2025-09-19 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2023-49564 | Nokia - CBIS,NCS | The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine. The risk can be partially mitigated by restricting access to the management network using external firewall. | CNA n/a CVSS3.1: 8.8 - HIGH | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | Authentication Bypass | github |
| CVE-2025-10615 | itsourcecode - E-Commerce Website | A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit is publicly available and might be used.In itsourcecode E-Commerce Website 1.0 wurde eine Schwachstelle gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/products.php. Durch Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden. | CVSS4.0: 5.3 - MEDIUM CVSS3.1: 6.3 - MEDIUM | 0 1 2 3 4 | Exploitation: pocAutomatable: noTechnical Impact: partial | itsourcecode E-Commerce Website products.php unrestricted upload | github |
| CVE-2024-13151 | Logo Software - Retail Sales Management | Authorization Bypass Through User-Controlled SQL Primary Key, CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Logo Software Retail Sales Management allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Retail Sales Management: through 20250918. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | CVSS3.1: 10 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | SQLi in Logo Software’s Retail Sales Management | github |
This post is licensed under CC BY 4.0 by the author.