2025-11-18 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-13223 | Google - Chrome | Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CNA n/a CVSS3.1: 8.8 - HIGH | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2021-4469 | Denver - SHO-110 | Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a ‘/snapshot’ endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the ‘snapshot’ endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment. | CVSS4.0: 8.7 - HIGH | 0 1 2 | Exploitation: pocAutomatable: yesTechnical Impact: partial | Denver SHO-110 IP Camera Unauthenticated Snapshot Access | github |
| CVE-2025-13278 | projectworlds - Advanced Library Management System | A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefrom/dateto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Es wurde eine Schwachstelle in projectworlds Advanced Library Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /borrowed_book_search.php. Dank Manipulation des Arguments datefrom/dateto mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgeführt werden. Der Exploit ist öffentlich verfügbar und könnte genutzt werden. | CVSS4.0: 5.3 - MEDIUM CVSS3.1: 6.3 - MEDIUM | 0 1 2 3 | Exploitation: pocAutomatable: noTechnical Impact: partial | projectworlds Advanced Library Management System borrowed_book_search.php sql injection | github |
This post is licensed under CC BY 4.0 by the author.