Security Vulnerabilities
A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournament_details.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-01
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-09-01
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-09-01
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-09-01
In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-01
In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924624; Issue ID: MSV-3826.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-01
In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-09-01
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /student_signup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-01
A security vulnerability has been detected in Campcodes Online Feeds Product Inventory System 1.0. This vulnerability affects unknown code of the file /feeds/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-01
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/aluno of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-01