit information about the location of PYZ archive to the bootstrap script. If this directory (or zip archive) contains a python module whose name matches the name used by the optional bytecode encryption feature, this module will be loaded and executed by the bootstrap script (in the absence of the real, built-in module that is available when the bytecode-encryption feature is enabled). This results in arbitrary code execution that requires no modification of the executable itself. If the executable is running with elevated privileges (for example, due to having the `setuid` bit set), the code in the injected module is also executed with the said elevated privileges, resulting in a local privilege escalation. PyInstaller 6.0.0 (f5adf291c8b832d5aff7632844f7e3ddf7ad4923) removed support for bytecode encryption; this effectively removes the described attack vector, due to the bootstrap script not attempting to load the optional module for bytecode-decryption anymore. PyInstaller 6.10.0 (cfd60b510f95f92cb81fc42735c399bb781a4739) reworked the bootstrap process to avoid (ab)using `sys.path` for transmitting location of the PYZ archive, which further eliminates the possibility of described injection procedure. If upgrading PyInstaller is not feasible, this issue can be worked around by ensuring proper permissions on directories containing security-sensitive executables (i.e., executables with `setuid` bit set) should mitigate the issue.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59042
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to `sys.path` during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in `sys.path`, an application built with PyInstaller < 6.0.0 may be tricked by an unprivileged attacker into executing arbitrary python code when **all** of the following conditions are met. First, the application is built with PyInstaller < 6.0.0; both onedir and onefile mode are affected. Second, the optional bytecode encryption code feature was not enabled during the application build. Third, the attacker can create files/directories in the same directory where the executable is located. Fourth, the filesystem supports creation of files/directories that contain `?` in their name (i.e., non-Windows systems). Fifth, the attacker is able to determine the offset at which the PYZ archive is embedded in the executable. The attacker can create a directory (or a zip archive) next to the executable, with the name that matches the format used by PyInstaller's bootloader to transmit information about the location of PYZ archive to the bootstrap script. If this directory (or zip archive) contains a python module whose name matches the name used by the optional bytecode encryption feature, this module will be loaded and executed by the bootstrap script (in the absence of the real, built-in module that is available when the bytecode-encryption feature is enabled). This results in arbitrary code execution that requires no modification of the executable itself. If the executable is running with elevated privileges (for example, due to having the `setuid` bit set), the code in the injected module is also executed with the said elevated privileges, resulting in a local privilege escalation. PyInstaller 6.0.0 (f5adf291c8b832d5aff7632844f7e3ddf7ad4923) removed support for bytecode encryption; this effectively removes the described attack vector, due to the bootstrap script not attempting to load the optional module for bytecode-decryption anymore. PyInstaller 6.10.0 (cfd60b510f95f92cb81fc42735c399bb781a4739) reworked the bootstrap process to avoid (ab)using `sys.path` for transmitting location of the PYZ archive, which further eliminates the possibility of described injection procedure. If upgrading PyInstaller is not feasible, this issue can be worked around by ensuring proper permissions on directories containing security-sensitive executables (i.e., executables with `setuid` bit set) should mitigate the issue.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59044 - Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)
CVE ID : CVE-2025-59044
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple groups with the same `displayName` (including end-user–created personal/O365 groups, depending on tenant policy), distinct directory groups can collapse to the same numeric GID on Linux. This issue only applies to Himmelblau versions 0.9.0 through 0.9.22. Any resource or service on a Himmelblau-joined host that enforces authorization by numeric GID (files/dirs, etc.) can be unintentionally accessible to a user who creates or joins a different Entra/O365 group that happens to share the same `displayName` as a privileged security group. Users should upgrade to 0.9.23, or 1.0.0 or later, to receive a patch. Group to GID mapping now uses Entra ID object IDs (GUIDs) and does not collide on same-name groups. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59044
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple groups with the same `displayName` (including end-user–created personal/O365 groups, depending on tenant policy), distinct directory groups can collapse to the same numeric GID on Linux. This issue only applies to Himmelblau versions 0.9.0 through 0.9.22. Any resource or service on a Himmelblau-joined host that enforces authorization by numeric GID (files/dirs, etc.) can be unintentionally accessible to a user who creates or joins a different Entra/O365 group that happens to share the same `displayName` as a privileged security group. Users should upgrade to 0.9.23, or 1.0.0 or later, to receive a patch. Group to GID mapping now uses Entra ID object IDs (GUIDs) and does not collide on same-name groups. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59046 - interactive-git-checkout has Command Injection vulnerability
CVE ID : CVE-2025-59046
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via `npm install -g interactive-git-checkout`. Versions up to and including 1.1.4 of the `interactive-git-checkout` tool are vulnerable to a command injection vulnerability because the software passes the branch name to the `git checkout` command using the Node.js child process module's `exec()` function without proper input validation or sanitization. Commit 8dd832dd302af287a61611f4f85e157cd1c6bb41 fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59046
Published : Sept. 9, 2025, 11:15 p.m. | 1 hour, 1 minute ago
Description : The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via `npm install -g interactive-git-checkout`. Versions up to and including 1.1.4 of the `interactive-git-checkout` tool are vulnerable to a command injection vulnerability because the software passes the branch name to the `git checkout` command using the Node.js child process module's `exec()` function without proper input validation or sanitization. Commit 8dd832dd302af287a61611f4f85e157cd1c6bb41 fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10195 - Seismic App com.seismic.doccenter AndroidManifest.xml improper export of android application components
CVE ID : CVE-2025-10195
Published : Sept. 10, 2025, 1:15 a.m. | 1 hour, 57 minutes ago
Description : A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10195
Published : Sept. 10, 2025, 1:15 a.m. | 1 hour, 57 minutes ago
Description : A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10197 - HJSoft HCM Human Resources Management System downlawbase sql injection
CVE ID : CVE-2025-10197
Published : Sept. 10, 2025, 1:15 a.m. | 1 hour, 57 minutes ago
Description : A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10197
Published : Sept. 10, 2025, 1:15 a.m. | 1 hour, 57 minutes ago
Description : A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8388 - PowerPack Lite for Elementor <= 2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Via 'cursor_url'
CVE ID : CVE-2025-8388
Published : Sept. 10, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor_url’ parameter in all versions up to, and including, 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8388
Published : Sept. 10, 2025, 5:15 a.m. | 1 hour, 57 minutes ago
Description : The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor_url’ parameter in all versions up to, and including, 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10049 - Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload
CVE ID : CVE-2025-10049
Published : Sept. 10, 2025, 6:38 a.m. | 34 minutes ago
Description : The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10049
Published : Sept. 10, 2025, 6:38 a.m. | 34 minutes ago
Description : The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7049 - WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVE ID : CVE-2025-7049
Published : Sept. 10, 2025, 6:38 a.m. | 34 minutes ago
Description : The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7049
Published : Sept. 10, 2025, 6:38 a.m. | 34 minutes ago
Description : The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...