Top 100 Recent CVEs

CVE-2025-10627 6.3
Published: 2025-09-18T00:15:35.920

What it does:

This vulnerability allows an attacker to inject malicious SQL code into the Online Exam Form Submission system by manipulating the ID argument in the /admin/delete_user.php file, which can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized user deletion, or other malicious activities.

Steps to mitigate:

  • Update the Online Exam Form Submission system to a patched version
  • [validate and sanitize user input to prevent SQL injection]
  • use prepared statements or parameterized queries to separate code from user input
  • limit access to the /admin/delete_user.php file to authorized personnel
  • monitor system logs for suspicious activity.
CVE-2025-10626 6.3
Published: 2025-09-18T00:15:35.717

What it does:

This vulnerability allows an attacker to manipulate the "credits" argument in the /admin/update_s3.php file of SourceCodester Online Exam Form Submission 1.0, leading to a SQL injection attack that can be exploited remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code into the database, potentially allowing them to access, modify, or delete sensitive data, disrupt the application's functionality, or even gain unauthorized access to the system.

Steps to mitigate:

  • Update SourceCodester Online Exam Form Submission to a patched version
  • [Validate and sanitize user input to prevent malicious data from entering the database]
  • [Implement a Web Application Firewall (WAF) to detect and prevent SQL injection attacks]
  • [Limit access to the /admin/update_s3.php file to authorized personnel only
  • [Monitor database activity for suspicious behavior and implement incident response plans in case of a breach]
CVE-2025-23337 6.7
Published: 2025-09-17T23:15:36.500

What it does:

The NVIDIA HGX & DGX GB200, GB300, B300 devices have a vulnerability in their HGX Management Controller (HMC) that allows an attacker with administrative access to the BMC to gain administrative access to the HMC, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Why it's a problem:

This vulnerability is a problem because it can be exploited by malicious actors to gain unauthorized control over the device, disrupt its operation, steal sensitive information, or modify data, which can have serious consequences for the security and integrity of the system.

Steps to mitigate:

  • Update the HGX Management Controller (HMC) to the latest version
  • [Apply security patches provided by NVIDIA
  • [Restrict administrative access to the BMC and HMC to trusted personnel
  • [Monitor the device for suspicious activity and signs of exploitation
  • [Implement additional security measures such as network segmentation and intrusion detection systems.
CVE-2025-10625 6.3
Published: 2025-09-17T23:15:36.310

What it does:

This vulnerability allows an attacker to inject malicious SQL code into the "phone" argument in the /user/dashboard.php?page=update_profile file of the SourceCodester Online Exam Form Submission 1.0 system, potentially giving them unauthorized access to sensitive data.

Why it's a problem:

This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which could lead to data breaches, unauthorized modifications, or other malicious activities.

Steps to mitigate:

  • Update the SourceCodester Online Exam Form Submission system to a patched version
  • [Implement input validation and sanitization for all user-provided data]
  • [Use prepared statements to prevent SQL injection]
  • [Limit access to the /user/dashboard.php?page=update_profile file to authorized users only
  • [Monitor system logs for suspicious activity and signs of exploitation]
CVE-2025-10624 7.3
Published: 2025-09-17T23:15:36.113

What it does:

The CVE-2025-10624 vulnerability allows an attacker to perform SQL injection by manipulating the "emailid" argument in the login.php file of the PHPGurukul User Management System 1.0, which can be initiated remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or extract sensitive data, disrupt the system's functionality, or gain unauthorized access to the system.

Steps to mitigate:

  • Update PHPGurukul User Management System to a patched version
  • [Implement input validation and sanitization for the "emailid" field]
  • [Use prepared statements to prevent SQL injection]
  • [Limit remote access to the login.php file
  • [Monitor system logs for suspicious activity]
CVE-2025-10623 7.3
Published: 2025-09-17T23:15:35.080

What it does:

This vulnerability allows an attacker to manipulate the ID argument in the deleteuser.php file of the SourceCodester Hotel Reservation System 1.0, leading to a SQL injection attack that can be launched remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt the system's functionality, or gain unauthorized access to the system.

Steps to mitigate:

  • Update the SourceCodester Hotel Reservation System to a patched version
  • [Implement input validation and sanitization on the ID argument in the deleteuser.php file]
  • [Use prepared statements to prevent SQL injection attacks]
  • [Limit access to the deleteuser.php file to authorized personnel only
  • [Monitor the system for suspicious activity and keep backups of important data].
CVE-2025-23336 4.4
Published: 2025-09-17T22:15:37.747

What it does:

The NVIDIA Triton Inference Server vulnerability allows an attacker to cause a denial of service by loading a misconfigured model, potentially disrupting the server's operation.

Why it's a problem:

This vulnerability is a problem because it can be exploited to intentionally shut down or disrupt the NVIDIA Triton Inference Server, leading to a denial of service and potentially causing significant disruptions to critical systems or applications that rely on the server.

Steps to mitigate:

  • Update NVIDIA Triton Inference Server to the latest version
  • [Verify model configurations before loading them to prevent misconfigured models]
  • Implement monitoring and logging to quickly detect and respond to potential denial of service attacks
  • Contact NVIDIA support for additional guidance and patches.
CVE-2025-23329 7.5
Published: 2025-09-17T22:15:37.590

What it does:

The NVIDIA Triton Inference Server vulnerability allows an attacker to cause memory corruption by accessing the shared memory region used by the Python backend, potentially leading to a denial of service.

Why it's a problem:

This vulnerability is a problem because it could enable an attacker to disrupt the normal functioning of the NVIDIA Triton Inference Server, causing a denial of service that might impact critical systems or applications that rely on it.

Steps to mitigate:

  • Update to the latest version of NVIDIA Triton Inference Server
  • [Apply security patches provided by NVIDIA]
  • Implement memory protection mechanisms to restrict access to shared memory regions
  • Monitor system logs for unusual activity indicating potential exploitation
  • Limit access to the server to trusted users and networks.
CVE-2025-23328 7.5
Published: 2025-09-17T22:15:37.427

What it does:

The NVIDIA Triton Inference Server for Windows and Linux has a vulnerability that allows an attacker to cause an out-of-bounds write by sending a specially crafted input, potentially leading to a denial of service.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to disrupt the service, making it unavailable to users, which can lead to downtime, loss of productivity, and potential financial losses.

Steps to mitigate:

  • Update NVIDIA Triton Inference Server to the latest version
  • [apply security patches from NVIDIA]
  • [implement input validation and sanitization to prevent specially crafted inputs]
  • [monitor server logs for signs of exploit attempts]
  • [consider implementing a web application firewall (WAF) to detect and prevent malicious traffic]
CVE-2025-23316 9.8
Published: 2025-09-17T22:15:37.260

What it does:

The NVIDIA Triton Inference Server vulnerability allows an attacker to execute remote code by manipulating the model name parameter in the model control APIs, potentially leading to unauthorized access and control.

Why it's a problem:

This vulnerability is a problem because it can be exploited to gain remote access, disrupt service, disclose sensitive information, and tamper with data, posing a significant threat to the security and integrity of systems using the NVIDIA Triton Inference Server.

Steps to mitigate:

  • Update NVIDIA Triton Inference Server to the latest version
  • [Apply security patches provided by NVIDIA]
  • Implement input validation and sanitization for model name parameters
  • [Restrict access to model control APIs]
  • Monitor systems for suspicious activity and signs of exploitation.
CVE-2025-23268 8.0
Published: 2025-09-17T22:15:37.080

What it does:

The NVIDIA Triton Inference Server has a vulnerability in its DALI backend that allows an attacker to bypass proper input validation, potentially leading to code execution.

Why it's a problem:

This vulnerability is a problem because it could enable an attacker to run malicious code on a system, giving them control over the system and potentially allowing them to steal sensitive data, disrupt operations, or cause other harm.

Steps to mitigate:

  • Update NVIDIA Triton Inference Server to the latest version
  • [apply security patches from NVIDIA]
  • [implement additional input validation and sanitization measures to prevent malicious input]
  • [monitor system logs for signs of exploitation and suspicious activity]
CVE-2025-10621 7.3
Published: 2025-09-17T22:15:36.877

What it does:

The CVE-2025-10621 vulnerability allows an attacker to manipulate the ID argument in the editroomimage.php file of the SourceCodester Hotel Reservation System 1.0, leading to a SQL injection attack that can be initiated remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt the system's functionality, or even take control of the entire database.

