Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2025-25355 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25356 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25357 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25897 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25898 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25901 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2024-13606 | Unspecified vulnerability in Wiselyhub JS Help Desk The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. | 7.5 |
| 2025-02-12 | CVE-2024-56940 | Unspecified vulnerability in Learndash 6.7.1 An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads. | 7.5 |
| 2025-02-12 | CVE-2024-12673 | An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) local low complexity | 7.8 |
| 2025-02-12 | CVE-2024-11628 | Unspecified vulnerability in Telerik Kendo UI for VUE In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 7.2 |