CVE Alerts @cve.skyfleet.blue

CVE-2025-24325 - Intel 800 Series Ethernet Improper Input Validation Privilege Escalation Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2025-24325 - Intel 800 Series Ethernet Improper Input Validation Privilege Escalation
CVE ID : CVE-2025-24325

Published : Aug. 12, 2025, 5:15 p.m. | 27 minutes ago

Description : Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Et...

12.08.2025 18:39 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-55010 - Kanboard PHP Deserialization RCE Vulnerability Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use …

CVE-2025-55010 - Kanboard PHP Deserialization RCE Vulnerability
CVE ID : CVE-2025-55010

Published : Aug. 12, 2025, 4:15 p.m. | 1 hour, 27 minutes ago

Description : Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an...

12.08.2025 18:34 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-20093 - Intel 800 Series Ethernet Privilege Escalation Vulnerability Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2025-20093 - Intel 800 Series Ethernet Privilege Escalation Vulnerability
CVE ID : CVE-2025-20093

Published : Aug. 12, 2025, 5:15 p.m. | 27 minutes ago

Description : Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R...

12.08.2025 18:29 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-5466 - "Ivanti Connect Secure and Ivanti Policy Secure Denial of Service Vulnerability" XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service

CVE-2025-5466 - "Ivanti Connect Secure and Ivanti Policy Secure Denial of Service Vulnerability"
CVE ID : CVE-2025-5466

Published : Aug. 12, 2025, 3:15 p.m. | 29 minutes ago

Description : XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before...

12.08.2025 15:59 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-43735 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS) A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.

CVE-2025-43735 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)
CVE ID : CVE-2025-43735

Published : Aug. 12, 2025, 1:15 p.m. | 2 hours, 29 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131,...

12.08.2025 15:53 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-40746 - "Siemens SIMATIC RTLS Locating Manager Remote Code Execution Vulnerability" A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions

CVE-2025-40746 - "Siemens SIMATIC RTLS Locating Manager Remote Code Execution Vulnerability"
CVE ID : CVE-2025-40746

Published : 12. August 2025 12:15 | 2 Stunden, 4 Minuten ago

Description : A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versi...

12.08.2025 15:08 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-40743 - Siemens SINUMERIK VNC Authentication Bypass A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions

CVE-2025-40743 - Siemens SINUMERIK VNC Authentication Bypass
CVE ID : CVE-2025-40743

Published : 12. August 2025 12:15 | 2 Stunden, 4 Minuten ago

Description : A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5...

12.08.2025 15:03 — 👍 0 🔁 0 💬 0 📌 0

CVE-2024-54678 - Siemens SIMATIC and TIA Portal Named Pipe Remote Code Execution Vulnerability A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions

CVE-2024-54678 - Siemens SIMATIC and TIA Portal Named Pipe Remote Code Execution Vulnerability
CVE ID : CVE-2024-54678

Published : 12. August 2025 12:15 | 2 Stunden, 4 Minuten ago

Description : A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), S...

12.08.2025 14:58 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-43736 - Liferay Portal Liferay DXP File Upload Denial Of Service (DOS) A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload more than 300kb profile picture …

CVE-2025-43736 - Liferay Portal Liferay DXP File Upload Denial Of Service (DOS)
CVE ID : CVE-2025-43736

Published : Aug. 12, 2025, 11:15 a.m. | 29 minutes ago

Description : A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4....

12.08.2025 12:09 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8885 - Bouncy Castle for Java Resource Allocation Denial of Service Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through …

CVE-2025-8885 - Bouncy Castle for Java Resource Allocation Denial of Service
CVE ID : CVE-2025-8885

Published : Aug. 12, 2025, 10:15 a.m. | 1 hour, 29 minutes ago

Description : Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Cas...

12.08.2025 12:08 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-26398 - SolarWinds Database Performance Analyzer Cryptographic Key Disclosure SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.

CVE-2025-26398 - SolarWinds Database Performance Analyzer Cryptographic Key Disclosure
CVE ID : CVE-2025-26398

Published : Aug. 12, 2025, 8:15 a.m. | 3 hours, 29 minutes ago

Description : SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptogr...

12.08.2025 12:03 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-41686 - Microsoft NSSM Elevation of Privilege A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.

CVE-2025-41686 - Microsoft NSSM Elevation of Privilege
CVE ID : CVE-2025-41686

Published : Aug. 12, 2025, 8:15 a.m. | 3 hours, 29 minutes ago

Description : A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain ...

12.08.2025 11:58 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8059 - WordPress B Blocks Privilege Escalation The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.

CVE-2025-8059 - WordPress B Blocks Privilege Escalation
CVE ID : CVE-2025-8059

Published : Aug. 12, 2025, 5:15 a.m. | 2 hours, 29 minutes ago

Description : The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper i...

12.08.2025 08:34 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8081 - Elementor WordPress Arbitrary File Read Vulnerability The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files …

CVE-2025-8081 - Elementor WordPress Arbitrary File Read Vulnerability
CVE ID : CVE-2025-8081

Published : Aug. 12, 2025, 6:15 a.m. | 1 hour, 29 minutes ago

Description : The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and inc...

12.08.2025 08:29 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-3892 - Axis ACAP Privilege Escalation Vulnerability ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVE-2025-3892 - Axis ACAP Privilege Escalation Vulnerability
CVE ID : CVE-2025-3892

Published : Aug. 12, 2025, 6:15 a.m. | 1 hour, 29 minutes ago

Description : ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This v...

