Aggregator

A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. This vulnerability is known as CVE-2025-4153. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #560863 / VDB-306689

Submit #560856 / VDB-306688

Submit #560853 / VDB-306687

A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Affected is an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. This vulnerability is traded as CVE-2025-4152. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The identification of this vulnerability is CVE-2025-4151. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #560833 / VDB-306686

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. This vulnerability was named CVE-2025-4150. The attack can be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-4149. It is possible to initiate the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. This vulnerability is handled as CVE-2025-4148. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. This vulnerability is known as CVE-2025-4147. The attack can be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. This vulnerability is traded as CVE-2025-4146. It is possible to launch the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The identification of this vulnerability is CVE-2025-4145. The attack may be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #560809 / VDB-306685

Submit #560808 / VDB-306684

Submit #560806 / VDB-306683

Если это внедрят — жёсткие диски, сенсоры и магнитная память больше не будут прежними.

A vulnerability classified as problematic was found in Projectopia Plugin up to 5.1.16 on WordPress. This vulnerability affects the function pto_remove_logo. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-3952. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in NewsBlogger Theme up to 0.2.5.4 on WordPress. This affects the function newsblogger_install_and_activate_plugin of the component Plugin Installation Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-1305. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in List Children up to 2.1 on WordPress. It has been rated as problematic. Affected by this issue is the function list_children of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-4099. The attack may be launched remotely. There is no exploit available.