2025-09-05 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2023-35657 | Google - Android | In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | CNA n/a CVSS3.1: 4 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-9517 | docjojo - atec Debug | The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the ‘custom_log’ parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | CVSS3.1: 7.2 - HIGH | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: total | atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution | github |
| CVE-2022-39888 | Samsung Mobile - Samsung Mobile Devices | Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information. | CVSS3.1: 4.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2024-13071 | Akinsoft - e-Mutabakat | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06. | CVSS3.1: 4.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | XSS in Akinsoft’s e-Mutabakat | github |
| CVE-2025-41049 | appRain - appRain CMF | A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the ‘data[Addon][layouts]’ and ‘data[Addon][layouts_except]’ parameters in /apprain/developer/addons/update/appform. | CVSS4.0: 5.1 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Stored Cross-Site Scripting vulnerability in appRain CMF | github |
This post is licensed under CC BY 4.0 by the author.