Steps to mitigate:

  • Update the SourceCodester Hotel Reservation System to a patched version
  • [Implement input validation and sanitization for the ID argument in the editroomimage.php file]
  • [Use prepared statements or parameterized queries to prevent SQL injection]
  • [Limit access to the editroomimage.php file and the database to authorized personnel only
  • [Monitor system logs for suspicious activity and signs of SQL injection attacks].
CVE-2025-10620 6.3
Published: 2025-09-17T22:15:35.810

What it does:

The CVE-2025-10620 vulnerability allows an attacker to inject malicious SQL code into the Online Clinic Management System 1.0 by manipulating certain arguments, such as id, firstname, lastname, type, age, and address, in the /editp2.php file, which can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the clinic's database, potentially leading to data breaches, unauthorized access, or disruption of healthcare services.

Steps to mitigate:

  • Update the Online Clinic Management System to a patched version
  • [Apply input validation and sanitization to prevent malicious SQL code injection
  • [Implement a Web Application Firewall (WAF) to detect and block suspicious traffic
  • [Limit remote access to the /editp2.php file and restrict user privileges
  • [Perform regular security audits and penetration testing to identify and address vulnerabilities].
CVE-2025-8006 0
Published: 2025-09-17T21:15:42.887

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of XE files, which can occur when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all by manipulating the target into performing a simple action like opening a file.

Steps to mitigate:

  • Avoid opening unfamiliar or suspicious XE files]
  • [Ensure Ashlar-Vellum Cobalt software is updated to the latest version, if available]
  • [Use caution when visiting web pages that may host malicious content]
  • [Consider implementing a security solution that includes remote code execution protection and file parsing validation.
CVE-2025-8005 0
Published: 2025-09-17T21:15:42.750

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a type confusion condition in the parsing of XE files, which occurs when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by simply tricking the user into interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening unknown or suspicious XE files
  • [Verify the authenticity of web pages before interacting with them]
  • Keep Ashlar-Vellum Cobalt software up to date with the latest security patches
  • Use antivirus software to scan for malicious files and activity
  • Be cautious when clicking on links or visiting unfamiliar websites.
CVE-2025-8004 0
Published: 2025-09-17T21:15:42.610

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of XE files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking a user into opening a malicious file or visiting a malicious webpage.

Steps to mitigate:

  • Avoid opening unknown or suspicious XE files
  • [Update Ashlar-Vellum Cobalt to the latest version, if available]
  • Use caution when visiting web pages that may contain malicious content
  • Use antivirus software and a firewall to detect and block malicious activity
  • Avoid using outdated or unsupported versions of Ashlar-Vellum Cobalt.
CVE-2025-8003 0
Published: 2025-09-17T21:15:42.473

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because the software fails to properly validate user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious CO files or links from untrusted sources
  • Ensure Ashlar-Vellum Cobalt software is updated to the latest version, if available
  • Use security software that includes exploit protection to detect and block potential attacks
  • Limit user privileges to minimize the impact of a potential exploit.
CVE-2025-8002 0
Published: 2025-09-17T21:15:42.333

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a type confusion condition in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because the software fails to properly validate user-supplied data.

Steps to mitigate:

  • Avoid opening unfamiliar CO files]
  • [Refrain from visiting untrusted websites]
  • [Keep Ashlar-Vellum Cobalt software up to date with the latest security patches]
  • [Use antivirus software to scan for malicious files and activity]
CVE-2025-8001 0
Published: 2025-09-17T21:15:42.193

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a memory corruption condition that occurs when parsing CO files, potentially due to visiting a malicious page or opening a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, which can lead to unauthorized access, data theft, or other harmful activities, all by manipulating the parsing of CO files due to a lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening unfamiliar CO files
  • [Verify the authenticity of CO files before opening them]
  • [Keep Ashlar-Vellum Cobalt software up to date with the latest security patches]
  • [Use security software to scan for and block malicious files and pages]
  • Be cautious when visiting unknown websites or clicking on links from untrusted sources.
CVE-2025-8000 0
Published: 2025-09-17T21:15:42.047

What it does:

This vulnerability allows an attacker to execute arbitrary code on a computer by exploiting a flaw in how Ashlar-Vellum Cobalt handles certain file types (LI files), specifically due to a lack of validation of user-supplied data which leads to a type confusion condition.

Why it's a problem:

This is a problem because it enables remote attackers to take control of affected systems, potentially leading to data breaches, malware installation, or other malicious activities, all of which can be initiated simply by tricking a user into visiting a malicious webpage or opening a malicious file.

Steps to mitigate:

  • Update Ashlar-Vellum Cobalt to the latest version
  • [Avoid opening suspicious files or links from untrusted sources]
  • Use security software that includes exploit protection
  • [Consider implementing a policy of only using trusted and verified sources for downloading files].
CVE-2025-7999 0
Published: 2025-09-17T21:15:41.900

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected Ashlar-Vellum Cobalt installations by exploiting a type confusion condition in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all because of a lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious AR files or links]
  • [Ensure Ashlar-Vellum Cobalt software is updated to the latest version]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user interaction with untrusted sources to prevent exploitation.
CVE-2025-7998 0
Published: 2025-09-17T21:15:41.763

What it does:

The CVE-2025-7998 vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a flaw in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on the affected system, potentially leading to unauthorized access, data theft, or other harmful activities, all due to the lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening unfamiliar CO files
  • [Verify the source of CO files before opening them]
  • [Keep Ashlar-Vellum Cobalt software up to date with the latest security patches]
  • [Use security software to scan for and block malicious files and pages]
CVE-2025-7997 0
Published: 2025-09-17T21:15:41.610

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of XE files, which can occur when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all of which can compromise the security and integrity of the system.

Steps to mitigate:

  • Avoid opening suspicious files or links from untrusted sources
  • Keep Ashlar-Vellum Cobalt software up to date with the latest security patches
  • Use anti-virus software and a firewall to detect and block malicious activity
  • Be cautious when visiting websites and refrain from clicking on links from unknown origins.
CVE-2025-7996 0
Published: 2025-09-17T21:15:41.443

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a flaw in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because of a lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious AR files or links]
  • [Ensure Ashlar-Vellum Cobalt software is updated to the latest version]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user interaction with untrusted sources to prevent exploitation.
CVE-2025-7995 0
Published: 2025-09-17T21:15:41.300

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a type confusion condition in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by simply tricking a user into interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening suspicious CO files from untrusted sources
  • Be cautious when visiting unfamiliar web pages
  • Keep Ashlar-Vellum Cobalt software up to date with the latest security patches
  • Use antivirus software to scan for potential malware
  • Use a firewall to block unauthorized access to the system.
CVE-2025-7994 0
Published: 2025-09-17T21:15:41.160

What it does:

This vulnerability allows attackers to execute arbitrary code on systems running Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of AR files, which can be triggered by visiting a malicious page or opening a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to gain control over affected systems, potentially leading to unauthorized access, data theft, or other malicious activities, all by manipulating the lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious AR files or links]
  • [Update Ashlar-Vellum Cobalt to the latest version if a patch is available]
  • [Use security software that includes exploit protection to detect and block potential attacks]
  • [Limit user interaction with untrusted sources to minimize the risk of exploitation.
CVE-2025-7993 0
Published: 2025-09-17T21:15:41.007

What it does:

This vulnerability, found in Ashlar-Vellum Cobalt, allows a remote attacker to execute arbitrary code on affected systems by exploiting a flaw in the parsing of LI files, specifically due to the lack of validation of an object's existence before performing operations on it.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can be initiated simply by visiting a malicious webpage or opening a malicious file.

Steps to mitigate:

  • Avoid opening suspicious files or links]
  • [Ensure Ashlar-Vellum Cobalt software is updated to the latest version]
  • [Use security software that includes exploit protection to block potential attacks]
  • [Limit user privileges to minimize the impact of a potential exploit.
CVE-2025-7992 0
Published: 2025-09-17T21:15:40.867

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all by exploiting a lack of proper validation of user-supplied data in the AR file parsing process.

