CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4073
PHPGurukul Student Record System change-password.php sql injection
Description: A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in PHPGurukul Student Record System 3.20 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /change-password.php. Mittels Manipulieren des Arguments currentpassword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-4072
PHPGurukul Online Nurse Hiring System edit-nurse.php sql injection
Description: A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. Eine kritische Schwachstelle wurde in PHPGurukul Online Nurse Hiring System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/edit-nurse.php. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-4071
PHPGurukul COVID19 Testing Management System test-details.php sql injection
Description: A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul COVID19 Testing Management System 1.0 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /test-details.php. Durch Manipulation des Arguments Status mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-4070
PHPGurukul Rail Pass Management System changeimage.php sql injection
Description: A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in PHPGurukul Rail Pass Management System 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/changeimage.php. Durch die Manipulation des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-23179
Ribbon Communications - CWE-798: Use of Hard-coded Credentials
Description: CWE-798: Use of Hard-coded Credentials

CVSS: MEDIUM (5.5)

EPSS Score: 0.02%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-0716
AngularJS improper sanitization in SVG '' element
Description: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVSS: MEDIUM (4.8)

EPSS Score: 0.02%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-46673
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data...
Description: NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-46346
YesWiki Vulnerable to Stored XSS in Comments
Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the application fails to properly sanitize or encode user input submitted to the comments. Notably, the application sanitizes or does not allow execution of `` tags, but does not account for payloads obfuscated using JavaScript block comments like `/* JavaScriptPayload */`. This issue has been patched in version 4.5.4.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-4069
code-projects Product Management System add_item stack-based overflow
Description: A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in code-projects Product Management System 1.0 entdeckt. Es geht hierbei um die Funktion add_item. Mit der Manipulation des Arguments st.productname mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.01%

Source: CVE
April 29th, 2025 (2 months ago)

CVE-2025-4068
code-projects Simple Movie Ticket Booking System changeprize stack-based overflow
Description: A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. In code-projects Simple Movie Ticket Booking System 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion changeprize. Dank Manipulation des Arguments prize mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.01%

Source: CVE
April 29th, 2025 (2 months ago)