Latest Vulnerabilities Updates on the latest vulnerabilities detected.
- CVE-2025-7777 – Apache Mirror-Registry HTTP Host Header Injection Vulnerabilityon August 20, 2025 at 12:15 pm
CVE ID : CVE-2025-7777 Published : Aug. 20, 2025, 12:15 p.m. | 41 minutes ago Description : The mirror-registry doesn’t properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-8102 – Easy Digital Downloads WordPress CSRFon August 20, 2025 at 12:15 pm
CVE ID : CVE-2025-8102 Published : Aug. 20, 2025, 12:15 p.m. | 41 minutes ago Description : The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for unauthenticated attackers to deactivate or download and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-43741 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)on August 20, 2025 at 12:15 pm
CVE ID : CVE-2025-43741 Published : Aug. 20, 2025, 12:15 p.m. | 41 minutes ago Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-43742 – Liferay Portal Reflected Cross-Site Scripting (XSS) Vulnerabilityon August 20, 2025 at 12:15 pm
CVE ID : CVE-2025-43742 Published : Aug. 20, 2025, 12:15 p.m. | 41 minutes ago Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript in web content for friendly urls. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-9173 – Emlog Pro Unrestricted File Upload Vulnerabilityon August 20, 2025 at 11:15 am
CVE ID : CVE-2025-9173 Published : Aug. 20, 2025, 11:15 a.m. | 1 hour, 41 minutes ago Description : A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57732 – JetBrains TeamCity Directory Ownership Escalationon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57732 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57733 – JetBrains TeamCity SMTP Injection Vulnerabilityon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57733 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57734 – JetBrains TeamCity AWS Credentials Exposedon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57734 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57728 – JetBrains IntelliJ IDEA Code With Me Guest File Disclosureon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57728 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57729 – JetBrains IntelliJ IDEA Plugin Startup Vulnerabilityon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57729 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57730 – JetBrains IntelliJ IDEA HTML Injection Vulnerabilityon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57730 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature Severity: 5.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57731 – JetBrains YouTrack Stored XSSon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57731 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-57727 – JetBrains IntelliJ IDEA Remote Reference Credentials Disclosure Vulnerabilityon August 20, 2025 at 10:15 am
CVE ID : CVE-2025-57727 Published : Aug. 20, 2025, 10:15 a.m. | 2 hours, 41 minutes ago Description : In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-9229 – MiR Error Handling Information Disclosure Vulnerabilityon August 20, 2025 at 9:15 am
CVE ID : CVE-2025-9229 Published : Aug. 20, 2025, 9:15 a.m. | 3 hours, 41 minutes ago Description : Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-5261 – Pik Online Authorization Bypass Through User-Controlled Keyon August 20, 2025 at 9:15 am
CVE ID : CVE-2025-5261 Published : Aug. 20, 2025, 9:15 a.m. | 3 hours, 41 minutes ago Description : Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-9228 – MiR Text Note Authorization Bypasson August 20, 2025 at 9:15 am
CVE ID : CVE-2025-9228 Published : Aug. 20, 2025, 9:15 a.m. | 3 hours, 41 minutes ago Description : MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2024-39954 – Apache EventMesh SSRFon August 20, 2025 at 9:15 am
CVE ID : CVE-2024-39954 Published : Aug. 20, 2025, 9:15 a.m. | 3 hours, 41 minutes ago Description : CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-5260 – Pik Online Yazılım Çözümleri A.Ş. Pik Online SSRF Vulnerabilityon August 20, 2025 at 9:15 am
CVE ID : CVE-2025-5260 Published : Aug. 20, 2025, 9:15 a.m. | 3 hours, 41 minutes ago Description : Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-9225 – MiR Robots and MiR Fleet Stored Cross-Site Scripting Vulnerabilityon August 20, 2025 at 8:15 am
CVE ID : CVE-2025-9225 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-54677 – vcita Online Booking & Scheduling Calendar for WordPress Unrestricted File Upload Vulnerabilityon August 20, 2025 at 8:15 am
CVE ID : CVE-2025-54677 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-54713 – Magepeopleteam Taxi Booking Manager for WooCommerce Authentication Bypasson August 20, 2025 at 8:15 am
CVE ID : CVE-2025-54713 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-54726 – Miguel Useche JS Archive List SQL Injectionon August 20, 2025 at 8:15 am
CVE ID : CVE-2025-54726 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-54735 – CubeWP Framework Privilege Escalationon August 20, 2025 at 8:15 am
CVE ID : CVE-2025-54735 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-54750 – FunnelKit Funnel Builder PHP Remote File Inclusion Vulnerabilityon August 20, 2025 at 8:15 am
CVE ID : CVE-2025-54750 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.11.1. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
- CVE-2025-55715 – Themeisle Otter – Gutenberg Block Sensitive Data Information Disclosureon August 20, 2025 at 8:15 am
CVE ID : CVE-2025-55715 Published : Aug. 20, 2025, 8:15 a.m. | 4 hours, 41 minutes ago Description : Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter – Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter – Gutenberg Block: from n/a through 3.1.0. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
