{
"Source": "CVE FEED",
"Title": "CVE-2025-5486 - WordPress WP Email Debug Privilege Escalation",
"Content": "CVE ID : CVE-2025-5486
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5486 - WordPress WP Email Debug Privilege Escalation",
"Content": "CVE ID : CVE-2025-5486
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5533 - WordPress Knowledge Base Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5533
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5533 - WordPress Knowledge Base Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5533
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5536 - Freemind Viewer Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-5536
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5536 - Freemind Viewer Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-5536
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5019 - Hive Support WordPress Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-5019
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the pluginโs AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5019 - Hive Support WordPress Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-5019
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the pluginโs AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5534 - "ESV Bible Shortcode for WordPress Stored Cross-Site Scripting"",
"Content": "CVE ID : CVE-2025-5534
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5534 - "ESV Bible Shortcode for WordPress Stored Cross-Site Scripting"",
"Content": "CVE ID : CVE-2025-5534
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4964 - WordPress WP Online Users Stats SQL Injection",
"Content": "CVE ID : CVE-2025-4964
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the โtable_nameโ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4964 - WordPress WP Online Users Stats SQL Injection",
"Content": "CVE ID : CVE-2025-4964
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the โtable_nameโ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4966 - WordPress WP Online Users Stats CSRF",
"Content": "CVE ID : CVE-2025-4966
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4966 - WordPress WP Online Users Stats CSRF",
"Content": "CVE ID : CVE-2025-4966
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5018 - WordPress Hive Support Plugin Unauthenticated Data Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-5018
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the siteโs OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5018 - WordPress Hive Support Plugin Unauthenticated Data Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-5018
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the siteโs OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-48906 - DSoftBus Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-48906
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : Authentication bypass vulnerability in the DSoftBus module
Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-48906 - DSoftBus Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-48906
Published : June 6, 2025, 7:15 a.m. | 50 minutes ago
Description : Authentication bypass vulnerability in the DSoftBus module
Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5739 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5739
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5739 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5739
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5738 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5738
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5738 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5738
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-3322 - Apache Server Code Injection Vulnerability",
"Content": "CVE ID : CVE-2025-3322
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : An improper neutralization of inputs used in expression
language allows remote code execution with the highest privileges on the
server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3322 - Apache Server Code Injection Vulnerability",
"Content": "CVE ID : CVE-2025-3322
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : An improper neutralization of inputs used in expression
language allows remote code execution with the highest privileges on the
server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-3365 - Apache File Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-3365
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A missing protection against path traversal allows to access
any file on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3365 - Apache File Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-3365
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A missing protection against path traversal allows to access
any file on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5737 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5737
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5737 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5737
Published : June 6, 2025, 9:15 a.m. | 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5736 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow",
"Content": "CVE ID : CVE-2025-5736
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5736 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow",
"Content": "CVE ID : CVE-2025-5736
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-3321 - Apache Server Unauthenticated Local Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-3321
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A predefined administrative account is not documented and cannot
be deactivated. This account cannot be misused from the network, only by local
users on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3321 - Apache Server Unauthenticated Local Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-3321
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A predefined administrative account is not documented and cannot
be deactivated. This account cannot be misused from the network, only by local
users on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5732 - Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-5732
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5732 - Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-5732
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5734 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow",
"Content": "CVE ID : CVE-2025-5734
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5734 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow",
"Content": "CVE ID : CVE-2025-5734
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5735 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5735
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5735 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5735
Published : June 6, 2025, 8:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5759 - PHPGurukul Local Services Search Engine Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5759
Published : June 6, 2025, 11:15 a.m. | 56 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5759 - PHPGurukul Local Services Search Engine Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5759
Published : June 6, 2025, 11:15 a.m. | 56 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5758 - SourceCodester Open Source Clinic Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5758
Published : June 6, 2025, 11:15 a.m. | 56 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5758 - SourceCodester Open Source Clinic Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5758
Published : June 6, 2025, 11:15 a.m. | 56 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น