CVE ID : CVE-2025-27211
Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago
Description : An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27212
Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago
Description : An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.
Affected Products:
UniFi Access Reader Pro (Version 2.14.21 and earlier)
UniFi Access G2 Reader Pro (Version 1.10.32 and earlier)
UniFi Access G3 Reader Pro (Version 1.10.30 and earlier)
UniFi Access Intercom (Version 1.7.28 and earlier)
UniFi Access G3 Intercom (Version 1.7.29 and earlier)
UniFi Access Intercom Viewer (Version 1.3.20 and earlier)
Mitigation:
Update UniFi Access Reader Pro Version 2.15.9 or later
Update UniFi Access G2 Reader Pro Version 1.11.23 or later
Update UniFi Access G3 Reader Pro Version 1.11.22 or later
Update UniFi Access Intercom Version 1.8.22 or later
Update UniFi Access G3 Intercom Version 1.8.22 or later
Update UniFi Access Intercom Viewer Version 1.4.39 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46094
Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago
Description : LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46093
Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago
Description : LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8529
Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago
Description : A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8530
Published : Aug. 4, 2025, 11:15 p.m. | 28 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-systemsrcmainresourcesconfigapplication-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
MLE-STAR (Machine Learning Engineering via Search and Targeted Refinement) is a state-of-the-art agent system developed by Google Cloud researchers to…
Estimated reading time: 6 minutes Table of contents The Breakthrough: Contrastive Reinforcement Learning (Contrastive-RL) How Good Is CUDA-L1? Hard Data…
In this advanced Roboflow Supervision tutorial, we build a complete object detection pipeline with the Supervision library. We begin by…
Artificial intelligence and machine learning workloads have fueled the evolution of specialized hardware to accelerate computation far beyond what traditional…
Estimated reading time: 4 minutes Table of contents What Is Context Engineering? Taxonomy of Context Engineering Key Insights and Research…
CVE ID : CVE-2025-6754
Published : Aug. 2, 2025, 8:15 a.m. | 1 day, 15 hours ago
Description : The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller’s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator cookies.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7710
Published : Aug. 2, 2025, 12:15 p.m. | 1 day, 11 hours ago
Description : The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54955
Published : Aug. 3, 2025, 12:15 a.m. | 23 hours, 44 minutes ago
Description : OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-54351
Published : Aug. 3, 2025, 2:15 a.m. | 21 hours, 44 minutes ago
Description : In iperf before 3.19.1, net.c has a buffer overflow when –skip-rx-copy is used (for MSG_TRUNC in recv).
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52131
Published : Aug. 3, 2025, 4:15 a.m. | 19 hours, 22 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52132
Published : Aug. 3, 2025, 4:15 a.m. | 19 hours, 22 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52133
Published : Aug. 3, 2025, 4:15 a.m. | 19 hours, 22 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8496
Published : Aug. 3, 2025, 4:15 a.m. | 19 hours, 22 minutes ago
Description : A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewform.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8497
Published : Aug. 3, 2025, 4:15 a.m. | 19 hours, 22 minutes ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cusfindphar2.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…