{
"Source": "CVE FEED",
"Title": "CVE-2025-36371 - IBM i Information Disclosure",
"Content": "CVE ID : CVE-2025-36371
Published : Nov. 19, 2025, 8:15 p.m. | 1 hour, 44 minutes ago
Description : IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-36371 - IBM i Information Disclosure",
"Content": "CVE ID : CVE-2025-36371
Published : Nov. 19, 2025, 8:15 p.m. | 1 hour, 44 minutes ago
Description : IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-51661 - FileCodeBox Path Traversal Remote File Write",
"Content": "CVE ID : CVE-2025-51661
Published : Nov. 19, 2025, 8:15 p.m. | 1 hour, 44 minutes ago
Description : A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method in core/storage.py uses filenames from user input without validation to construct save_path and save files. This allows remote attackers to perform arbitrary file writes outside the intended directory by sending crafted POST requests with malicious traversal sequences to /share/file/ upload endpoint, which does not require any authorization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-51661 - FileCodeBox Path Traversal Remote File Write",
"Content": "CVE ID : CVE-2025-51661
Published : Nov. 19, 2025, 8:15 p.m. | 1 hour, 44 minutes ago
Description : A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method in core/storage.py uses filenames from user input without validation to construct save_path and save files. This allows remote attackers to perform arbitrary file writes outside the intended directory by sending crafted POST requests with malicious traversal sequences to /share/file/ upload endpoint, which does not require any authorization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13423 - Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload",
"Content": "CVE ID : CVE-2025-13423
Published : Nov. 19, 2025, 11:32 p.m. | 28 minutes ago
Description : A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13423 - Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload",
"Content": "CVE ID : CVE-2025-13423
Published : Nov. 19, 2025, 11:32 p.m. | 28 minutes ago
Description : A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13422 - freeprojectscodes Sports Club Management System change_s_pwd.php sql injection",
"Content": "CVE ID : CVE-2025-13422
Published : Nov. 19, 2025, 11:32 p.m. | 28 minutes ago
Description : A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13422 - freeprojectscodes Sports Club Management System change_s_pwd.php sql injection",
"Content": "CVE ID : CVE-2025-13422
Published : Nov. 19, 2025, 11:32 p.m. | 28 minutes ago
Description : A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13421 - itsourcecode Human Resource Management System NoticeStore.php sql injection",
"Content": "CVE ID : CVE-2025-13421
Published : Nov. 19, 2025, 11:15 p.m. | 44 minutes ago
Description : A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13421 - itsourcecode Human Resource Management System NoticeStore.php sql injection",
"Content": "CVE ID : CVE-2025-13421
Published : Nov. 19, 2025, 11:15 p.m. | 44 minutes ago
Description : A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-4042 - Here is a potential title: Apache Struts Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-4042
Published : Nov. 19, 2025, 11:15 p.m. | 44 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-4042 - Here is a potential title: Apache Struts Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-4042
Published : Nov. 19, 2025, 11:15 p.m. | 44 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13420 - itsourcecode Human Resource Management System EventStore.php sql injection",
"Content": "CVE ID : CVE-2025-13420
Published : Nov. 19, 2025, 11:15 p.m. | 44 minutes ago
Description : A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13420 - itsourcecode Human Resource Management System EventStore.php sql injection",
"Content": "CVE ID : CVE-2025-13420
Published : Nov. 19, 2025, 11:15 p.m. | 44 minutes ago
Description : A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13415 - icret EasyImages SVG Image upload.php cross site scripting",
"Content": "CVE ID : CVE-2025-13415
Published : Nov. 19, 2025, 10:16 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13415 - icret EasyImages SVG Image upload.php cross site scripting",
"Content": "CVE ID : CVE-2025-13415
Published : Nov. 19, 2025, 10:16 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13442 - UTT θΏε 750W formPdbUpConfig system command injection",
"Content": "CVE ID : CVE-2025-13442
Published : Nov. 20, 2025, 1:32 a.m. | 37 minutes ago
Description : A security vulnerability has been detected in UTT θΏε 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13442 - UTT θΏε 750W formPdbUpConfig system command injection",
"Content": "CVE ID : CVE-2025-13442
Published : Nov. 20, 2025, 1:32 a.m. | 37 minutes ago
Description : A security vulnerability has been detected in UTT θΏε 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13435 - Dreampie Resty HttpClient HttpClient.java request path traversal",
"Content": "CVE ID : CVE-2025-13435
Published : Nov. 20, 2025, 1:32 a.m. | 37 minutes ago
Description : A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13435 - Dreampie Resty HttpClient HttpClient.java request path traversal",
"Content": "CVE ID : CVE-2025-13435
Published : Nov. 20, 2025, 1:32 a.m. | 37 minutes ago
Description : A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13434 - jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax",
"Content": "CVE ID : CVE-2025-13434
Published : Nov. 20, 2025, 1:02 a.m. | 1 hour, 7 minutes ago
