Security Vulnerabilities
A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-08-08
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID.
Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-08-07
Azure OpenAI Elevation of Privilege Vulnerability
CVSS Score
10.0
EPSS Score
0.001
Published
2025-08-07
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-07
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVSS Score
8.2
EPSS Score
0.001
Published
2025-08-07
Azure Portal Elevation of Privilege Vulnerability
CVSS Score
9.1
EPSS Score
0.001
Published
2025-08-07
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-08-07
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-08-07
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-08-07
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-07