Security Vulnerabilities
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-20
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-08-20
QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into the page.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-20
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-08-20
QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-20
A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-08-20
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-20
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-20
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
CVSS Score
4.3
EPSS Score
0.0
Published
2025-08-20
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
CVSS Score
4.7
EPSS Score
0.0
Published
2025-08-20