{
"Source": "CVE FEED",
"Title": "CVE-2025-20288 - Cisco Unified Intelligence Center SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-20288
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20288 - Cisco Unified Intelligence Center SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-20288
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20337 - Cisco ISE/Cisco ISE-PIC Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-20337
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20337 - Cisco ISE/Cisco ISE-PIC Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-20337
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20274 - "Cisco Unified Intelligence Center File Upload Privilege Escalation Vulnerability"",
"Content": "CVE ID : CVE-2025-20274
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20274 - "Cisco Unified Intelligence Center File Upload Privilege Escalation Vulnerability"",
"Content": "CVE ID : CVE-2025-20274
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20283 - "Cisco ISE and ISE-PIC Root Code Execution Vulnerability"",
"Content": "CVE ID : CVE-2025-20283
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20283 - "Cisco ISE and ISE-PIC Root Code Execution Vulnerability"",
"Content": "CVE ID : CVE-2025-20283
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20272 - Cisco Prime Infrastructure and EPNM Blind SQL Injection",
"Content": "CVE ID : CVE-2025-20272
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20272 - Cisco Prime Infrastructure and EPNM Blind SQL Injection",
"Content": "CVE ID : CVE-2025-20272
Published : July 16, 2025, 5:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34123 - VideoCharge Studio Stack-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-34123
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34123 - VideoCharge Studio Stack-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-34123
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34121 - Idera Up.Time PHP File Upload RCE",
"Content": "CVE ID : CVE-2025-34121
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34121 - Idera Up.Time PHP File Upload RCE",
"Content": "CVE ID : CVE-2025-34121
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34117 - Netcore/Netis Router Remote Code Execution Backdoor Vulnerability",
"Content": "CVE ID : CVE-2025-34117
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34117 - Netcore/Netis Router Remote Code Execution Backdoor Vulnerability",
"Content": "CVE ID : CVE-2025-34117
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34118 - Linknat VOS Manager Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-34118
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34118 - Linknat VOS Manager Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-34118
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability is accessible via multiple localized subpaths such as '/eng/', '/chs/', or '/cht/', where the 'js/lang_en_us.js' or equivalent files are loaded. By injecting encoded traversal sequences such as '%c0%ae%c0%ae' into the request path, attackers can bypass input validation and disclose sensitive files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34119 - EasyCafe Server Remote File Disclosure",
"Content": "CVE ID : CVE-2025-34119
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34119 - EasyCafe Server Remote File Disclosure",
"Content": "CVE ID : CVE-2025-34119
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34120 - LimeSurvey Unauthenticated File Download Vulnerability",
"Content": "CVE ID : CVE-2025-34120
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. The files are packaged in a ZIP archive and made available for download without authentication. This vulnerability can be exploited to read arbitrary files on the host system, including sensitive OS and configuration files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34120 - LimeSurvey Unauthenticated File Download Vulnerability",
"Content": "CVE ID : CVE-2025-34120
Published : July 16, 2025, 9:15 p.m. | 17 minutes ago
Description : An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. The files are packaged in a ZIP archive and made available for download without authentication. This vulnerability can be exploited to read arbitrary files on the host system, including sensitive OS and configuration files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-6982 - TP-Link Archer C50 Hard-coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-6982
Published : July 16, 2025, 8:15 p.m. | 1 hour, 17 minutes ago
Description : Use of Hard-coded Credentials in TP-Link Archer C50 V3( <=<=<=
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-6982 - TP-Link Archer C50 Hard-coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-6982
Published : July 16, 2025, 8:15 p.m. | 1 hour, 17 minutes ago
Description : Use of Hard-coded Credentials in TP-Link Archer C50 V3( <=<=<=
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-6983 - TP-Link Archer C1200 Clickjacking Vulnerability",
"Content": "CVE ID : CVE-2025-6983
Published : July 16, 2025, 8:15 p.m. | 1 hour, 17 minutes ago
Description : A
Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 <=
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-6983 - TP-Link Archer C1200 Clickjacking Vulnerability",
"Content": "CVE ID : CVE-2025-6983
Published : July 16, 2025, 8:15 p.m. | 1 hour, 17 minutes ago
Description : A
Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 <=
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53908 - RomM Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53908
Published : July 16, 2025, 8:15 p.m. | 1 hour, 17 minutes ago
Description : RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53908 - RomM Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53908
Published : July 16, 2025, 8:15 p.m. | 1 hour, 17 minutes ago
Description : RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-12498 - CVE-2021-42251: Apache Struts Deserialization Remote Code Execution",
"Content": "CVE ID : CVE-2024-12498
Published : July 16, 2025, 11:15 p.m. | 25 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-12498 - CVE-2021-42251: Apache Struts Deserialization Remote Code Execution",
"Content": "CVE ID : CVE-2024-12498
Published : July 16, 2025, 11:15 p.m. | 25 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34132 - LILIN DVR Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-34132
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface. 777
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34132 - LILIN DVR Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-34132
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface. 777
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34125 - D-Link Lighttpd Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-34125
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34125 - D-Link Lighttpd Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-34125
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34126 - RIPS Scanner Remote File Read Vulnerability",
"Content": "CVE ID : CVE-2025-34126
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34126 - RIPS Scanner Remote File Read Vulnerability",
"Content": "CVE ID : CVE-2025-34126
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34127 - Achat UDP Stack-based Buffer Overflow",
"Content": "CVE ID : CVE-2025-34127
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34127 - Achat UDP Stack-based Buffer Overflow",
"Content": "CVE ID : CVE-2025-34127
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34128 - X360 VideoPlayer Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-34128
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34128 - X360 VideoPlayer Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-34128
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34129 - LILIN Digital Video Recorder (DVR) Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-34129
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34129 - LILIN Digital Video Recorder (DVR) Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-34129
Published : July 16, 2025, 10:15 p.m. | 1 hour, 25 minutes ago
Description : A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "17 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