CVE ID : CVE-2025-53373
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52492
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials. This could allow the attacker to gain unauthorized access to the associated Twilio account, leading to information disclosure, potential service disruption, and unauthorized use of the Twilio services.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53487
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped.
This issue affects Mediawiki – ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53375
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable files containing credentials and secrets). This may lead to full compromise of other services or lateral movement. This vulnerability is fixed in 0.23.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53376
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure
docker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53374
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7057
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – Quiz Extension allows Stored XSS.This issue affects Mediawiki – Quiz Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7134
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_application. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7135
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7259
Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago
Description : An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36014
Published : July 7, 2025, 5:15 p.m. | 59 minutes ago
Description : IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53529
Published : July 7, 2025, 5:15 p.m. | 59 minutes ago
Description : WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to inject arbitrary SQL commands. The vulnerability is fixed in 3.4.3.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Comodo Internet Security 2025 Vulnerabilities Execute Remote Code With SYSTEM Privilege
Multiple critical vulnerabilities in Comodo Internet Security Premium 2025 allow attackers to execute remote code with SYSTEM privileges, completely compromising victim systems through malicious updat …
Read more
Published Date:
Jul 07, 2025 (4 hours, 33 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-7095
VAPT Report on HTTPAPI Services in Windows 10 Healthcare Endpoint
This report documents a targeted VAPT simulation that exploited Microsoft HTTPAPI via port 5357 to assess system misconfigurations and apply mitigation through service hardening and firewall enforceme …
Read more
Published Date:
Jul 07, 2025 (4 hours, 23 minutes ago)
Vulnerabilities has been mentioned in this article.
Samsung TVs aren’t just for watching content, thanks to the cloud they’re also games consoles in one box. With this…
The WD_BLACK C50 1TB Storage Expansion Card for Xbox Series X|S is currently on sale at various retailers, courtesy of…
In a report coming out of Romero Games’ native Ireland, it’s said Microsoft met with the studio just a day…
Customizable widgets, dynamic widgets, battery percentage indicators, and gamepad support are all coming soon to the lock screen on Windows…
The Surface Laptop 7 with a Snapdragon X Elite is $999, down from $1,399.99. The PC has great battery life,…
The Beelink GTi13 Ultra is a mini PC that I’ve been daily driving for months, and it supports an external…