Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2025-57791 - An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57791
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57790 - An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57790
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57789 - An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57789
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57788 - An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57788
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57748 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57748
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57747 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57747
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57746 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57746
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57745 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57745
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57744 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57744
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57743 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57743
Partager : LinkedIn / Twitter / Facebook

CVE-2025-57742 - Rejected reason: Not used
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-57742
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8289 - The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with a file upload action, and doesn't affect sites with PHP version > 8. This vulnerability also requires the 'Redirection For Contact Form 7 Extension - Create Post' extension to be installed and activated in order to be exploited. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. We confirmed there is a usable gadget in Contact Form 7 plugin that makes arbitrary file deletion possible when installed with this plugin. Given Contact Form 7 is a requirement of this plugin, it is likely that any site with this plugin and the 'Redirection For Contact Form 7 Extension - Create Post' extension enabled is vulnerable to arbitrary file deletion.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8289
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8145 - The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in a Contact Form 7 plugin allows attackers to delete arbitrary files. Additionally, in certain server configurations, Remote Code Execution is possible
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8145
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8141 - The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8141
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54364 - Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 2 of 2).
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54364
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54363 - Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2).
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54363
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9132 - Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9132
Partager : LinkedIn / Twitter / Facebook

CVE-2024-12223 - Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user's session and perform actions in their security context.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-12223
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9193 - A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and may be used. Upgrading to version 12.1.2410.274, 12.1.2502.178 and 12.1.2506.121 is recommended to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "[o]ur internal validation (...) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs." This vulnerability only affects products that are no longer supported by the maintainer.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9193
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9176 - A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
20/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9176
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9175 - A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9175
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9174 - A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9174
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9171 - A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9171
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9170 - A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9170
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9169 - A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9169
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9187 - Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9187
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9186 - Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9186
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9185 - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9185
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9184 - Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9184
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9183 - Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9183
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9182 - 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9182
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9181 - Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9181
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9180 - 'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9180
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9179 - An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9179
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9168 - A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9168
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9167 - A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9167
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8364 - A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 141.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8364
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8042 - Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8042
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8041 - In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8041
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55033 - Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55033
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55032 - Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55032
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55031 - Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55031
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55030 - Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55030
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55029 - Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55029
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55028 - Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55028
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54145 - The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS < 141.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54145
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54144 - The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS < 141.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54144
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54143 - Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54143
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9165 - A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9165
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9157 - A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9157
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9156 - A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9156
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9155 - A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9155
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55740 - nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55740
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55737 - flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55737
Partager : LinkedIn / Twitter / Facebook

CVE-2025-52337 - An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-52337
Partager : LinkedIn / Twitter / Facebook

CVE-2025-51543 - An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-51543
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50926 - Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50926
Partager : LinkedIn / Twitter / Facebook

CVE-2025-43744 - A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-43744
Partager : LinkedIn / Twitter / Facebook

CVE-2025-43743 - Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-43743
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2988 - IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2988
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9154 - A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9154
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9153 - A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9153
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55736 - flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55736
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55735 - flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55735
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55734 - flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page, but that control is not done for the pages routes/adminPanelComments.py and routes/adminPanelPosts.py. Thus, an unauthorized user can bypass the intended restrictions, leaking sensitive data and accessing the following pages: /admin/posts, /adminpanel/posts, /admin/comments, and /adminpanel/comments.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55734
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55733 - DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app's custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim's machine. This vulnerability is fixed in 0.3.1.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55733
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55306 - GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.).
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55306
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55303 - Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images. A bug in impacted versions of astro allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. /_image?href=//example.com/image.png. This vulnerability is fixed in 5.13.2 and 4.16.18.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55303
Partager : LinkedIn / Twitter / Facebook

CVE-2025-52338 - An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-52338
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50891 - Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie hijacking.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50891
Partager : LinkedIn / Twitter / Facebook

CVE-2025-43745 - A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-43745
Partager : LinkedIn / Twitter / Facebook

CVE-2025-43737 - A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_portlet_JournalPortlet_backURL parameter.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-43737
Partager : LinkedIn / Twitter / Facebook

CVE-2025-33008 - IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-33008
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31988 - HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31988
Partager : LinkedIn / Twitter / Facebook

CVE-2024-44373 - A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44373
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9151 - A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9151
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9150 - A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9150
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9149 - A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9149
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8450 - Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-8450
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55295 - qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55295
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55294 - screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55294
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55153 - Rejected reason: This CVE is a duplicate of another CVE.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-55153
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9148 - A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9148
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9147 - A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-9147
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54881 - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54881
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54880 - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54880
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54411 - Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate any users for the time being. This vulnerability is fixed in 3.5.0.beta8.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-54411
Partager : LinkedIn / Twitter / Facebook