Description : A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $_SERVER['HOST'] causes improper neutralization of http headers for scripting syntax. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13434 - jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax",
"Content": "CVE ID : CVE-2025-13434
Published : Nov. 20, 2025, 1:02 a.m. | 1 hour, 7 minutes ago
Description : A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $_SERVER['HOST'] causes improper neutralization of http headers for scripting syntax. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13433 - Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path",
"Content": "CVE ID : CVE-2025-13433
Published : Nov. 20, 2025, 12:32 a.m. | 1 hour, 37 minutes ago
Description : A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13433 - Muse Group MuseHub Windows Service Muse.Updater.exe unquoted search path",
"Content": "CVE ID : CVE-2025-13433
Published : Nov. 20, 2025, 12:32 a.m. | 1 hour, 37 minutes ago
Description : A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13424 - Campcodes Supplier Management System add_product.php sql injection",
"Content": "CVE ID : CVE-2025-13424
Published : Nov. 20, 2025, 12:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13424 - Campcodes Supplier Management System add_product.php sql injection",
"Content": "CVE ID : CVE-2025-13424
Published : Nov. 20, 2025, 12:15 a.m. | 1 hour, 53 minutes ago
Description : A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13451 - SourceCodester Online Shop Project action.php sql injection",
"Content": "CVE ID : CVE-2025-13451
Published : Nov. 20, 2025, 3:02 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13451 - SourceCodester Online Shop Project action.php sql injection",
"Content": "CVE ID : CVE-2025-13451
Published : Nov. 20, 2025, 3:02 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13450 - SourceCodester Online Shop Project register.php cross site scripting",
"Content": "CVE ID : CVE-2025-13450
Published : Nov. 20, 2025, 3:02 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13450 - SourceCodester Online Shop Project register.php cross site scripting",
"Content": "CVE ID : CVE-2025-13450
Published : Nov. 20, 2025, 3:02 a.m. | 1 hour, 9 minutes ago
Description : A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13449 - code-projects Online Shop Project login.php sql injection",
"Content": "CVE ID : CVE-2025-13449
Published : Nov. 20, 2025, 2:32 a.m. | 1 hour, 39 minutes ago
Description : A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13449 - code-projects Online Shop Project login.php sql injection",
"Content": "CVE ID : CVE-2025-13449
Published : Nov. 20, 2025, 2:32 a.m. | 1 hour, 39 minutes ago
Description : A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13446 - Tenda AC21 SetSysTimeCfg stack-based overflow",
"Content": "CVE ID : CVE-2025-13446
Published : Nov. 20, 2025, 2:32 a.m. | 1 hour, 39 minutes ago
Description : A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13446 - Tenda AC21 SetSysTimeCfg stack-based overflow",
"Content": "CVE ID : CVE-2025-13446
Published : Nov. 20, 2025, 2:32 a.m. | 1 hour, 39 minutes ago
Description : A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13445 - Tenda AC21 SetIpMacBind stack-based overflow",
"Content": "CVE ID : CVE-2025-13445
Published : Nov. 20, 2025, 2:02 a.m. | 2 hours, 9 minutes ago
Description : A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13445 - Tenda AC21 SetIpMacBind stack-based overflow",
"Content": "CVE ID : CVE-2025-13445
Published : Nov. 20, 2025, 2:02 a.m. | 2 hours, 9 minutes ago
Description : A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-13443 - macrozheng mall delete access control",
"Content": "CVE ID : CVE-2025-13443
Published : Nov. 20, 2025, 2:02 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-13443 - macrozheng mall delete access control",
"Content": "CVE ID : CVE-2025-13443
Published : Nov. 20, 2025, 2:02 a.m. | 2 hours, 9 minutes ago
Description : A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-12778 - Ultimate Member Widgets for Elementor <= 2.3 - missing authorization to unauthenticated information exposure",
"Content": "CVE ID : CVE-2025-12778
Published : Nov. 20, 2025, 4:37 a.m. | 1 hour, 36 minutes ago
Description : The Ultimate Member Widgets for Elementor β WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to extract partial metadata of all WordPress users, including their first name, last name and email addresses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-12778 - Ultimate Member Widgets for Elementor <= 2.3 - missing authorization to unauthenticated information exposure",
"Content": "CVE ID : CVE-2025-12778
Published : Nov. 20, 2025, 4:37 a.m. | 1 hour, 36 minutes ago
Description : The Ultimate Member Widgets for Elementor β WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to extract partial metadata of all WordPress users, including their first name, last name and email addresses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-64984 - Kaspersky Endpoint Security for Linux, Kaspersky Industrial CyberSecurity for Linux Nodes, and Kaspersky Endpoint Security for Mac Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-64984
Published : Nov. 20, 2025, 6:53 a.m. | 1 hour, 23 minutes ago
Description : Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-64984 - Kaspersky Endpoint Security for Linux, Kaspersky Industrial CyberSecurity for Linux Nodes, and Kaspersky Endpoint Security for Mac Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-64984
Published : Nov. 20, 2025, 6:53 a.m. | 1 hour, 23 minutes ago
Description : Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Nov 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