CVE-2025-9549 - Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
CVE ID : CVE-2025-9549
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9549
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9550 - Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100
CVE ID : CVE-2025-9550
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9550
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9551 - Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101
CVE ID : CVE-2025-9551
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9551
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9552 - Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102
CVE ID : CVE-2025-9552
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9552
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9553 - API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103
CVE ID : CVE-2025-9553
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9553
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62162 - cel-rust May Panic During Parsing of Invalid CEL Expressions
CVE ID : CVE-2025-62162
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62162
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9554 - Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104
CVE ID : CVE-2025-9554
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9554
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11626 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID : CVE-2025-11626
Published : Oct. 10, 2025, 10:33 p.m. | 27 minutes ago
Description : MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11626
Published : Oct. 10, 2025, 10:33 p.m. | 27 minutes ago
Description : MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11590 - CodeAstro Gym Management System equipment-entry.php sql injection
CVE ID : CVE-2025-11590
Published : 2025年10月11日1:15 | 1時間, 46分 ago
Description : A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11590
Published : 2025年10月11日1:15 | 1時間, 46分 ago
Description : A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31717 - "Netgear Modem Remote Denial of Service Vulnerability"
CVE ID : CVE-2025-31717
Published : 2025年10月11日1:15 | 1時間, 46分 ago
Description : In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31717
Published : 2025年10月11日1:15 | 1時間, 46分 ago
Description : In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31718 - "Linksys Modem Remote Privilege Escalation Vulnerability"
CVE ID : CVE-2025-31718
Published : 2025年10月11日1:15 | 1時間, 46分 ago
Description : In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31718
Published : 2025年10月11日1:15 | 1時間, 46分 ago
Description : In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54654 - Apache Gallery Unauthenticated File Disclosure
CVE ID : CVE-2025-54654
Published : 2025年10月11日2:15 | 46分 ago
Description : Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54654
Published : 2025年10月11日2:15 | 46分 ago
Description : Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9560 - Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode
CVE ID : CVE-2025-9560
Published : 2025年10月11日2:24 | 37分 ago
Description : The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9560
Published : 2025年10月11日2:24 | 37分 ago
Description : The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11380 - Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure
CVE ID : CVE-2025-11380
Published : 2025年10月11日2:24 | 37分 ago
Description : The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11380
Published : 2025年10月11日2:24 | 37分 ago
Description : The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58277 - "Canon Camera App Permission Verification Bypass Vulnerability"
CVE ID : CVE-2025-58277
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58277
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58278 - Apache Gallery Authentication Bypass
CVE ID : CVE-2025-58278
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58278
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58282 - Arlo Camera Unauthenticated Information Disclosure
CVE ID : CVE-2025-58282
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58282
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58283 - "Aruba Wi-Fi Module Authorization Bypass"
CVE ID : CVE-2025-58283
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58283
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58284 - Citrix Network Module Permission Control Vulnerability
CVE ID : CVE-2025-58284
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58284
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58285 - Apache Media Vulnerability - Privilege Escalation
CVE ID : CVE-2025-58285
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58285
Published : Oct. 11, 2025, 4:16 a.m. | 2 hours, 46 minutes ago
Description : Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11591 - CodeAstro Gym Management System delete-member.php sql injection
CVE ID : CVE-2025-11591
Published : Oct. 11, 2025, 5:15 a.m. | 1 hour, 47 minutes ago
Description : A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11591
Published : Oct. 11, 2025, 5:15 a.m. | 1 hour, 47 minutes ago
Description : A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...