Security Vulnerabilities - CVEs Published In July 2025
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-07-18
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-07-18
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-18
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-07-18
Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-18
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.4.6 fixes the issue.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-18
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-07-18
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out_port/proto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-07-18