Security Vulnerabilities
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID.
Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.
CVSS Score
3.7
EPSS Score
0.001
Published
2025-08-07
A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_OprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-08-07
A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-08-07
Azure OpenAI Elevation of Privilege Vulnerability
CVSS Score
10.0
EPSS Score
0.001
Published
2025-08-07
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-07
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVSS Score
8.2
EPSS Score
0.001
Published
2025-08-07
Azure Portal Elevation of Privilege Vulnerability
CVSS Score
9.1
EPSS Score
0.001
Published
2025-08-07
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-08-07
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-08-07
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
CVSS Score
5.6
EPSS Score
0.001
Published
2025-08-07