2025-07-08 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2016-10033 | n/a - n/a | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” (backslash double quote) in a crafted Sender property. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | Exploitation: activeAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2014-3931 | n/a - n/a | fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 1 2 | Exploitation: activeAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2025-39487 | ValvePress - Rankie | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ValvePress Rankie allows Reflected XSS. This issue affects Rankie: from n/a through 1.8.2. | CVSS3.1: 7.1 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | WordPress Rankie plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability | github |
| CVE-2024-58117 | Huawei - HarmonyOS | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | CVSS3.1: 4 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-23970 | aonetheme - Service Finder Booking | Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking allows Privilege Escalation. This issue affects Service Finder Booking: from n/a through 6.0. | CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | WordPress Service Finder Booking <= 6.0 - Privilege Escalation Vulnerability | github |
| CVE-2025-3467 | langgenius - langgenius/dify | An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator’s token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker. | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: total | XSS Vulnerability in langgenius/dify | github |
This post is licensed under CC BY 4.0 by the author.