CVE ID : CVE-2025-53606
Published : Aug. 8, 2025, 10:15 a.m. | 13 hours, 44 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): 2.4.0.
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8748
Published : Aug. 8, 2025, 11:15 a.m. | 12 hours, 44 minutes ago
Description : MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious
HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the
underlying operating system.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2020-9322
Published : Aug. 8, 2025, 3:15 p.m. | 8 hours, 44 minutes ago
Description : The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8730
Published : Aug. 8, 2025, 3:15 p.m. | 8 hours, 44 minutes ago
Description : A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8356
Published : Aug. 8, 2025, 4:15 p.m. | 7 hours, 44 minutes ago
Description : In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8731
Published : Aug. 8, 2025, 4:15 p.m. | 7 hours, 44 minutes ago
Description : A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46414
Published : Aug. 8, 2025, 5:15 p.m. | 6 hours, 44 minutes ago
Description : The affected product does not limit the number of attempts for inputting
the correct PIN for a registered product, which may allow an attacker
to gain unauthorized access using brute-force methods if they possess a
valid device serial number. The API provides clear feedback when the
correct PIN is entered. This vulnerability was patched in a server-side
update on April 6, 2025.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53520
Published : Aug. 8, 2025, 5:15 p.m. | 6 hours, 44 minutes ago
Description : The affected product allows firmware updates to be downloaded from EG4’s
website, transferred via USB dongles, or installed through EG4’s
Monitoring Center (remote, cloud-connected interface) or via a serial
connection, and can install these files without integrity checks. The
TTComp archive format used for the firmware is unencrypted and can be
unpacked and altered without detection.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8284
Published : Aug. 8, 2025, 5:15 p.m. | 6 hours, 44 minutes ago
Description : By default, the Packet Power Monitoring and Control Web Interface do not
enforce authentication mechanisms. This vulnerability could allow
unauthorized users to access and manipulate monitoring and control
functions.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52913
Published : Aug. 8, 2025, 6:15 p.m. | 5 hours, 44 minutes ago
Description : A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users’ data and system configurations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52914
Published : Aug. 8, 2025, 6:15 p.m. | 5 hours, 44 minutes ago
Description : A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5095
Published : Aug. 8, 2025, 6:15 p.m. | 5 hours, 44 minutes ago
Description : Burk Technology ARC Solo’s password change mechanism can be utilized without proper
authentication procedures, allowing an attacker to take over the device.
A password change request can be sent directly to the device’s HTTP
endpoint without providing valid credentials. The system does not
enforce proper authentication or session validation, allowing the
password change to proceed without verifying the request’s legitimacy.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10043
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the “Import Users from File” functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set “ECMA-94 / Latin 1 (ISO 8859)”. Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10044
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10045
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10046
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10047
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10048
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10049
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2012-10050
Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago
Description : CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…