CVE-2025-52478 - n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using coupled using an onerror event. While using iframe or a combination of video and source tag, this vulnerability allows for Account Takeover (ATO) by exfiltrating n8n-browserId and session cookies from authenticated users who visit a maliciously crafted form. Using these tokens and cookies, an attacker can impersonate the victim and change account details such as email addresses, enabling full control over the account—especially if 2FA is not enabled. Users should upgrade to version >= 1.98.2.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-52478
Partager : LinkedIn / Twitter / Facebook

CVE-2025-51506 - In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-51506
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38615 - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted. The underlying bug is that make_bad_inode() is called on a live inode. In some cases it's "icache lookup finds a normal inode, d_splice_alias() is called to attach it to dentry, while another thread decides to call make_bad_inode() on it - that would evict it from icache, but we'd already found it there earlier". In some it's outright "we have an inode attached to dentry - that's how we got it in the first place; let's call make_bad_inode() on it just for shits and giggles".
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38615
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38614 - In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons: - They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the paths is actually considered for the depth check since commit 28d82dc1c4ed ("epoll: limit paths"). Essentially, the current recursion depth check in ep_loop_check_proc() just serves to prevent it from recursing too deeply while checking for loops. A more thorough check is done in reverse_path_check() after the new graph edge has already been created; this checks, among other things, that no paths going upwards from any non-epoll file with a length of more than 5 edges exist. However, this check does not apply to non-epoll files. As a result, it is possible to recurse to a depth of at least roughly 500, tested on v6.15. (I am unsure if deeper recursion is possible; and this may have changed with commit 8c44dac8add7 ("eventpoll: Fix priority inversion problem").) To fix it: 1. In ep_loop_check_proc(), note the subtree depth of each visited node, and use subtree depths for the total depth calculation even when a subtree has already been visited. 2. Add ep_get_upwards_depth_proc() for similarly determining the maximum depth of an upwards walk. 3. In ep_loop_check(), use these values to limit the total path length between epoll nodes to EP_MAX_NESTS edges.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38614
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38613 - In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the stack frame being copyied back to userspace in function board_info_ioctl. The simplest fix is to initialize the entire struct to zero to ensure all unassigned padding fields are zero'd before being copied back to userspace.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38613
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38612 - In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that by adding the cleanup function on the error path.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38612
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38611 - In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38611
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38610 - In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible during runtime, causing get_cpu_device() to return NULL, which propagates through em_cpu_get() and leads to a crash when em_span_cpus() dereferences the NULL pointer. Add a NULL check after em_cpu_get() and return 0 if unavailable, matching the existing fallback behavior in __dtpm_cpu_setup(). [ rjw: Drop an excess empty code line ]
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38610
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38609 - In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But devfreq->governor may be NULL and directly using devfreq->governor->name may cause null pointer exception. Move the check of governor to before using governor->name.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38609
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38608 - In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38608
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38607 - In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the following example: 1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit; W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (3).
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38607
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38606 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar) via arvif->deflink->ar. However, after commit aa80f12f3bed ("wifi: ath12k: defer vdev creation for MLO"), arvif is linked to a radio only after vdev creation, typically when a channel is assigned or a scan is requested. For P2P capable devices, a default P2P interface is created by wpa_supplicant along with regular station interfaces, these serve as dummy interfaces for P2P-capable stations, lack an associated netdev and initiate frequent scans to discover neighbor p2p devices. When a scan is initiated on such P2P vifs, driver selects destination radio (ar) based on scan frequency, creates a scan vdev, and attaches arvif to the radio. Once the scan completes or is aborted, the scan vdev is deleted, detaching arvif from the radio and leaving arvif->ar uninitialized. While handling beacon miss for station interfaces, P2P interface is also encountered in the vif iteration and ath12k_mac_handle_beacon_miss_iter() tries to dereference the uninitialized arvif->deflink->ar. Fix this by verifying that vdev is created for the arvif before accessing its ar during beacon miss handling and similar vif iterator callbacks. ========================================================================== wlp6s0: detected beacon loss from AP (missed 7 beacons) - probing KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 5 UID: 0 PID: 0 Comm: swapper/5 Not tainted 6.16.0-rc1-wt-ath+ #2 PREEMPT(full) RIP: 0010:ath12k_mac_handle_beacon_miss_iter+0xb5/0x1a0 [ath12k] Call Trace: __iterate_interfaces+0x11a/0x410 [mac80211] ieee80211_iterate_active_interfaces_atomic+0x61/0x140 [mac80211] ath12k_mac_handle_beacon_miss+0xa1/0xf0 [ath12k] ath12k_roam_event+0x393/0x560 [ath12k] ath12k_wmi_op_rx+0x1486/0x28c0 [ath12k] ath12k_htc_process_trailer.isra.0+0x2fb/0x620 [ath12k] ath12k_htc_rx_completion_handler+0x448/0x830 [ath12k] ath12k_ce_recv_process_cb+0x549/0x9e0 [ath12k] ath12k_ce_per_engine_service+0xbe/0xf0 [ath12k] ath12k_pci_ce_workqueue+0x69/0x120 [ath12k] process_one_work+0xe3a/0x1430 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284.1-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38606
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38605 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could become NULL and that would trigger kernel panic. Since the caller ath12k_dp_tx() already has a valid ab pointer, pass it directly to avoid panic and unnecessary dereferencing. PC points to "ath12k_dp_tx+0x228/0x988 [ath12k]" LR points to "ath12k_dp_tx+0xc8/0x988 [ath12k]". The Backtrace obtained is as follows: ath12k_dp_tx+0x228/0x988 [ath12k] ath12k_mac_tx_check_max_limit+0x608/0x920 [ath12k] ieee80211_process_measurement_req+0x320/0x348 [mac80211] ieee80211_tx_dequeue+0x9ac/0x1518 [mac80211] ieee80211_tx_dequeue+0xb14/0x1518 [mac80211] ieee80211_tx_prepare_skb+0x224/0x254 [mac80211] ieee80211_xmit+0xec/0x100 [mac80211] __ieee80211_subif_start_xmit+0xc50/0xf40 [mac80211] ieee80211_subif_start_xmit+0x2e8/0x308 [mac80211] netdev_start_xmit+0x150/0x18c dev_hard_start_xmit+0x74/0xc0 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
19/08/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-38605
Partager : LinkedIn / Twitter / Facebook