Steps to mitigate:

  • Avoid opening suspicious AR files or links]
  • [Update Ashlar-Vellum Cobalt to the latest version if a patch is available]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user interaction with untrusted sources to prevent exploitation.
CVE-2025-7991 0
Published: 2025-09-17T21:15:40.723

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking the user into interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening untrusted VC6 files
  • Be cautious when visiting unknown websites
  • Update Ashlar-Vellum Cobalt to the latest version when a patch is available
  • Use security software to scan for and block malicious files and websites.
CVE-2025-7990 0
Published: 2025-09-17T21:15:40.580

What it does:

This vulnerability allows attackers to execute arbitrary code on affected Ashlar-Vellum Cobalt installations by exploiting an out-of-bounds write issue in the parsing of VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to run malicious code on the affected system, potentially leading to unauthorized access, data theft, or other harmful activities, all of which can be initiated simply by a user interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening unknown or suspicious VC6 files
  • [Update Ashlar-Vellum Cobalt to the latest version, if available]
  • Use caution when visiting web pages that may contain malicious content
  • Implement security measures to restrict the execution of arbitrary code on the system.
CVE-2025-7989 0
Published: 2025-09-17T21:15:40.433

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of AR files, which can occur when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by manipulating the user into interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening unknown or suspicious AR files]
  • [Refrain from visiting untrusted websites or links]
  • [Keep Ashlar-Vellum Cobalt software up-to-date with the latest security patches]
  • [Use security software to scan for and block malicious files and websites.
CVE-2025-7988 0
Published: 2025-09-17T21:15:40.293

What it does:

The CVE-2025-7988 vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue in the parsing of VC6 files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because of a lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious files or links
  • [Update Ashlar-Vellum Graphite to the latest version if available]
  • [Use security software to scan for and block malicious files and pages]
  • Be cautious when visiting untrusted websites or opening emails from unknown sources.
CVE-2025-7987 0
Published: 2025-09-17T21:15:40.113

What it does:

This vulnerability allows attackers to execute arbitrary code on systems running Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue when parsing VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to gain control over affected systems, potentially leading to data theft, malware installation, or other malicious activities, all of which can compromise the security and integrity of the system.

Steps to mitigate:

  • Avoid opening suspicious files or links]
  • [Ensure Ashlar-Vellum Graphite software is updated to the latest version]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user interaction with untrusted sources to prevent exploitation.
CVE-2025-7986 0
Published: 2025-09-17T21:15:39.930

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue in the parsing of VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by manipulating the user into interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening unknown or suspicious VC6 files]
  • [Ensure Ashlar-Vellum Graphite software is updated to the latest version]
  • [Use caution when visiting unknown websites or links to prevent exploitation]
  • [Consider implementing additional security measures such as antivirus software and a firewall to detect and block malicious activity.
CVE-2025-7985 0
Published: 2025-09-17T21:15:39.787

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an integer overflow in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by simply tricking the user into opening a malicious file or visiting a malicious website.

Steps to mitigate:

  • Avoid opening unfamiliar VC6 files]
  • [Use alternative software that is not affected by this vulnerability]
  • [Keep Ashlar-Vellum Cobalt software up-to-date with the latest security patches]
  • [Be cautious when visiting websites and avoid those that may be malicious or untrusted.
CVE-2025-7984 0
Published: 2025-09-17T21:15:39.650

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an uninitialized variable in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can be initiated simply by a user interacting with a crafted file or webpage.

Steps to mitigate:

  • Avoid opening suspicious AR files or links from untrusted sources
  • Keep Ashlar-Vellum Cobalt software up to date with the latest patches
  • Use security software that includes exploit protection to detect and block potential attacks
  • Limit user privileges to minimize the impact of a potential exploit.
CVE-2025-7983 0
Published: 2025-09-17T21:15:39.513

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting a heap-based buffer overflow in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because the software fails to properly validate user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious files or links]
  • [Update Ashlar-Vellum Graphite to the latest version]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user privileges to minimize potential damage from exploited vulnerabilities.
CVE-2025-7982 0
Published: 2025-09-17T21:15:39.370

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an integer overflow in the parsing of LI files, which can occur when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all due to the lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious files or links]
  • [Ensure Ashlar-Vellum Cobalt software is updated to the latest version]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user privileges to reduce the impact of potential code execution.
CVE-2025-7981 0
Published: 2025-09-17T21:15:39.227

What it does:

This vulnerability allows attackers to execute arbitrary code on computers running Ashlar-Vellum Graphite by exploiting an uninitialized variable when parsing VC6 files, which can happen if a user visits a malicious webpage or opens a malicious file.

Why it's a problem:

This is a problem because it enables remote attackers to run malicious code on affected systems, potentially leading to data theft, system compromise, or other harmful activities, all of which can be initiated simply by a user interacting with malicious content.

Steps to mitigate:

  • Avoid opening suspicious files or links]
  • [Ensure Ashlar-Vellum Graphite software is updated to the latest version]
  • [Use security software that includes exploit protection to block potential attacks]
  • [Limit user privileges to reduce the impact of a potential exploit.
CVE-2025-7980 0
Published: 2025-09-17T21:15:39.077

What it does:

This vulnerability allows a remote attacker to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all due to the lack of proper validation of user-supplied data.

Steps to mitigate:

  • Avoid opening suspicious files or links]
  • [Ensure Ashlar-Vellum Graphite software is updated to the latest version]
  • [Use security software to scan for and block malicious files and pages]
  • [Limit user privileges to minimize potential damage from exploited vulnerabilities.
CVE-2025-7979 0
Published: 2025-09-17T21:15:38.950

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting a stack-based buffer overflow in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by tricking the user into interacting with a malicious file or webpage.

Steps to mitigate:

  • Avoid opening unfamiliar or suspicious VC6 files]
  • [Refrain from visiting untrusted websites or links]
  • [Keep Ashlar-Vellum Graphite software up to date with the latest security patches]
  • [Use security software to scan for and block malicious files and websites.
CVE-2025-7978 0
Published: 2025-09-17T21:15:38.800

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an uninitialized variable in the parsing of VC6 files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all without the need for administrative privileges, but rather through user interaction such as opening a malicious file.

Steps to mitigate:

  • Avoid opening unknown or suspicious VC6 files]
  • [Ensure Ashlar-Vellum Graphite software is updated to the latest version, if available]
  • [Use caution when visiting websites or clicking links from untrusted sources]
  • [Consider implementing additional security measures such as anti-virus software and a firewall to detect and block malicious activity.
CVE-2025-7977 0
Published: 2025-09-17T21:15:38.650

What it does:

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of LI files, which can be triggered when a user visits a malicious page or opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by manipulating the user into performing a simple action like opening a file.

Steps to mitigate:

  • Avoid opening unfamiliar LI files from untrusted sources
  • Ensure Ashlar-Vellum Cobalt software is updated to the latest version as soon as a patch is available
  • Use caution when visiting web pages that may trigger the vulnerability, and consider using a web application firewall or other security tools to detect and block malicious activity.
CVE-2025-59415 4.6
Published: 2025-09-17T21:15:38.357

What it does:

The CVE-2025-59415 vulnerability in Frappe Learning versions 2.34.1 and below allows malicious users to upload SVG files to a profile bio that can execute arbitrary scripts, potentially affecting other users.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run unauthorized scripts in the context of other users, which could lead to data theft, session hijacking, or other malicious activities, compromising the security and privacy of users on the platform.

Steps to mitigate:

  • Update Frappe Learning to a version above 2.34.1
  • Sanitize and validate all user-uploaded content, especially SVG files
  • Implement a Web Application Firewall (WAF) to detect and block malicious script executions
  • Limit user privileges to minimize the impact of potential script executions
  • Regularly monitor user activity and profile updates for suspicious behavior.
CVE-2025-10644 0
Published: 2025-09-17T21:15:37.807

What it does:

This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit, enabling them to execute arbitrary code on customers' endpoints without requiring any authentication.

