2025-07-04 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-52554 | n8n-io - n8n | n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway. | CVSS4.0: 4.9 - MEDIUM | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: partial | n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows | github |
| CVE-2025-23968 | WPCenter - AiBud WP | Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5. | CVSS3.1: 9.1 - CRITICAL | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | WordPress AiBud WP plugin <= 1.8.5 - Arbitrary File Upload vulnerability | github |
| CVE-2025-53489 | Wikimedia Foundation - Mediawiki - GoogleDocs4MW Extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | CNA n/a CVSS3.1: 5.6 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | XSS in GoogleDocs4MW | github |
| CVE-2023-30754 | AdFoxly - AdFoxly – Ad Manager, AdSense Ads & Ads.txt | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin <= 1.8.5 versions. | CVSS3.1: 7.1 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | WordPress AdFoxly – Ad Manager, AdSense Ads & Ads.txt Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS) | github |
| CVE-2023-20217 | Cisco - Cisco ThousandEyes Recorder Application | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device. | CVSS3.1: 5.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-20307 | Cisco - Cisco BroadWorks | A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. | CVSS3.1: 4.8 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability | github |
This post is licensed under CC BY 4.0 by the author.