Security Vulnerabilities - CVEs Published In July 2025
A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.0
EPSS Score
0.001
Published
2025-07-07
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.0
EPSS Score
0.001
Published
2025-07-07
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.0
EPSS Score
0.001
Published
2025-07-07
Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-07-07
Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-07-07
A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as b2450530d1ddd0397a11001a72aa0fde401db16a. It is recommended to apply a patch to fix this issue.
CVSS Score
5.5
EPSS Score
0.008
Published
2025-07-07
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.0
EPSS Score
0.001
Published
2025-07-07
Permission bypass vulnerability in the calendar storage module
Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-07-07
Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-07
Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-07