Why it's a problem:

This vulnerability is a problem because it allows unauthorized access to Wondershare Repairit, potentially leading to supply-chain attacks and the execution of malicious code on users' devices, which can result in data theft, system compromise, and other security breaches.

Steps to mitigate:

  • Update Wondershare Repairit to the latest version
  • [Apply security patches released by the vendor]
  • Implement additional authentication measures to prevent unauthorized access
  • [Monitor system logs for suspicious activity]
  • Contact Wondershare support for guidance on securing Repairit installations.
CVE-2025-10643 0
Published: 2025-09-17T21:15:37.653

What it does:

The CVE-2025-10643 vulnerability allows remote attackers to bypass authentication on Wondershare Repairit installations due to incorrect permission assignment, enabling unauthorized access without requiring any authentication.

Why it's a problem:

This vulnerability is a problem because it allows unauthorized users to gain access to the system, potentially leading to data breaches, tampering, or other malicious activities, all without needing to provide any credentials.

Steps to mitigate:

  • Update Wondershare Repairit to the latest version
  • [check and adjust permission settings for storage account tokens to ensure proper access control]
  • implement additional authentication measures to prevent unauthorized access
  • monitor system activity for suspicious behavior and sign of exploitation.
CVE-2025-10619 6.3
Published: 2025-09-17T21:15:37.463

What it does:

The CVE-2025-10619 vulnerability allows an attacker to inject OS commands into the sequa-ai sequa-mcp OAuth Server Discovery component, which can be exploited remotely, potentially giving an attacker control over the affected system.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to execute arbitrary commands on the vulnerable system, which could lead to data breaches, system compromise, or other malicious activities, especially if the attacker can manipulate the OAuth server discovery process.

Steps to mitigate:

  • Upgrade sequa-mcp to version 1.0.14 or later
  • Apply the patch e569815854166db5f71c2e722408f8957fb9e804
  • Validate that only trusted URLs are used with the OAuth server discovery component to prevent potential attacks.
CVE-2025-10618 6.3
Published: 2025-09-17T21:15:37.273

What it does:

The CVE-2025-10618 vulnerability allows an attacker to inject malicious SQL code into the itsourcecode Online Clinic Management System 1.0 by manipulating the "firstname" argument in the transact.php file, potentially leading to unauthorized access to sensitive data.

Why it's a problem:

This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, tampering, and other malicious activities.

Steps to mitigate:

  • Update the itsourcecode Online Clinic Management System to a patched version
  • [Implement input validation and sanitization for user-provided data]
  • [Use prepared statements to prevent SQL injection]
  • [Limit remote access to the system
  • [Monitor system logs for suspicious activity]
CVE-2025-10617 6.3
Published: 2025-09-17T21:15:37.087

What it does:

The CVE-2025-10617 vulnerability allows an attacker to manipulate the ID argument in the /admin/positions.php file of the SourceCodester Online Polling System 1.0, leading to a SQL injection attack that can be initiated remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt system functionality, or gain unauthorized access to the system.

Steps to mitigate:

  • Update the SourceCodester Online Polling System to a patched version
  • [Implement input validation and sanitization for the ID argument in the /admin/positions.php file]
  • [Use a Web Application Firewall (WAF) to detect and prevent SQL injection attacks
  • [Limit remote access to the /admin/positions.php file and restrict user privileges]
  • Regularly monitor system logs for suspicious activity and signs of potential exploitation.
CVE-2025-10616 6.3
Published: 2025-09-17T21:15:36.027

What it does:

This vulnerability allows an attacker to upload files to the itsourcecode E-Commerce Website without any restrictions, which can be done remotely by exploiting a security flaw in the /admin/users.php file.

Why it's a problem:

This is a problem because unrestricted file uploads can lead to the execution of malicious code, potentially allowing attackers to gain control of the website, steal sensitive data, or disrupt its operation, which can have serious consequences for the website's security and reputation.

Steps to mitigate:

  • Update the itsourcecode E-Commerce Website to a patched version if available
  • Implement file upload validation and sanitization to restrict uploaded file types
  • Limit access to the /admin/users.php file to authorized personnel only
  • Monitor the website for suspicious activity and signs of exploitation.
CVE-2025-59410 0
Published: 2025-09-17T20:15:38.293

What it does:

The Dragonfly file distribution system has a vulnerability where it uses the HTTP protocol instead of HTTPS when downloading small files, allowing an attacker to intercept and alter the data being downloaded.

Why it's a problem:

This vulnerability is a problem because it enables attackers to perform Man-in-the-Middle attacks, potentially replacing the intended file with malicious data, which could compromise the security and integrity of the system.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Use a secure network connection to prevent interception
  • Implement additional security measures, such as encryption and authentication, to protect data in transit.
CVE-2025-59354 0
Published: 2025-09-17T20:15:38.120

What it does:

The Dragonfly system, prior to version 2.1.0, uses weak hash functions like MD5 to verify the integrity of downloaded files, allowing attackers to potentially replace files with malicious ones that have the same hash value.

Why it's a problem:

This vulnerability is a problem because it enables attackers to substitute legitimate files with malicious ones without being detected, which could lead to the execution of harmful code, compromise of sensitive data, or disruption of service.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Verify the integrity of downloaded files using stronger hash functions
  • Monitor systems for suspicious activity and behavior
  • Regularly review and update security protocols to prevent exploitation of similar vulnerabilities.
CVE-2025-59353 0
Published: 2025-09-17T20:15:37.947

What it does:

The Dragonfly system has a vulnerability that allows a peer to obtain a valid TLS certificate for any IP address, bypassing the mutual TLS (mTLS) authentication.

Why it's a problem:

This vulnerability renders the mTLS authentication useless, allowing unauthorized access and potentially leading to malicious activities, as peers can impersonate legitimate IP addresses.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Verify the authenticity of TLS certificates
  • Implement additional authentication measures to supplement mTLS authentication.
CVE-2025-59352 0
Published: 2025-09-17T20:15:37.757

What it does:

The Dragonfly file distribution system has a vulnerability that allows malicious peers to send requests that force other peers to create files in any location on their file system and read arbitrary files, potentially leading to remote code execution (RCE) and data theft.

Why it's a problem:

This vulnerability is a problem because it allows attackers to steal sensitive data from other peers and gain control over their machines, potentially leading to further malicious activities.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Ensure that only trusted peers are allowed to connect to the system
  • Implement additional security measures, such as network segmentation and access controls, to prevent unauthorized access to sensitive data and systems.
CVE-2025-59351 0.0
Published: 2025-09-17T20:15:37.587

What it does:

The Dragonfly file distribution and image acceleration system has a vulnerability where it incorrectly handles the return value of a function, potentially leading to a nil dereference and causing the code to panic.

Why it's a problem:

This vulnerability is a problem because it can cause the system to crash or become unstable, leading to disruptions in file distribution and image acceleration services, which can impact the availability and reliability of the system.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Verify that all instances of Dragonfly have been updated to the patched version
  • Monitor system stability and performance after updating to ensure the vulnerability has been successfully mitigated.
CVE-2025-59350 0
Published: 2025-09-17T20:15:37.373

What it does:

The Dragonfly file distribution system has a vulnerability in its access control mechanism for the Proxy feature, which uses simple string comparisons and is susceptible to timing attacks, allowing an attacker to guess passwords character by character by measuring the time it takes for the system to compare the input.

Why it's a problem:

This vulnerability is a problem because it enables attackers to crack passwords more easily, potentially gaining unauthorized access to sensitive data and systems, which could lead to data breaches, unauthorized file distribution, and other security issues.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • [Verify that the Proxy feature's access control mechanism is properly configured and secured]
  • Monitor system logs for suspicious activity related to password guessing or timing attacks
  • Consider implementing additional security measures, such as rate limiting or IP blocking, to prevent brute-force attacks.
CVE-2025-59349 0
Published: 2025-09-17T20:15:37.203

What it does:

The Dragonfly system, specifically versions prior to 2.1.0, has a vulnerability where an attacker can create a directory with broad permissions that Dragonfly will later use, potentially allowing the attacker to modify files.

