Security Vulnerabilities
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-09-15
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vulnerable endpoint: /create-class.php.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-15
A vulnerability was detected in Campcodes Online Job Finder System 1.0. The impacted element is an unknown function of the file /eris/applicationform.php. The manipulation of the argument picture results in unrestricted upload. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-15
A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/us_transac.php?action=add. Executing manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-15
A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_searchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-15
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-15
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-09-15
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-09-15
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-09-15
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-15