12.08.2025 08:24 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8482 - WordPress Simple Local Avatars Unauthenticated Data Modification Vulnerability The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.

CVE-2025-8482 - WordPress Simple Local Avatars Unauthenticated Data Modification Vulnerability
CVE ID : CVE-2025-8482

Published : Aug. 12, 2025, 7:15 a.m. | 29 minutes ago

Description : The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modificat...

12.08.2025 08:19 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8418 - WordPress B Slider-Gutenberg Slider Block Plugin Arbitrary Plugin Installation Vulnerability The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install …

CVE-2025-8418 - WordPress B Slider-Gutenberg Slider Block Plugin Arbitrary Plugin Installation Vulnerability
CVE ID : CVE-2025-8418

Published : Aug. 12, 2025, 7:15 a.m. | 29 minutes ago

Description : The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vul...

12.08.2025 08:14 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8874 - Elementor Addons - WordPress Stored Cross-Site Scripting Vulnerability The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated …

CVE-2025-8874 - Elementor Addons - WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8874

Published : Aug. 12, 2025, 7:15 a.m. | 29 minutes ago

Description : The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Condition...

12.08.2025 08:09 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-6253 - "UiCore Elements WordPress Arbitrary File Read Vulnerability" The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient controls on the filename specified. This makes it possible for unauthenticated attackers …

CVE-2025-6253 - "UiCore Elements WordPress Arbitrary File Read Vulnerability"
CVE ID : CVE-2025-6253

Published : Aug. 12, 2025, 6:15 a.m. | 1 hour, 29 minutes ago

Description : The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable ...

12.08.2025 08:04 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8314 - WordPress Software Issue Manager Stored Cross-Site Scripting Vulnerability The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts …

CVE-2025-8314 - WordPress Software Issue Manager Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8314

Published : Aug. 12, 2025, 5:15 a.m. | 2 hours, 29 minutes ago

Description : The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Si...

12.08.2025 08:00 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8767 - WordPress AnWP Football Leagues Plugin CSV Injection Vulnerability The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in …

CVE-2025-8767 - WordPress AnWP Football Leagues Plugin CSV Injection Vulnerability
CVE ID : CVE-2025-8767

Published : Aug. 12, 2025, 7:15 a.m. | 29 minutes ago

Description : The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up ...

12.08.2025 07:57 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-30027 - Axis ACAP Code Execution Vulnerability An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVE-2025-30027 - Axis ACAP Code Execution Vulnerability
CVE ID : CVE-2025-30027

Published : Aug. 12, 2025, 6:15 a.m. | 1 hour, 29 minutes ago

Description : An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This...

12.08.2025 07:54 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-47444 - Liquid Web GiveWP Sensitive Data Retrieval Vulnerability Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1.

CVE-2025-47444 - Liquid Web GiveWP Sensitive Data Retrieval Vulnerability
CVE ID : CVE-2025-47444

Published : Aug. 12, 2025, 7:15 a.m. | 29 minutes ago

Description : Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embe...

12.08.2025 07:51 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-7622 - Apache Server-Side Request Forgery During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.

CVE-2025-7622 - Apache Server-Side Request Forgery
CVE ID : CVE-2025-7622

Published : Aug. 12, 2025, 5:15 a.m. | 2 hours, 29 minutes ago

Description : During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated...

12.08.2025 07:49 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-42950 - SAP SLT ABAP Code Injection Vulnerability SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system …

CVE-2025-42950 - SAP SLT ABAP Code Injection Vulnerability
CVE ID : CVE-2025-42950

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function mo...

12.08.2025 04:25 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-42975 - SAP NetWeaver Application Server ABAP Cross-Site Scripting (XSS) SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information …

CVE-2025-42975 - SAP NetWeaver Application Server ABAP Cross-Site Scripting (XSS)
CVE ID : CVE-2025-42975

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft ...

12.08.2025 04:20 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-8568 - WordPress GMap Generator Stored Cross-Site Scripting Vulnerability The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in …

CVE-2025-8568 - WordPress GMap Generator Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8568

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ ...

12.08.2025 04:15 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-42945 - SAP NetWeaver Application Server ABAP HTML Injection Vulnerability SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There …

CVE-2025-42945 - SAP NetWeaver Application Server ABAP HTML Injection Vulnerability
CVE ID : CVE-2025-42945

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacke...

12.08.2025 04:10 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-42946 - SAP S/4HANA (Bank Communication Management) Directory Traversal Vulnerability Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacker to potentially read or delete these files hence …

CVE-2025-42946 - SAP S/4HANA (Bank Communication Management) Directory Traversal Vulnerability
CVE ID : CVE-2025-42946

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Manageme...

12.08.2025 04:05 — 👍 0 🔁 0 💬 0 📌 0

CVE-2025-42942 - SAP NetWeaver Application Server for ABAP Cross-Site Scripting (XSS) SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the …

CVE-2025-42942 - SAP NetWeaver Application Server for ABAP Cross-Site Scripting (XSS)
CVE ID : CVE-2025-42942

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this...

12.08.2025 04:00 — 👍 0 🔁 0 💬 0 📌 0

CVE Alerts

Latest posts by cve.skyfleet.blue on Bluesky

@cve.skyfleet.blue is following 5 prominent accounts