CVE-2025-59672 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-59672
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59672
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59673 - Apache Struts Cross-Site Scripting
CVE ID : CVE-2025-59673
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59673
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59674 - Adobe Photoshop Unvalidated Redirect
CVE ID : CVE-2025-59674
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59674
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59675 - Cisco WebEx Meeting Center Stored XSS
CVE ID : CVE-2025-59675
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59675
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59676 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-59676
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59676
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59677 - Apache HTTP Server Untrusted User Input
CVE ID : CVE-2025-59677
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59677
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59678 - Google Maps Unvalidated Redirect
CVE ID : CVE-2025-59678
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59678
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59712 - Snipe-IT Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-59712
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Snipe-IT before 8.1.18 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59712
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Snipe-IT before 8.1.18 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59713 - Snipe-IT Deserialization Vulnerability
CVE ID : CVE-2025-59713
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : Snipe-IT before 8.1.18 allows unsafe deserialization.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59713
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : Snipe-IT before 8.1.18 allows unsafe deserialization.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59714 - Internet2 Grouper Privilege Escalation Vulnerability
CVE ID : CVE-2025-59714
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59714
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59715 - SMSEagle Reflected Cross-Site Scripting
CVE ID : CVE-2025-59715
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : SMSEagle before 6.11 allows reflected XSS via a username or contact phone number.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59715
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : SMSEagle before 6.11 allows reflected XSS via a username or contact phone number.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7937 - Supermicro BMC firmware update validation bypass
CVE ID : CVE-2025-7937
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7937
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59717 - DigitalOcean do-markdownit String Injection Vulnerability
CVE ID : CVE-2025-59717
Published : Sept. 19, 2025, 4:16 a.m. | 48 minutes ago
Description : In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59717
Published : Sept. 19, 2025, 4:16 a.m. | 48 minutes ago
Description : In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8487 - Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation
CVE ID : CVE-2025-8487
Published : Sept. 19, 2025, 4:17 a.m. | 48 minutes ago
Description : The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8487
Published : Sept. 19, 2025, 4:17 a.m. | 48 minutes ago
Description : The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10146 - Download Manager <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter
CVE ID : CVE-2025-10146
Published : Sept. 19, 2025, 4:27 a.m. | 38 minutes ago
Description : The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10146
Published : Sept. 19, 2025, 4:27 a.m. | 38 minutes ago
Description : The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5955 - Service Finder SMS System <= 2.0.0 - Authentication Bypass
CVE ID : CVE-2025-5955
Published : Sept. 19, 2025, 4:27 a.m. | 38 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it possible for unauthenticated attackers to login as arbitrary users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5955
Published : Sept. 19, 2025, 4:27 a.m. | 38 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it possible for unauthenticated attackers to login as arbitrary users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10456 - Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests
CVE ID : CVE-2025-10456
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10456
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10457 - Bluetooth: Out-Of-Context le_conn_rsp Handling
CVE ID : CVE-2025-10457
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10457
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10458 - Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values
CVE ID : CVE-2025-10458
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : Parameters are not validated or sanitized, and are later used in various internal operations.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10458
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : Parameters are not validated or sanitized, and are later used in various internal operations.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5948 - Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business
CVE ID : CVE-2025-5948
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to claiming a business when using the claim_business AJAX action. This makes it possible for unauthenticated attackers to login as any user including admins. Please note that subscriber privileges or brute-forcing are needed when completing the business takeover. The claim_id is needed to takeover the admin account, but brute-forcing is a practical approach to obtaining valid IDs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5948
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to claiming a business when using the claim_business AJAX action. This makes it possible for unauthenticated attackers to login as any user including admins. Please note that subscriber privileges or brute-forcing are needed when completing the business takeover. The claim_id is needed to takeover the admin account, but brute-forcing is a practical approach to obtaining valid IDs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7403 - Bluetooth: bt_conn_tx_processor unsafe handling
CVE ID : CVE-2025-7403
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7403
Published : Sept. 19, 2025, 6:15 a.m. | 2 hours, 50 minutes ago
Description : Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...