CVE Monitor
4.07K subscribers
4 photos
1 file
43.2K links
Download Telegram
{
"Source": "CVE FEED",
"Title": "CVE-2025-5537 - FooBox Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-5537
Published : July 8, 2025, 5:15 a.m. | 54 minutes ago
Description : The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5957 - "WordPress Guest Support Unauthenticated Ticket Deletion Vulnerability"",
"Content": "CVE ID : CVE-2025-5957
Published : July 8, 2025, 5:15 a.m. | 54 minutes ago
Description : The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7161 - PHPGurukul Zoo Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7161
Published : July 8, 2025, 4:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7160 - PHPGurukul Zoo Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7160
Published : July 8, 2025, 4:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7346 - Apache Maven Package Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-7346
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : Any unauthenticated attacker can bypass the localhost
restrictions posed by the application and utilize this to create
arbitrary packages
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7167 - Code-Projects Responsive Blog Site SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7167
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-42956 - SAP NetWeaver Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-42956
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-6743 - WordPress Woodmart Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-6743
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-6746 - WordPress WoodMart Plugin Local File Inclusion Vulnerability",
"Content": "CVE ID : CVE-2025-6746
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php files can be uploaded and included.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7166 - Code-projects Responsive Blog Site SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7166
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-25270 - Cisco IOS Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-25270
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-25271 - "EVgo OCPP Configuration Interface Insecure Defaults"",
"Content": "CVE ID : CVE-2025-25271
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41665 - Siemens SIMATIC S7-1200 Watchdog Reboot Vulnerability",
"Content": "CVE ID : CVE-2025-41665
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41666 - Apache Watchdog File Access Bypass",
"Content": "CVE ID : CVE-2025-41666
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41667 - Aruba Networks File Access Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-41667
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41668 - Apache Service Security Profile File System Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-41668
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-24005 - Apache SSH Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-24005
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-24006 - Cisco SSH Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-24006
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-25268 - Apache API Unauthenticated Configuration Modification",
"Content": "CVE ID : CVE-2025-25268
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-24004 - Cisco Switch USB-C Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-24004
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-25269 - Apache Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-25269
Published : July 8, 2025, 7:15 a.m. | 58 minutes ago
Description : An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