2025-07-31 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-45515 | n/a - n/a | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim’s session. | CNA n/a CVSS3.1: 6.1 - MEDIUM | 0 1 2 3 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-24119 | Apple - macOSApple - macOSApple - macOS | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 1 2 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2025-32510 | Ovatheme - Ovatheme Events Manager | Unrestricted Upload of File with Dangerous Type vulnerability in Ovatheme Ovatheme Events Manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through 1.8.4. | CVSS3.1: 10 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability | github |
This post is licensed under CC BY 4.0 by the author.