Why it's a problem:

This vulnerability is a problem because it allows a local attacker to tamper with files that are meant to be used by the Dragonfly system, which could lead to unauthorized access or modification of sensitive data.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Ensure that directory permissions are regularly audited and restricted to necessary users
  • Monitor system logs for suspicious directory creation or file modification activities
CVE-2025-59348 0.0
Published: 2025-09-17T20:15:37.040

What it does:

The Dragonfly file distribution system has a vulnerability where the usedTraffic field is not updated correctly when a task is processed by a peer, due to an uninitialized variable being used instead of the actual result size, leading to incorrect rate limiting.

Why it's a problem:

This vulnerability can cause a denial-of-service condition for the peer, allowing an attacker to potentially overwhelm the system and disrupt its functionality.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Monitor peer traffic for signs of denial-of-service conditions
  • Implement additional rate limiting measures to prevent abuse until the update can be applied
CVE-2025-59347 0.0
Published: 2025-09-17T20:15:36.860

What it does:

The Dragonfly system, prior to version 2.1.0, has a vulnerability where its Manager component disables TLS certificate verification in HTTP clients, allowing an attacker to intercept and alter data through a Man-in-the-Middle attack, potentially causing the system to preheat with incorrect data.

Why it's a problem:

This vulnerability is a problem because it enables an attacker to compromise the integrity of the data being distributed and accelerated by the Dragonfly system, leading to denial of service and file integrity issues, which can have significant consequences for the reliability and security of the system.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • [Verify the integrity of data being distributed and accelerated by the system]
  • [Implement additional network security measures to prevent Man-in-the-Middle attacks
  • [Monitor system logs for signs of potential attacks or data corruption]
CVE-2025-59346 0
Published: 2025-09-17T20:15:36.683

What it does:

The CVE-2025-59346 vulnerability allows users to trick the Dragonfly system into making requests to internal services that are not normally accessible, by exploiting a server-side request forgery (SSRF) flaw in the Manager API. This can be done by creating a Preheat job with a specially crafted URL, which can then be used to redirect internal HTTP clients to access or probe internal HTTP endpoints.

Why it's a problem:

This vulnerability is a problem because it enables unauthorized access to internal services and endpoints, which could lead to sensitive information disclosure, disruption of internal services, or potentially even more severe security breaches. It allows attackers to bypass normal access controls and potentially gain insight into or control over internal systems.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Validate and sanitize all user-supplied URLs in the Manager API
  • Implement additional security controls to restrict access to internal services and endpoints.
CVE-2025-59340 9.8
Published: 2025-09-17T20:15:36.430

What it does:

The CVE-2025-59340 vulnerability in the jinjava template engine allows an attacker to deserialize arbitrary classes, potentially creating instances of sensitive classes like java.net.URL, which can be used to access local files and URLs, and potentially lead to remote code execution (RCE) if further exploited.

Why it's a problem:

This vulnerability is a problem because it enables an attacker to escape the sandbox and access sensitive information, potentially leading to unauthorized file access, data breaches, and even remote code execution, which could allow an attacker to take control of the affected system.

Steps to mitigate:

  • Update jinjava to version 2.8.1 or later
  • Restrict input to the template engine to prevent attacker-controlled deserialization
  • Monitor systems for suspicious activity, particularly related to file and URL access
  • Implement additional security measures to prevent remote code execution, such as network segmentation and access controls.
CVE-2025-37122 6.1
Published: 2025-09-17T20:15:36.063

What it does:

This vulnerability allows an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack through the web-based management interface of network access control services, potentially executing arbitrary JavaScript code in a victim's browser.

Why it's a problem:

This vulnerability is a problem because it enables attackers to execute malicious code in the context of the affected interface, potentially leading to unauthorized access, data theft, or other malicious activities, all without needing to authenticate themselves.

Steps to mitigate:

  • Update the network access control services to the latest version
  • [Apply patches provided by the vendor]
  • Implement web application firewall (WAF) rules to detect and prevent XSS attacks
  • Limit access to the management interface to trusted IPs or networks
  • Use a reputable security scanner to regularly scan for vulnerabilities.
CVE-2025-10615 6.3
Published: 2025-09-17T20:15:35.850

What it does:

This vulnerability allows an attacker to upload files to the itsourcecode E-Commerce Website without any restrictions, which can be done remotely by exploiting a weakness in the /admin/products.php file.

Why it's a problem:

This is a problem because it enables attackers to upload malicious files, such as backdoors, viruses, or other types of malware, which can lead to unauthorized access, data breaches, or disruption of the website's functionality, ultimately compromising the security and integrity of the e-commerce platform.

Steps to mitigate:

  • Update the itsourcecode E-Commerce Website to the latest version
  • [Implement proper file upload validation and sanitization in the /admin/products.php file]
  • [Restrict access to the /admin/products.php file to authorized personnel only]
  • [Monitor the website for suspicious activity and regularly scan for malware]
  • Apply a web application firewall (WAF) to detect and prevent exploit attempts.
CVE-2025-10614 4.3
Published: 2025-09-17T20:15:35.633

What it does:

The CVE-2025-10614 vulnerability allows an attacker to manipulate the "profile_id" argument in the /print_reports_prev.php file of the E-Logbook with Health Monitoring System for COVID-19, leading to a cross-site scripting (XSS) attack, which can be launched remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious code into the system, potentially allowing them to steal user data, take control of user sessions, or perform other unauthorized actions, which can compromise the security and integrity of the system and its users.

Steps to mitigate:

  • Update the E-Logbook with Health Monitoring System for COVID-19 to the latest version
  • [patch the /print_reports_prev.php file to validate and sanitize user input]
  • [implement web application firewall (WAF) rules to detect and prevent XSS attacks]
  • [conduct regular security audits and vulnerability scans to identify and address similar issues
  • .
CVE-2025-59416 0
Published: 2025-09-17T19:15:47.603

What it does:

The Scratch Channel vulnerability allows a user to exploit the API by making a fork, which enables them to change administrators and create new articles, potentially leading to unauthorized content publication.

Why it's a problem:

This vulnerability is a problem because it allows malicious users to gain administrative privileges and publish fake or harmful articles, compromising the integrity and trustworthiness of the news website.

Steps to mitigate:

  • Update to version v1.2 or later
  • [Verify user permissions before allowing administrative changes]
  • [Implement additional security measures to validate API requests]
  • [Monitor website activity for suspicious behavior]
CVE-2025-59414 3.1
Published: 2025-09-17T19:15:47.437

What it does:

This vulnerability allows attackers to manipulate client-side requests to different endpoints within the same application domain in Nuxt, a web development framework for Vue.js, by exploiting a client-side path traversal vulnerability in the Island payload revival mechanism.

Why it's a problem:

This vulnerability is a problem because it enables attackers to potentially access sensitive data or perform unauthorized actions within the application by tricking the client into fetching malicious endpoints, which could lead to security breaches or data theft.

Steps to mitigate:

  • Update to Nuxt 3.19.0 or later
  • Update to Nuxt 4.1.0 or later
  • Avoid using user-controlled data in API endpoints that return serialized __nuxt_island objects until the update is applied.
CVE-2025-59345 0
Published: 2025-09-17T19:15:47.277

What it does:

The CVE-2025-59345 vulnerability allows unauthorized access to the Dragonfly Manager web UI, specifically the /api/v1/jobs and /preheats endpoints, enabling anyone with network access to create, delete, and modify jobs without authentication, including creating useless jobs that can overwhelm the system.

Why it's a problem:

This vulnerability is a problem because it can lead to a denial-of-service (DoS) state, where the Manager stops accepting requests from legitimate administrators, effectively shutting down the system and preventing authorized users from performing their tasks.

Steps to mitigate:

  • Update Dragonfly to version 2.1.0 or later
  • Restrict network access to the Manager web UI to only trusted users and systems
  • Monitor the system for suspicious activity and job creations to quickly identify and respond to potential attacks.
CVE-2025-56648 0
Published: 2025-09-17T19:15:46.963

What it does:

The CVE-2025-56648 vulnerability in npm parcel 2.0.0-alpha and earlier versions allows malicious websites to send requests to a development server and read the responses, potentially stealing source code when a developer visits the malicious site.

Why it's a problem:

This vulnerability is a problem because it can lead to the unauthorized disclosure of sensitive source code, which could be used for malicious purposes, such as exploiting other vulnerabilities or stealing intellectual property.

