Aggregator

CVE-2025-43733 | Liferay Portal/DXP Document View Usages Page Name cross site scripting

4 days 17 hours ago

A vulnerability, which was classified as problematic, has been found in Liferay Portal and DXP. The affected element is an unknown function of the component Document View Usages Page. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-43733. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2025-43732 | Liferay Portal/DXP groupId authorization

VulDB Recent Entries

4 days 17 hours ago

A vulnerability classified as problematic was found in Liferay Portal and DXP. Impacted is the function _com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_groupId. Executing manipulation of the argument groupId can lead to authorization bypass. This vulnerability is handled as CVE-2025-43732. The attack can be executed remotely. There is not any exploit available.

vuldb.com

Linux Kernel Netfilter Vulnerability Let Attackers Escalate Privileges

Cyber Security News

4 days 17 hours ago

A critical vulnerability in the Linux kernel’s netfilter ipset subsystem has been discovered that allows local attackers to escalate privileges to root-level access. The flaw, identified in the bitmap:ip implementation within the ipset framework, stems from insufficient range validation when processing CIDR notation in IP address ranges. This missing bounds check enables attackers to trigger […]

The post Linux Kernel Netfilter Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Florence Nightingale

X-VPN’s August Update Lets Mobile Users Choose Servers in 26 Regions with Military-Grade AES-256 Encryption

Cyber Security News

4 days 17 hours ago

San Francisco, CA – August 12, 2025 — Addressing the growing demand for data privacy in financial workflows, X-VPN has rolled out an update to its mobile application, now offering free users the ability to manually choose from 26 server regions globally. In addition, the previously paywalled Kill Switch feature is now unlocked for all […]

The post X-VPN’s August Update Lets Mobile Users Choose Servers in 26 Regions with Military-Grade AES-256 Encryption appeared first on Cyber Security News.

Kaaviya

CVE-2024-48730 | ETSI Open-Source MANO 14.x/15.x improper authentication (EUVD-2024-54816)

Vuldb Updates

4 days 17 hours ago

A vulnerability was found in ETSI Open-Source MANO 14.x/15.x and classified as critical. This issue affects some unknown processing. The manipulation results in improper authentication. This vulnerability is identified as CVE-2024-48730. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2025-9108 | Portabilis i-Diario up to 1.5.0 Login Page ui layer (EUVD-2025-25117)

Vuldb Updates

4 days 17 hours ago

A vulnerability marked as problematic has been reported in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2025-9108. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-9109 | Portabilis i-Diario up to 1.5.0 Password Recovery Endpoint /password/email observable response discrepancy

Vuldb Updates

4 days 17 hours ago

A vulnerability described as problematic has been identified in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. This vulnerability is known as CVE-2025-9109. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com

CVE-2025-9100 | zhenfeng13 My-Blog 1.0.0 Frontend Blog Article Comment /blog/comment authentication replay (Issue 149 / EUVD-2025-25111)

Vuldb Updates

4 days 17 hours ago

A vulnerability has been found in zhenfeng13 My-Blog 1.0.0 and classified as problematic. This affects an unknown part of the file /blog/comment of the component Frontend Blog Article Comment Handler. Performing manipulation results in authentication bypass by capture-replay. This vulnerability is identified as CVE-2025-9100. The attack can be initiated remotely. Additionally, an exploit exists.

vuldb.com

CVE-2025-9101 | zhenfeng13 My-Blog up to 1.0.0 Tag /admin/tags/save cross site scripting (Issue 147)

Vuldb Updates

4 days 17 hours ago

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/tags/save of the component Tag Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-9101. The attack can be launched remotely. Moreover, an exploit is present.

vuldb.com

CVE-2025-9102 | 1&1 Mail & Media mail.com App 8.8.0 on Android com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components (EUVD-2025-25112)

Vuldb Updates

4 days 17 hours ago

A vulnerability was found in 1&1 Mail & Media mail.com App 8.8.0 on Android. It has been classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. This vulnerability is listed as CVE-2025-9102. The attack must be carried out locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-9103 | ZenCart 2.1.0 CKEditor cross site scripting

Vuldb Updates

4 days 17 hours ago

A vulnerability was found in ZenCart 2.1.0. It has been declared as problematic. Impacted is an unknown function of the component CKEditor. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9103. The attack may be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators".

vuldb.com

CVE-2025-9104 | Portabilis i-Diario up to 1.5.0 Informações Adicionais Page /planos-de-aulas-por-disciplina Parecer/Objeto de Conhecimento/Habilidades cross site scripting (EUVD-2025-25113)

Vuldb Updates

4 days 17 hours ago

A vulnerability was found in Portabilis i-Diario up to 1.5.0. It has been rated as problematic. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. This vulnerability is registered as CVE-2025-9104. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-9105 | Portabilis i-Diario up to 1.5.0 Informações Adicionais Page /planos-de-ensino-por-areas-de-conhecimento Parecer/Conteúdos/Objetivos cross site scripting (EUVD-2025-25116)

Vuldb Updates

4 days 17 hours ago

A vulnerability categorized as problematic has been discovered in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. This vulnerability is documented as CVE-2025-9105. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-9106 | Portabilis i-Diario up to 1.5.0 Informações Adicionais Page /planos-de-ensino-por-disciplina Parecer/Conteúdos/Objetivos cross site scripting (EUVD-2025-25114)

Vuldb Updates

4 days 17 hours ago

A vulnerability identified as problematic has been detected in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. This vulnerability is reported as CVE-2025-9106. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-9107 | Portabilis i-Diario up to 1.5.0 search_autocomplete q cross site scripting (EUVD-2025-25115)

Vuldb Updates

4 days 17 hours ago

A vulnerability labeled as problematic has been found in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. This vulnerability appears as CVE-2025-9107. The attack may be performed from a remote location. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-43201 | Apple Music Classical up to 2.2 on Android information disclosure (EUVD-2025-25051)

Vuldb Updates

4 days 17 hours ago

A vulnerability marked as problematic has been reported in Apple Music Classical up to 2.2 on Android. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-43201. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com