2025-08-20 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-44373 | n/a - n/a | A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 1 2 | Exploitation: pocAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2025-31988 | HCL Software - Digital Experience | HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. | CVSS3.1: 4.9 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | HCL Digital Experience is susceptible to cross site scripting (XSS) | github |
| CVE-2025-51489 | n/a - n/a | An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file. | CNA n/a CVSS3.1: 4.5 - MEDIUM | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-54880 | mermaid-js - mermaid | Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0. | CVSS4.0: 5.1 - MEDIUM | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | Mermaid does not properly sanitize architecture diagram iconText leading to XSS | github |
This post is licensed under CC BY 4.0 by the author.