Steps to mitigate:

  • Update npm parcel to a version later than 2.0.0-alpha
  • Use a web application firewall to filter incoming requests to the development server
  • Implement strict origin validation to prevent unauthorized requests
  • Limit access to the development server to trusted IP addresses or networks
  • Avoid visiting untrusted websites while developing applications with npm parcel.
CVE-2025-10613 6.3
Published: 2025-09-17T19:15:46.753

What it does:

This vulnerability allows an attacker to manipulate the "level_id" argument in the /leveledit1.php file of the itsourcecode Student Information System 1.0, leading to a SQL injection attack that can be performed remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or delete sensitive student information, disrupt system operations, or gain unauthorized access to the system.

Steps to mitigate:

  • Update the itsourcecode Student Information System to a patched version
  • [validate and sanitize user input to prevent SQL injection]
  • [implement a Web Application Firewall (WAF) to detect and prevent SQL injection attacks]
  • [limit remote access to the system and restrict privileges to authorized personnel only
  • [perform regular security audits and penetration testing to identify and address vulnerabilities].
CVE-2025-10608 6.3
Published: 2025-09-17T19:15:46.110

What it does:

The CVE-2025-10608 vulnerability allows an attacker to exploit an unknown function in the /enrollment-history/ file of Portabilis i-Educar versions up to 2.10, resulting in improper access controls and potentially allowing remote access to sensitive information.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to bypass normal security controls, potentially leading to unauthorized access to sensitive data, disruption of services, or other malicious activities, which could compromise the confidentiality, integrity, and availability of the affected system.

Steps to mitigate:

  • Update Portabilis i-Educar to a version later than 2.10
  • Implement additional access controls and monitoring for the /enrollment-history/ file
  • Limit remote access to the affected system until a patch can be applied
  • Regularly review and update security protocols to prevent similar vulnerabilities.
CVE-2025-59342 0
Published: 2025-09-17T18:15:53.550

What it does:

The CVE-2025-59342 vulnerability allows an attacker to exploit a path-traversal flaw in the esm.sh content delivery network (CDN) by manipulating the X-Zone-Id HTTP header, causing the application to write files to arbitrary directories outside of its intended storage location.

Why it's a problem:

This vulnerability is a problem because it enables attackers to potentially overwrite or create malicious files in sensitive areas of the system, leading to unauthorized access, data corruption, or execution of malicious code, which can compromise the security and integrity of the application and its data.

Steps to mitigate:

  • Update esm.sh to a version later than 136
  • [Restrict access to the X-Zone-Id HTTP header to trusted sources]
  • Implement proper canonicalization and validation of the X-Zone-Id header value to prevent directory traversal attacks
  • Monitor system logs for suspicious activity related to file writes and directory access.
CVE-2025-59341 0
Published: 2025-09-17T18:15:53.393

What it does:

The CVE-2025-59341 vulnerability allows an attacker to exploit a Local File Inclusion (LFI) issue in the esm.sh content delivery network, enabling them to access and retrieve files from the host filesystem or other unintended sources by crafting a malicious request.

Why it's a problem:

This vulnerability is a problem because it could lead to unauthorized access to sensitive files and data on the server, potentially exposing confidential information, disrupting service, or allowing further malicious activities.

Steps to mitigate:

  • Update esm.sh to a version later than 136
  • Implement proper input validation and sanitization for service URL handling
  • Restrict access to sensitive files and directories on the server
  • Monitor server logs for suspicious activity and potential exploitation attempts.
CVE-2025-59339 4.4
Published: 2025-09-17T18:15:53.230

What it does:

The Bastion's osh-encrypt-rsync script, which is used to handle session-recording files, fails to digitally sign these files even when configured to do so, although it correctly rotates and encrypts them.

Why it's a problem:

This vulnerability is a problem because the lack of digital signatures on these sensitive files means their integrity and authenticity cannot be guaranteed, potentially allowing tampering or alteration without detection, which compromises the security and trustworthiness of the recorded SSH sessions.

Steps to mitigate:

  • Verify the integrity of existing session-recording files manually]
  • [Update the osh-encrypt-rsync script to correctly implement digital signing]
  • [Regularly monitor script execution logs for signs of failure or unexpected behavior]
  • [Consider alternative secure methods for handling and verifying session-recording files.
CVE-2025-58767 0
Published: 2025-09-17T18:15:52.857

What it does:

The REXML gem in Ruby has a vulnerability that can cause a Denial of Service (DoS) when it parses XML files containing multiple XML declarations, affecting versions 3.3.3 to 3.4.1.

Why it's a problem:

This vulnerability is a problem because it can be exploited to disrupt the service of applications that rely on REXML to parse XML files, especially if they need to process untrusted XML inputs, leading to potential downtime and loss of functionality.

Steps to mitigate:

  • Update REXML gem to version 3.4.2 or later
  • Avoid parsing untrusted XML files if possible
  • Implement additional security measures to detect and prevent potential DoS attacks.
CVE-2025-58766 9.0
Published: 2025-09-17T18:15:52.687

What it does:

This vulnerability allows attackers to execute arbitrary code on users' systems by exploiting a flaw in the preview window functionality of Dyad, a local AI app builder, affecting versions v0.19.0 and earlier, enabling them to bypass Docker container protections and gain control of the system.

Why it's a problem:

This is a significant issue because it enables attackers to gain unauthorized control over a user's system, potentially leading to data theft, malware installation, or other malicious activities, posing a substantial risk due to its high severity score of 9.0.

Steps to mitigate:

  • Update Dyad to version 0.20.0 or later
  • [Avoid using the preview window functionality in affected versions]
  • Use alternative app builders until the update is applied
  • Regularly monitor systems for suspicious activity to detect potential exploitation.
CVE-2025-58432 0
Published: 2025-09-17T18:15:52.533

What it does:

The ZimaOS operating system has a vulnerability that allows any user with access to localhost to upload files to the system using the /v2_1/files/file/uploadV2 endpoint, and these file uploads are performed with root privileges.

Why it's a problem:

This vulnerability is a problem because it allows unauthorized users to upload malicious files to the system with elevated privileges, potentially leading to a takeover of the system, data theft, or other malicious activities.

Steps to mitigate:

  • Update ZimaOS to a version later than 1.4.1
  • [Restrict access to the /v2_1/files/file/uploadV2 endpoint to authorized users only]
  • [Implement additional security measures such as authentication and authorization for file uploads]
  • [Monitor system logs for suspicious file upload activity]
CVE-2025-58431 0
Published: 2025-09-17T18:15:52.363

What it does:

The CVE-2025-58431 vulnerability in ZimaOS versions 1.4.1 and earlier allows any user with access to localhost to read files from the /v2_1/files/file/download endpoint, and these file reads are performed with root privileges.

Why it's a problem:

This vulnerability is a problem because it grants unauthorized access to sensitive files, potentially exposing confidential data, as any user who can access the localhost can read files without restrictions, using the elevated privileges of the root user.

Steps to mitigate:

  • Update ZimaOS to a version later than 1.4.1/
  • Restrict access to localhost to only trusted users and services/
  • Implement additional access controls and authentication mechanisms for the /v2_1/files/file/download endpoint/
  • Monitor file access and system logs for suspicious activity
CVE-2025-10607 4.3
Published: 2025-09-17T18:15:42.983

What it does:

The CVE-2025-10607 vulnerability allows an attacker to disclose sensitive information in Portabilis i-Educar versions up to 2.10 by manipulating an unknown function in the /module/Avaliacao/diarioApi file, which can be executed remotely.

Why it's a problem:

This vulnerability is a problem because it enables unauthorized access to sensitive information, potentially compromising the confidentiality and security of the affected system, and the fact that the exploit has been publicly disclosed increases the likelihood of it being used by malicious actors.

