Vulnerability Summary for the Week of August 25, 2025

2025-09-02 22:09

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
1000projects–Online Project Report Submission and Evaluation System	A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	2025-08-26	7.3	CVE-2025-9444
8bitkid–Yahoo! WebPlayer	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6.	2025-08-28	7.1	CVE-2025-53215
Aaron Axelsen–WPMU Ldap Authentication	Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1.	2025-08-28	7.1	CVE-2025-48343
add-ons.org–Drag and Drop File Upload for Elementor Forms	Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3.	2025-08-28	10	[…] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of August 25, 2025 Tags: Bulletins EN Post navigation ← IT Security News Hourly Summary 2025-09-02 21h : 4 posts A Q&A with Cybersecurity Specialist at Bayside → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts Why Threat Intelligence: A Conversation With Unit 42 Interns September 3, 2025 TDL 002 \| Defending the DNS: How Quad9 Protects the Internet with John Todd September 3, 2025 Smart Approaches to Non-Human Identity Detection September 3, 2025 Secrets Management that Fits Your Budget September 3, 2025 Stay Ahead with Proactive Secrets Security September 3, 2025 Missed jury duty? Scammers hope you think so September 3, 2025 Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift September 3, 2025 Top 10 Best API Penetration Companies In 2025 September 3, 2025 No Time for Cybersecurity Complacency in 2025 September 3, 2025 Building Cyber Resilience: Overcoming Supply Chain Vulnerabilities with a Zero Trust Security Strategy September 3, 2025 Innovator Spotlight: Skyhawk Security September 3, 2025 Innovator Spotlight: Plainsea September 3, 2025 Amazon is quietly axing a big Prime shipping perk. Here’s what’s going away – and when September 2, 2025 2FAS Pass: local-first password manager from the makers of 2FAS Auth September 2, 2025 Stop Leaking Secrets: The Hidden Danger in Test Automation and How Vault Can Fix It September 2, 2025 Apple’s new chatbot reportedly rolls out ahead of iPhone 17 – but it’s not for you September 2, 2025 Finally, a Samsung phone that I’d put my S25 Ultra away for (especially at this price) September 2, 2025 This man tracked his stolen luggage with an AirTag – and found himself in a bizarre scene September 2, 2025 New Phishing Attack Via OneDrive Attacking C-level Employees for Corporate Credentials September 2, 2025 Google Confirms That Claims of Major Gmail Security Warning are False September 2, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}