CVE-2025-8702 – Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

August 7, 2025

CVE ID : CVE-2025-8702

Published : Aug. 8, 2025, 12:15 a.m. | 34 minutes ago

Description : A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous Articlevacuum – OpenAPI and Swagger linter

Next Article CVE-2025-54952 – ExecuTorch Integer Overflow Code Execution Vulnerability

Highlights

CVE-2025-8300 – Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

September 2, 2025

CVE ID : CVE-2025-8300

Published : Sept. 2, 2025, 8:15 p.m. | 6 hours, 29 minutes ago

Description : Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26552.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-8702 – Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack

Yomikiru – offline manga, manhwa, comic, and novel reader

stateless in REST

CVE-2024-53010 – VMware ESXi Memory Corruption Vulnerability

CVE-2025-8300 – Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

CVE-2025-1531 – Hitachi Ops Center Analyzer Viewpoint Authentication Credentials Leakage

CVE-2025-8702 – Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

Related Posts