Steps to mitigate:

  • Update Portabilis i-Educar to a version later than 2.10
  • Implement remote access restrictions to limit potential attack vectors
  • Monitor system logs for suspicious activity related to the /module/Avaliacao/diarioApi file
  • Apply additional security measures such as firewalls and intrusion detection systems to detect and prevent remote exploitation.
CVE-2025-10606 4.3
Published: 2025-09-17T18:15:42.763

What it does:

The CVE-2025-10606 vulnerability allows an attacker to perform a cross-site scripting (XSS) attack on Portabilis i-Educar versions up to 2.10 by manipulating the "tipoacao" argument in the /module/Configuracao/ConfiguracaoMovimentoGeral file, enabling the execution of malicious code on the victim's browser.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to inject malicious code into the website, potentially leading to unauthorized access to sensitive information, session hijacking, or other malicious activities, which can compromise the security and integrity of the system and its users.

Steps to mitigate:

  • Update Portabilis i-Educar to a version later than 2.10
  • Implement input validation and sanitization for the "tipoacao" argument
  • Use web application firewalls (WAFs) to detect and prevent XSS attacks
  • Monitor the system for suspicious activity and signs of exploitation.
CVE-2025-10605 4.3
Published: 2025-09-17T18:15:42.560

What it does:

This vulnerability in Portabilis i-Educar allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "tipoacao" argument in the /agenda_preferencias.php file, which can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious code into the website, potentially allowing them to steal user data, take control of user sessions, or perform other malicious actions, which can compromise the security and integrity of the system and its users.

Steps to mitigate:

  • Update Portabilis i-Educar to a version later than 2.10
  • [Apply security patches to fix the XSS vulnerability
  • [Implement input validation and sanitization for the "tipoacao" argument
  • [Use a Web Application Firewall (WAF) to detect and prevent XSS attacks
  • [Monitor the system for suspicious activity and signs of exploitation].
CVE-2025-10604 7.3
Published: 2025-09-17T18:15:42.373

What it does:

The CVE-2025-10604 vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Online Discussion Forum 1.0 by manipulating the "ID" argument in the /admin/edit_member.php file, which can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the database, potentially leading to unauthorized access, data breaches, or disruption of the forum's functionality, and since an exploit is publicly available, attackers can easily use it to launch attacks.

Steps to mitigate:

  • Update PHPGurukul Online Discussion Forum to a patched version
  • [Implement input validation and sanitization for the "ID" argument in /admin/edit_member.php
  • [Use a Web Application Firewall (WAF) to detect and block SQL injection attacks
  • [Limit remote access to the /admin/edit_member.php file
  • [Regularly monitor the forum's database for suspicious activity]
CVE-2025-59304 0
Published: 2025-09-17T17:15:44.190

What it does:

This vulnerability allows a remote attacker to send a specially crafted HTTP request to the Swetrix Web Analytics API, which can lead to the execution of arbitrary code on the affected system due to a directory traversal issue.

Why it's a problem:

This vulnerability is a problem because it enables unauthorized access and control of the system, potentially leading to data breaches, malware installation, or other malicious activities, compromising the security and integrity of the affected system.

Steps to mitigate:

  • Update Swetrix Web Analytics API to a version after 7d8b972
  • [Apply security patches to fix the directory traversal issue]
  • Implement a Web Application Firewall (WAF) to detect and prevent malicious HTTP requests
  • Limit access to the API to trusted sources and users
  • Monitor system logs for suspicious activity and signs of potential exploitation.
CVE-2025-35436 5.3
Published: 2025-09-17T17:15:44.037

What it does:

This vulnerability allows an unauthenticated remote attacker to crash the CISA Thorium system by providing a specially crafted email address or response, due to the improper error handling of account verification email messages using '.unwrap()'.

Why it's a problem:

This vulnerability is a problem because it enables attackers to disrupt the service, causing a denial-of-service (DoS) condition, which can lead to system unavailability and potentially allow for further exploitation.

Steps to mitigate:

  • Update CISA Thorium to the latest version that includes the fix for this vulnerability (commit 6a65a27)
  • Implement proper error handling mechanisms to prevent system crashes
  • Monitor system logs for suspicious activity and potential exploit attempts.
CVE-2025-35435 4.3
Published: 2025-09-17T17:15:43.880

What it does:

The CISA Thorium service has a vulnerability that allows a remote, authenticated attacker to crash the service by setting a stream split size to zero, which causes a division by zero error.

Why it's a problem:

This vulnerability is a problem because it can be exploited by an attacker to disrupt the service, causing denial of service and potentially leading to further malicious activities, which can impact the availability and reliability of the system.

Steps to mitigate:

  • Update CISA Thorium to the latest version that includes the fix commit 89101a6
  • Apply the patch from the vendor
  • Restrict access to the service to only trusted, authenticated users
CVE-2025-35434 4.2
Published: 2025-09-17T17:15:43.713

What it does:

The CISA Thorium system fails to verify the authenticity of TLS certificates when establishing connections to Elasticsearch, allowing an unauthenticated attacker with access to a Thorium cluster to potentially impersonate the Elasticsearch service.

Why it's a problem:

This vulnerability is a problem because it enables an attacker to masquerade as a trusted Elasticsearch service, potentially leading to unauthorized access to sensitive data, eavesdropping, or manipulation of data within the Thorium cluster.

Steps to mitigate:

  • Update CISA Thorium to version 1.1.2 or later]
  • [Verify the authenticity of TLS certificates for all connections to Elasticsearch]
  • [Implement additional security measures, such as network segmentation and monitoring, to detect and prevent impersonation attacks.
CVE-2025-35433 5.0
Published: 2025-09-17T17:15:43.563

What it does:

The CISA Thorium system fails to properly invalidate previously used login tokens when a user resets their password, allowing an attacker with a previously used token to still gain access to the account.

Why it's a problem:

This vulnerability is a problem because it allows unauthorized access to accounts even after a password reset, which is typically considered a secure action to prevent further unauthorized access.

Steps to mitigate:

  • Update CISA Thorium to version 1.1.1 or later
  • Use alternative authentication methods until the update is applied
  • Monitor account activity for suspicious login attempts from previously used tokens
CVE-2025-35432 5.3
Published: 2025-09-17T17:15:43.413

What it does:

The CISA Thorium system allows a remote unauthenticated attacker to send an unlimited number of account verification email messages to a user who is pending verification, due to a lack of rate limiting on these requests.

Why it's a problem:

This vulnerability is a problem because it enables attackers to flood users with verification emails, potentially leading to denial-of-service or spamming issues, and causing inconvenience or disruption to the users.

Steps to mitigate:

  • Update CISA Thorium to version 1.1.1 or later
  • [apply the default rate limit of 10 minutes between account verification email messages]
  • implement additional security measures to prevent spamming and denial-of-service attacks.
CVE-2025-35431 5.4
Published: 2025-09-17T17:15:43.260

What it does:

The CISA Thorium system fails to properly escape user-controlled strings used in LDAP queries, allowing an authenticated remote attacker to modify LDAP authorization data, such as group memberships.

Why it's a problem:

This vulnerability is a problem because it enables attackers to alter sensitive authorization data, potentially granting themselves or others unauthorized access to resources, escalating privileges, and compromising the security of the system.

Steps to mitigate:

  • Update CISA Thorium to version 1.1.1 or later
  • Implement additional authentication and authorization controls to limit the impact of modified LDAP data
  • Monitor LDAP queries and authorization data for suspicious activity to detect potential exploitation.
CVE-2025-35430 5.0
Published: 2025-09-17T17:15:43.100

What it does:

The CISA Thorium vulnerability allows a remote, authenticated attacker to access arbitrary files on the system by exploiting inadequate validation of downloaded file paths through the 'download_ephemeral' and 'download_children' functions.

Why it's a problem:

This vulnerability is a problem because it enables an attacker to access sensitive files and data, potentially leading to unauthorized information disclosure, data theft, or further exploitation of the system, limited only by the file system permissions.

Steps to mitigate:

  • Update CISA Thorium to version 1.1.2 or later
  • Ensure that all users with access to the system have the least privilege necessary to perform their tasks
  • Monitor system logs for suspicious file access activity to detect potential exploitation attempts.
CVE-2025-10603 7.3
Published: 2025-09-17T17:15:42.907

What it does:

This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Online Discussion Forum by manipulating the "Search" argument in the /admin/admin_forum/search_result.php file, potentially giving them unauthorized access to sensitive data.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to exploit the forum's database, potentially leading to data breaches, unauthorized data modification, or even complete system takeover, which can have severe consequences for the forum's users and administrators.

