CVE tracker
352 subscribers
4.78K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2025-28200 - Victure RX1800 Default Password Weakness

CVE ID : CVE-2025-28200
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28201 - Victure RX1800 Root RCE

CVE ID : CVE-2025-28201
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28202 - Victure RX1800 SSH/Telnet Authentication Bypass Vulnerability

CVE ID : CVE-2025-28202
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28203 - Victure RX1800 Command Injection Vulnerability

CVE ID : CVE-2025-28203
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45513 - Tenda FH451 Stack Overflow Vulnerability

CVE ID : CVE-2025-45513
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46188 - SourceCodester Client Database Management System SQL Injection

CVE ID : CVE-2025-46188
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46189 - SourceCodester Client Database Management System SQL Injection Vulnerability

CVE ID : CVE-2025-46189
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46193 - SourceCodester Client Database Management System Remote Code Execution Vulnerability

CVE ID : CVE-2025-46193
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4432 - Rust Ring QUIC Panic Vulnerability

CVE ID : CVE-2025-4432
Published : May 9, 2025, 4:15 p.m. | 2 hours, 38 minutes ago
Description : A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-8973 - GitLab GitHub Import Denial of Service

CVE ID : CVE-2024-8973
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0549 - GitLab OAuth Bypass Vulnerability

CVE ID : CVE-2025-0549
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1278 - GitLab IP Access Bypass Vulnerability

CVE ID : CVE-2025-1278
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29509 - Jan Electron RCE

CVE ID : CVE-2025-29509
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46190 - SourceCodester Client Database Management System SQL Injection

CVE ID : CVE-2025-46190
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46191 - SourceCodester Client Database Management System Remote Code Execution Vulnerability

CVE ID : CVE-2025-46191
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attackers can upload executable PHP files to a web-accessible directory (/files/). This allows them to execute arbitrary commands remotely by accessing the uploaded script, resulting in full Remote Code Execution (RCE) without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46192 - SourceCodester Client Database Management System SQL Injection

CVE ID : CVE-2025-46192
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4480 - Apache Code-Projects Simple College Management System Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-4480
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability was found in code-projects Simple College Management System 1.0. It has been declared as critical. This vulnerability affects the function input of the component Add New Student. The manipulation of the argument name/branch leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4481 - SourceCodester Apartment Visitor Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4481
Published : May 9, 2025, 5:15 p.m. | 1 hour, 38 minutes ago
Description : A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1993 - IBM App Connect Enterprise Certified Container Cryptographic Weakness

CVE ID : CVE-2025-1993
Published : May 9, 2025, 6:16 p.m. | 38 minutes ago
Description : IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4482 - Project Worlds Student Project Allocation System SQL Injection Vulnerability

CVE ID : CVE-2025-4482
Published : May 9, 2025, 6:16 p.m. | 38 minutes ago
Description : A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown functionality of the file /change_pass/forgot_password_sql.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4483 - iSourcecode Gym Management System SQL Injection Vulnerability

CVE ID : CVE-2025-4483
Published : May 9, 2025, 6:16 p.m. | 38 minutes ago
Description : A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_pdetails.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...