Security Vulnerabilities
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument ref_cod_aluno leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
Vulnerability of exposing object heap addresses in the Ark eTS module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-09-05
Out-of-bounds read vulnerability in the runtime interpreter module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-09-05
Race condition vulnerability in the audio module.
Impact: Successful exploitation of this vulnerability may affect function stability.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-05
Race condition vulnerability in the device standby module.
Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-05
Permission verification vulnerability in the home screen module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-09-05
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-05
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx location blocks). The original implementation relied on fixed character offsets when parsing request URLs. Under certain malformed absolute-form Request-URIs, this could lead to incorrect path extraction depending on the application and environment. If proxy ACLs are used to protect sensitive endpoints such as /admin, this flaw could have allowed unauthorized access. The confidentiality impact depends on what data is exposed: if sensitive administrative data is exposed, the impact may be high, otherwise it may be moderate. This issue is fixed in version 4.9.6.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-05