Steps to mitigate:

  • Update PHPGurukul Online Discussion Forum to a patched version
  • [Implement input validation and sanitization for the "Search" argument]
  • [Use prepared statements to prevent SQL injection]
  • [Limit database privileges to the minimum required for the application
  • [Monitor the forum's database and system logs for suspicious activity]
CVE-2025-10602 6.3
Published: 2025-09-17T17:15:42.717

What it does:

This vulnerability allows an attacker to perform SQL injection by manipulating the ID argument in the /admin/delete_s1.php file of the SourceCodester Online Exam Form Submission 1.0 system, which can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or delete sensitive data, disrupt system operations, or gain unauthorized access to the system.

Steps to mitigate:

  • Update the SourceCodester Online Exam Form Submission system to a patched version if available
  • Implement input validation and sanitization for the ID argument in the /admin/delete_s1.php file
  • Use a Web Application Firewall (WAF) to detect and prevent SQL injection attacks
  • Limit remote access to the /admin/delete_s1.php file to trusted IPs or users
  • Regularly monitor system logs for suspicious activity.
CVE-2025-10601 7.3
Published: 2025-09-17T17:15:42.527

What it does:

This vulnerability allows an attacker to inject malicious SQL code into the Online Exam Form Submission system by manipulating the "email" argument in the /admin/index.php file, which can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the database, potentially leading to data breaches, unauthorized access, or disruption of the system.

Steps to mitigate:

  • Update to a patched version of the software
  • [Implement input validation and sanitization for the "email" field]
  • Use a Web Application Firewall (WAF) to detect and prevent SQL injection attacks
  • Limit remote access to the /admin/index.php file
  • Regularly monitor the system for suspicious activity and update security measures accordingly
CVE-2025-10600 7.3
Published: 2025-09-17T17:15:42.340

What it does:

The CVE-2025-10600 vulnerability allows an attacker to upload files without restrictions to the SourceCodester Online Exam Form Submission 1.0 system by manipulating the "img" argument in the /register.php file, and this can be done remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to upload malicious files, such as scripts or executables, which could lead to code execution, data breaches, or other types of cyber attacks, potentially compromising the security and integrity of the system.

Steps to mitigate:

  • Update to a patched version of SourceCodester Online Exam Form Submission
  • [Implement file upload validation and sanitization]
  • [Restrict file types and sizes that can be uploaded
  • [Monitor system logs for suspicious upload activity
  • [Apply a Web Application Firewall (WAF) to detect and prevent exploit attempts]
CVE-2025-10599 7.3
Published: 2025-09-17T16:15:34.747

What it does:

The CVE-2025-10599 vulnerability allows an attacker to inject malicious SQL code into the itsourcecode Web-Based Internet Laboratory Management System by manipulating the "user_email" argument during the user authentication process, potentially leading to unauthorized access to sensitive data.

Why it's a problem:

This vulnerability is a problem because it enables remote attackers to exploit the system, potentially allowing them to extract, modify, or delete sensitive data, disrupt system operations, or gain unauthorized access to the system, which could have serious security and privacy implications.

Steps to mitigate:

  • Update the itsourcecode Web-Based Internet Laboratory Management System to a patched version
  • [Implement input validation and sanitization for the "user_email" field in the login.php file]
  • [Use prepared statements or parameterized queries to prevent SQL injection]
  • [Limit remote access to the system and monitor for suspicious activity
  • [Apply a Web Application Firewall (WAF) to detect and prevent SQL injection attacks].
CVE-2025-10598 7.3
Published: 2025-09-17T16:15:34.513

What it does:

This vulnerability allows an attacker to inject malicious SQL code into the Pet Grooming Management Software through the /admin/search_product.php file by manipulating the "group_id" argument, potentially giving them unauthorized access to sensitive data.

Why it's a problem:

This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, and since an exploit is publicly available, it's likely that malicious actors will attempt to use it.

Steps to mitigate:

  • Update the Pet Grooming Management Software to a version that patches this vulnerability
  • [Apply input validation and sanitization to the "group_id" argument in the /admin/search_product.php file
  • [Implement a Web Application Firewall (WAF) to detect and prevent SQL injection attacks
  • [Limit remote access to the /admin/search_product.php file and restrict user permissions to minimize potential damage].
CVE-2025-10597 7.3
Published: 2025-09-17T16:15:34.307

What it does:

The CVE-2025-10597 vulnerability allows for SQL injection in the kidaze CourseSelectionSystem, specifically in the COUNT2.php file, by manipulating the "cname" argument, which can be initiated remotely.

Why it's a problem:

This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or extract sensitive data from the database, which could lead to unauthorized access, data breaches, or disruption of service.

Steps to mitigate:

  • Update the kidaze CourseSelectionSystem to the latest version available
  • [Apply input validation and sanitization to the "cname" argument to prevent malicious input]
  • Implement Web Application Firewall (WAF) rules to detect and prevent SQL injection attempts
  • [Use parameterized queries or prepared statements to prevent SQL injection]
  • Monitor database activity for suspicious queries and behavior.
CVE-2025-9862 0
Published: 2025-09-17T15:15:43.937

What it does:

The CVE-2025-9862 vulnerability allows an attacker to exploit a Server-Side Request Forgery (SSRF) flaw in Ghost, enabling them to access internal resources that should be restricted.

Why it's a problem:

This vulnerability is a problem because it can allow attackers to bypass security controls and access sensitive data or systems that are not intended to be publicly accessible, potentially leading to data breaches, unauthorized access, or other malicious activities.

Steps to mitigate:

  • Update Ghost to a version outside the affected range (later than 6.0.8 or 5.130.3)
  • Implement network segmentation to restrict access to internal resources
  • Configure firewalls to limit outgoing traffic from the Ghost server
  • Monitor server logs for suspicious activity
  • Apply patches or updates as soon as they become available.
CVE-2025-57055 0
Published: 2025-09-17T15:15:43.667

What it does:

The CVE-2025-57055 vulnerability allows an authenticated administrator to trick the WonderCMS server into making unauthorized internal or external HTTP requests by supplying a malicious URL through the pluginThemeUrl parameter during custom module installation.

Why it's a problem:

This vulnerability is a problem because it enables an attacker to bypass security controls and potentially access sensitive data, disrupt services, or exploit other vulnerabilities within the internal network or external services, all under the guise of a legitimate administrator request.

Steps to mitigate:

  • Update WonderCMS to a version where the vulnerability is patched
  • [validate and sanitize all user-supplied URLs before processing them]
  • [restrict administrator access to trusted personnel only]
  • [implement network segmentation and monitoring to detect unusual traffic patterns]
  • [consider using a web application firewall (WAF) to filter suspicious requests]
CVE-2025-54390 6.3
Published: 2025-09-17T15:15:43.267

What it does:

This vulnerability allows an attacker to trick an authenticated user into resetting their password without their consent by sending a crafted request to the Zimbra Collaboration server, taking advantage of a lack of proper validation on the password reset endpoint.

Why it's a problem:

This is a problem because it enables attackers to gain unauthorized access to user accounts by resetting passwords, potentially leading to data breaches, identity theft, and other malicious activities, all without the user's knowledge or permission.

Steps to mitigate:

  • Update Zimbra Collaboration to the latest version
  • [Disable the zimbraFeatureResetPasswordStatus attribute until a patch is available]
  • Implement additional security measures such as multi-factor authentication to prevent unauthorized access
  • Monitor user account activity for suspicious password reset requests.
CVE-2025-40933 0
Published: 2025-09-17T15:15:42.927

What it does:

The Apache::AuthAny::Cookie module for Perl generates session IDs using a predictable method, combining the epoch time with a call to the built-in rand function, which is hashed using MD5.

Why it's a problem:

This vulnerability is a problem because it allows attackers to potentially guess or predict session IDs, which could enable them to gain unauthorized access to systems, compromising security and data integrity.

Steps to mitigate:

  • Update Apache::AuthAny::Cookie to a version later than 0.201
  • Use a secure random number generator for session ID creation
  • Implement additional authentication measures to prevent unauthorized access
  • Regularly review and update dependencies to ensure the use of secure protocols and functions.