CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25389 |
Description: A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25388 |
Description: A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25387 |
Description: A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25357 |
Description: A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25356 |
Description: A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25355 |
Description: A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25354 |
Description: A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-25352 |
Description: A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-22962 |
Description: A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json endpoint, enabling arbitrary command execution on the underlying system. This vulnerability can lead to full system compromise, including unauthorized access, privilege escalation, and potentially full device takeover.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-22961 |
Description: A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|