π¨ CVE-2025-0010
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
π@cveNotify
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
π@cveNotify
AMD
AMD Graphics Vulnerabilities β August 2025
π¨ CVE-2025-0011
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address information potentially resulting in loss of confidentiality.
π@cveNotify
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address information potentially resulting in loss of confidentiality.
π@cveNotify
AMD
AMD Graphics Vulnerabilities β August 2025
π¨ CVE-2025-0032
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.
π@cveNotify
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.
π@cveNotify
AMD
AMD Server Vulnerabilities β August 2025
π¨ CVE-2025-0034
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service.
π@cveNotify
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service.
π@cveNotify
AMD
AMD Graphics Vulnerabilities β August 2025
π¨ CVE-2025-58438
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.
π@cveNotify
internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.
π@cveNotify
GitHub
Merge branch 'sanitize-filename-downloads' Β· jjjake/internetarchive@cba2d45
A Python and Command-Line Interface to Archive.org - Merge branch 'sanitize-filename-downloads' Β· jjjake/internetarchive@cba2d45
π¨ CVE-2025-58443
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is expected to be released 9/15/2025. To address this vulnerability immediately, upgrade to the latest version of either the dev-branch or working-1.6 branch. This will patch the issue for users concerned about immediate exposure. See the FOG Project documentation for step-by-step upgrade instructions: https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version.
π@cveNotify
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is expected to be released 9/15/2025. To address this vulnerability immediately, upgrade to the latest version of either the dev-branch or working-1.6 branch. This will patch the issue for users concerned about immediate exposure. See the FOG Project documentation for step-by-step upgrade instructions: https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version.
π@cveNotify
GitHub
authentication bypass leads to full SQL DB dump
### Summary
authentication bypass vulnerability leads to unauthenticated DB dump, attacker could be able to dump full SQL DB dump without any authentication at all.
### Details
the main issue ...
authentication bypass vulnerability leads to unauthenticated DB dump, attacker could be able to dump full SQL DB dump without any authentication at all.
### Details
the main issue ...
π¨ CVE-2025-58445
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
π@cveNotify
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
π@cveNotify
GitHub
Public Exposure of Service Version on /status API Endpoint
### Summary
Atlantis publicly exposes detailed version information on its `/status` endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associa...
Atlantis publicly exposes detailed version information on its `/status` endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associa...
π₯1
π¨ CVE-2025-10062
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
itsourcecode Student Information Management System Project V1.0 /admin/login.php SQL injection Β· Issue #3 Β· hjsjbsg/record-forβ¦
itsourcecode Student Information Management System Project V1.0 /admin/login.php SQL injection NAME OF AFFECTED PRODUCT(S) Student Information Management System Vendor Homepage https://itsourcecode...
π¨ CVE-2025-10063
A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
π@cveNotify
GitHub
CVE-Report/CVE-007.md at main Β· AlphabugX/CVE-Report
Contribute to AlphabugX/CVE-Report development by creating an account on GitHub.
π¨ CVE-2025-10064
A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
CVE-Report/CVE-008.md at main Β· AlphabugX/CVE-Report
Contribute to AlphabugX/CVE-Report development by creating an account on GitHub.
π¨ CVE-2025-10065
A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
CVE-Report/CVE-009.md at main Β· AlphabugX/CVE-Report
Contribute to AlphabugX/CVE-Report development by creating an account on GitHub.
π¨ CVE-2025-10066
A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
CVE-Report/CVE-010.md at main Β· AlphabugX/CVE-Report
Contribute to AlphabugX/CVE-Report development by creating an account on GitHub.
π¨ CVE-2025-36100
IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.
π@cveNotify
IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.
π@cveNotify
Ibm
Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability.
IBM MQ has addressed a password disclosure vulnerability (CVE-2025-36100)
π¨ CVE-2025-10067
A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
CVE-Report/CVE-011.md at main Β· AlphabugX/CVE-Report
Contribute to AlphabugX/CVE-Report development by creating an account on GitHub.
π¨ CVE-2025-10068
A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
π@cveNotify
GitHub
Itsourcecode Online Discussion Forum Project Project V1.0 /admin/admin_forum/add_views.php Β· Issue #13 Β· JunGu-W/cve
Itsourcecode Online Discussion Forum Project Project V1.0 /admin/admin_forum/add_views.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Discussion Forum Project Vendor Homepage https://itsource...
π₯1
π¨ CVE-2025-10070
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.
π@cveNotify
π₯1
π¨ CVE-2025-10071
A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-10072
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
π@cveNotify
π¨ CVE-2025-10074
A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de UsuÑrio/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de UsuÑrio/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
CVE/i-educar/CVE-2025-10074.md at main Β· marcelomulder/CVE
CVE's POC. Contribute to marcelomulder/CVE development by creating an account on GitHub.
π¨ CVE-2025-10075
A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
sourcecodester Online Polling System Code Project V1.0 Reflect XSS Vulnerability Β· Issue #18 Β· ganzhi-qcy/cve
sourcecodester Online Polling System Code Project V1.0 Reflect XSS Vulnerability Author: quchunyi1 Vendor and Software Links https://www.sourcecodester.com/php/14330/online-polling-system.html Over...
π¨ CVE-2025-10076
A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
sourcecodester Online Polling System Code Project V1.0 manage-profile.php SQL injection Β· Issue #19 Β· ganzhi-qcy/cve
sourcecodester Online Polling System Code Project V1.0 manage-profile.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Polling System Code Vendor Homepage https://www.sourcecodester.com/php/143...