2025-07-17 Daily Vulns

NEW:

CVE	vendor-product	description	metric	Referenceurl	title	GithubURL
CVE-2025-30747	Oracle Corporation - PeopleSoft Enterprise PeopleTools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).	CVSS3.1: 4.3 - MEDIUM	0	Exploitation: noneAutomatable: noTechnical Impact: partial	undefined	github
CVE-2024-9408	Eclipse Foundation - Eclipse Glassfish	In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.	CVSS4.0: 8.9 - HIGH	0	Exploitation: noneAutomatable: noTechnical Impact: partial	undefined	github
CVE-2024-10029	Eclipse Foundation - Eclipse Glassfish	In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.	CVSS4.0: 4.5 - MEDIUM	0	Exploitation: noneAutomatable: noTechnical Impact: partial	undefined	github
CVE-2025-24759	CMSJunkie - WordPress Business Directory Plugins - WP-BusinessDirectory	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Blind SQL Injection. This issue affects WP-BusinessDirectory: from n/a through 3.1.3.	CVSS3.1: 9.3 - CRITICAL	0	Exploitation: noneAutomatable: yesTechnical Impact: partial	WordPress WP-BusinessDirectory <= 3.1.3 - SQL Injection Vulnerability	github