Security Vulnerabilities - CVEs Published In February 2025
The Qardio Arm iOS application exposes sensitive data such as usernames
and passwords in a plist file. This allows an attacker to log in to
production-level development accounts and access an engineering backdoor
in the application. The engineering backdoor allows the attacker to
send hex-based commands over a UI-based terminal.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-02-13
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
CVSS Score
8.6
EPSS Score
0.416
Published
2025-02-13
mySCADA myPRO Manager
is vulnerable to cross-site request forgery (CSRF), which could allow
an attacker to obtain sensitive information. An attacker would need to
trick the victim in to visiting an attacker-controlled website.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-02-13
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-13