CVE-2025-2245 - Bitdefender GravityZone Update Server SSRF
CVE ID : CVE-2025-2245
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2245
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3235 - PHPGurukul Old Age Home Management System SQL Injection
CVE ID : CVE-2025-3235
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3235
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3236 - Tenda Web Management Interface Improper Access Control Vulnerability
CVE ID : CVE-2025-3236
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3236
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3237 - Tenda FH1202 File Access Control Vulnerability
CVE ID : CVE-2025-3237
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3237
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3238 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability
CVE ID : CVE-2025-3238
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3238
Published : April 4, 2025, 10:15 a.m. | 2 hours, 39 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22282 - EPC ez Form Calculator WordPress Plugin Cross-site Scripting Vulnerability
CVE ID : CVE-2025-22282
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n/a through 2.14.1.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22282
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n/a through 2.14.1.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3239 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability
CVE ID : CVE-2025-3239
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3239
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3240 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability
CVE ID : CVE-2025-3240
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3240
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3241 - Zhangyanbo2007 Youkefu XML External Entity Reference (XXE) Vulnerability
CVE ID : CVE-2025-3241
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3241
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3242 - PHPGurukul e-Diary Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3242
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3242
Published : April 4, 2025, 11:15 a.m. | 1 hour, 38 minutes ago
Description : A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3243 - Code-projects Patient Record Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3243
Published : April 4, 2025, 12:15 p.m. | 39 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3243
Published : April 4, 2025, 12:15 p.m. | 39 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3244 - SourceCodester Web-based Pharmacy Product Management System File Upload Vulnerability
CVE ID : CVE-2025-3244
Published : April 4, 2025, 12:15 p.m. | 39 minutes ago
Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3244
Published : April 4, 2025, 12:15 p.m. | 39 minutes ago
Description : A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3245 - iSourcecode Library Management System SQL Injection
CVE ID : CVE-2025-3245
Published : April 4, 2025, 12:15 p.m. | 39 minutes ago
Description : A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3245
Published : April 4, 2025, 12:15 p.m. | 39 minutes ago
Description : A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31420 - Tomdever wpForo Forum Privilege Escalation
CVE ID : CVE-2025-31420
Published : April 4, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31420
Published : April 4, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31421 - Oblak Studio Srbtranslatin Information Disclosure Vulnerability
CVE ID : CVE-2025-31421
Published : April 4, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31421
Published : April 4, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through 3.2.0.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3189 - DoWISP Stored Cross-Site Scripting
CVE ID : CVE-2025-3189
Published : April 4, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3189
Published : April 4, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51800 - Favethemes Homey Privilege Escalation Vulnerability
CVE ID : CVE-2024-51800
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51800
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22281 - Simplish Cross-site Scripting Vulnerability
CVE ID : CVE-2025-22281
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in joshix Simplish allows Stored XSS.This issue affects Simplish: from n/a through 2.6.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22281
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in joshix Simplish allows Stored XSS.This issue affects Simplish: from n/a through 2.6.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22285 - Eniture Technology Pallet Packaging for WooCommerce Missing Authorization Vulnerability
CVE ID : CVE-2025-22285
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22285
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28146 - Edimax Router Command Injection Vulnerability
CVE ID : CVE-2025-28146
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28146
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2798 - Woffice CRM for WordPress Authentication Bypass Vulnerability
CVE ID : CVE-2025-2798
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2798
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...