Aggregator

A vulnerability has been found in Apple macOS up to 10.14.5 and classified as critical. This vulnerability affects unknown code of the component Found in Apps. The manipulation leads to information disclosure. This vulnerability was named CVE-2019-8663. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #501408 / VDB-296605

Submit #501365 / VDB-296604

Submit #501349 / VDB-296603

A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. This vulnerability was named CVE-2025-1612. The attack can be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2025-1611. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #501309 / VDB-296602

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. This vulnerability is handled as CVE-2025-1610. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. This vulnerability is known as CVE-2025-1609. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. This vulnerability is traded as CVE-2025-1608. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #501211 / VDB-296601

Submit #501024 / VDB-296600

Submit #501023 / VDB-296599

Submit #501022 / VDB-296598

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authorization bypass. The identification of this vulnerability is CVE-2025-1607. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-1606. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in scottpaterson Accept Donations with PayPal & Stripe Plugin up to 1.4.4 on WordPress. This affects an unknown part. The manipulation of the argument rf leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13728. It is possible to initiate the attack remotely. There is no exploit available.

Submit #498432 / VDB-296597

Submit #498421 / VDB-296596

A vulnerability was found in Advantech EKI-6333AC-2G, EKI-6333AC-2GD and EKI-6333AC-1GPO. It has been classified as critical. Affected is an unknown function of the component Backup Configuration Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-50377. It is possible to launch the attack remotely. There is no exploit available.