Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-25744 | Out-of-bounds Write vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module. | 9.8 |
| 2025-02-12 | CVE-2025-25746 | Out-of-bounds Write vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module. | 9.8 |
| 2025-02-12 | CVE-2024-11343 | Path Traversal vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | 8.8 |
| 2025-02-12 | CVE-2024-12629 | Unspecified vulnerability in Telerik Kendoreact In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 7.2 |
| 2025-02-12 | CVE-2025-0332 | Path Traversal vulnerability in Telerik UI for Winforms In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. | 9.8 |
| 2025-02-12 | CVE-2025-0556 | Cleartext Transmission of Sensitive Information vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | 6.5 |
| 2025-02-12 | CVE-2025-1207 | A vulnerability was found in phjounin TFTPD64 4.64. high complexity CWE-404 | 3.1 |
| 2025-02-12 | CVE-2025-1208 | Cross-site Scripting vulnerability in Anisha Wazifa System 1.0 A vulnerability was found in code-projects Wazifa System 1.0. | 5.4 |
| 2025-02-12 | CVE-2025-25349 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter. | 9.8 |
| 2025-02-12 | CVE-2025-25351 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | 9.8 |