CVE-2025-31713 – F5 Networks Engineer Mode Command Injection Vulnerability

CVE ID : CVE-2025-31713

Published : Aug. 18, 2025, 1:15 a.m. | 56 minutes ago

Description : In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-31715 – Vowifi Command Injection Vulnerability

CVE ID : CVE-2025-31715

Published : Aug. 18, 2025, 1:15 a.m. | 56 minutes ago

Description : In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-31714 – Apache HTTP Server Local Privilege Escalation Vulnerability

CVE ID : CVE-2025-31714

Published : Aug. 18, 2025, 1:15 a.m. | 56 minutes ago

Description : In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-9098 – “Elseplus File Recovery App Android Component Export Vulnerability”

CVE ID : CVE-2025-9098

Published : Aug. 18, 2025, 1:15 a.m. | 56 minutes ago

Description : A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-9099 – Acrel Environmental Monitoring Cloud Platform Remote File Upload Vulnerability

CVE ID : CVE-2025-9099

Published : Aug. 18, 2025, 1:15 a.m. | 56 minutes ago

Description : A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

DistroWatch Weekly, Issue 1135

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: Debian 13 “Trixie”
News: Debian GNU/Hurd team publishes new release, KDE’s window manager gets customised Liquid Glass, Haiku improves authentication tool behaviour
Questions and answers: Proton, WINE, Wayland, and Wayback
Released last week: Kaisen Linux 3.0, SparkyLinux 8.0, EasyOS 7.0, LibreELEC 12.2.0, Zephix 8, Grml….

gofmt – formats Go programs

Gofmt formats Go programs. It uses tabs for indentation and blanks for alignment. Alignment assumes that an editor is using…

Sudoku – solve Sudoku puzzles

Sudoku is a modern Sudoku app focused on delivering a clean, distraction-free experience. Designed with simplicity and comfort in mind.…

KomoDo is a todo manager

KomoDo is a todo manager that uses todo.txt specification. It parses any compliant todo.txt files. The post KomoDo is a…

golangci-lint – fast Go linters runner

golangci-lint runs linters in parallel, uses caching, supports YAML configuration, integrates with all major IDEs. The post golangci-lint – fast…