Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2025-25355 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25356 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25357 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25897 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25898 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25901 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-1247 | A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. | 8.3 |
| 2025-02-13 | CVE-2024-13182 | The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. | 9.8 |
| 2025-02-13 | CVE-2024-13606 | Unspecified vulnerability in Wiselyhub JS Help Desk The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. | 7.5 |
| 2025-02-13 | CVE-2024-13867 | Cross-site Scripting vulnerability in Tangiblewp Listivo The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. | 6.1 |