6.9

CVSS4.0

CVE-2025-2473 - PHPGurukul Company Visitor Management System Sign In index.php sql injection

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Sign In. The manipulation of the argument username leads to sql injection. The attack may be launche…

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: May 21, 2025, 8:59 p.m.

9.8

CVSS3.1

CVE-2025-25595 -

A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 8:38 p.m.

7.3

CVSS3.1

CVE-2025-25585 -

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: June 19, 2025, 12:16 a.m.

6.1

CVSS3.1

CVE-2025-25582 -

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml.

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: April 2, 2025, 12:27 p.m.

8.1

CVSS3.1

CVE-2025-25589 -

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-44313 -

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: April 2, 2025, 12:30 p.m.

8.1

CVSS3.1

CVE-2025-30142 -

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of an already-paired device through ARP s…

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: July 1, 2025, 9:04 p.m.

7.5

CVSS3.1

CVE-2025-30140 -

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and pote…

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: July 1, 2025, 9:04 p.m.

7.5

CVSS3.1

CVE-2025-30116 -

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092…

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: May 22, 2025, 7:43 p.m.

9.1

CVSS3.1

CVE-2025-30114 -

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the authenticat…

πŸ“… Published: March 18, 2025, midnight πŸ”„ Last Modified: May 22, 2025, 7:46 p.m.
Total resulsts: 349182
Page 6313 of 34,919
Β« previous page Β» next page
Filters