CVE-2025-10605
published 2025-09-17CVE-2025-10605: A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The…
PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.36%
28.3th percentile
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| portabilis | i-educar | <= 2.10.0 | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
| portabilis | i-educar | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cp3x-4pw5-xr6c: A security flaw has been discovered in Portabilis i-Educar up to 2
ghsa_unreviewed·2025-09-17
CVE-2025-10605 [MEDIUM] CWE-79 GHSA-cp3x-4pw5-xr6c: A security flaw has been discovered in Portabilis i-Educar up to 2
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
Red Hat
kernel: drm/xe/migrate: don't overflow max copy size
vendor_redhat·2025-09-11·CVSS 5.5
CVE-2025-39741 [MEDIUM] kernel: drm/xe/migrate: don't overflow max copy size
kernel: drm/xe/migrate: don't overflow max copy size
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/migrate: don't overflow max copy size
With non-page aligned copy, we need to use 4 byte aligned pitch, however
the size itself might still be close to our maximum of ~8M, and so the
dimensions of the copy can easily exceed the S16_MAX limit of the copy
command leading to the following assert:
xe 0000:03:00.0: [drm] Assertion `size / pitch > 1))` failed!
platform: BATTLEMAGE subplatform: 1
graphics: Xe2_HPG 20.01 step A0
media: Xe2_HPM 13.01 step A1
tile: 0 VRAM 10.0 GiB
GT: 0 type 1
WARNING: CPU: 23 PID: 10605 at drivers/gpu/drm/xe/xe_migrate.c:673 emit_copy+0x4b5/0x4e0 [xe]
To fix this account for the pitch when calculating the number of current
bytes to copy.
(
No detection rules found.
No public exploits indexed.
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10605.mdhttps://github.com/marcelomulder/CVE/blob/main/i-educar/Cross-Site%20Scripting%20(XSS)%20Reflected%20endpoint%20%60agenda_preferencias.php%60%20parameter%20%60tipoacao%60.mdhttps://vuldb.com/?ctiid.324625https://vuldb.com/?id.324625https://vuldb.com/?submit.649872https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10605.mdhttps://vuldb.com/?submit.649872
2025-09-17
Published