Soutenez No Hack Me sur Tipeee

Les annonces ayant été modifiées dernièrement

CVE-2025-7342 - A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and the vulnerability was exploited during the build process, which requires an attacker to access the build VM and modify the image while the build is in progress.
20/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-7342
Partager : LinkedIn / Twitter / Facebook

CVE-2025-20134 - A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-20134
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54409 - AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-54409
Partager : LinkedIn / Twitter / Facebook

CVE-2025-54389 - AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-54389
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8964 - A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8964
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8962 - A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8962
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38745 - Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-38745
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8940 - A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8940
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8939 - A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8939
Partager : LinkedIn / Twitter / Facebook

CVE-2025-52392 - Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-52392
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53138 - Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53138
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53137 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53137
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53136 - Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53136
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53135 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53135
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53134 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53134
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53133 - Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53133
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53132 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53132
Partager : LinkedIn / Twitter / Facebook

CVE-2025-53131 - Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-53131
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50177 - Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50177
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50176 - Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50176
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50173 - Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50173
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50172 - Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50172
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50170 - Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50170
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50169 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50169
Partager : LinkedIn / Twitter / Facebook

CVE-2025-50168 - Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-50168
Partager : LinkedIn / Twitter / Facebook

CVE-2025-49762 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-49762
Partager : LinkedIn / Twitter / Facebook

CVE-2025-49761 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-49761
Partager : LinkedIn / Twitter / Facebook

CVE-2025-49757 - Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
19/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-49757
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9095 - A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9095
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9093 - A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9093
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9091 - A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9091
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4130 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-4130
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3867 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup().
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-3867
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3866 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-3866
Partager : LinkedIn / Twitter / Facebook

CVE-2023-3865 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2_write ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in smb2_write.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-3865
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38507 - In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook which had been added for usb joycons. First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a newly-added nintendo_hid_suspend. This makes sure we will not stall out the kernel waiting for input reports during led classdev suspend. The stalls could happen if connectivity is unreliable or lost to the controller prior to suspend. Second, since we lose connectivity during suspend, do not try joycon_init() for bluetooth controllers in the nintendo_hid_resume path. Tested via multiple suspend/resume flows when using the controller both in USB and bluetooth modes.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-38507
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8719 - The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘base_lang' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8719
Partager : LinkedIn / Twitter / Facebook

CVE-2025-7499 - The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-7499
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8089 - The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8089
Partager : LinkedIn / Twitter / Facebook

CVE-2025-8113 - The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-8113
Partager : LinkedIn / Twitter / Facebook

CVE-2025-38501 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-38501
Partager : LinkedIn / Twitter / Facebook

CVE-2025-6079 - The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-6079
Partager : LinkedIn / Twitter / Facebook

CVE-2017-20199 - A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2017-20199
Partager : LinkedIn / Twitter / Facebook

CVE-2025-43201 - This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-43201
Partager : LinkedIn / Twitter / Facebook

CVE-2025-55203 - Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users' browsers. The description_html field is not properly sanitized or escaped. An attacker can submit crafted JavaScript payloads that are saved in the application's database. When another user views the affected content, the injected code executes in their browser, running in the application's context and bypassing standard security protections. Successful exploitation can lead to session hijacking, theft of sensitive information, or forced redirection to malicious sites. The vulnerability can also be chained with CSRF attacks to perform unauthorized actions, or leveraged to distribute malware and exploit additional browser vulnerabilities. This issue has been patched in version 0.28.0.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-55203
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9051 - A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9051
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9050 - A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9050
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9047 - A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9047
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9046 - A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9046
Partager : LinkedIn / Twitter / Facebook

CVE-2025-9026 - A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
18/08/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-9026
Partager : LinkedIn / Twitter / Facebook