Security Vulnerabilities - CVEs Published In February 2025
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-13
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVSS Score
7.2
EPSS Score
0.02
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
CVSS Score
9.8
EPSS Score
0.021
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVSS Score
9.8
EPSS Score
0.021
Published
2025-02-13
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
4.9
EPSS Score
0.002
Published
2025-02-13
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-13
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
CVSS Score
7.2
EPSS Score
0.02
Published
2025-02-13
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
CVSS Score
7.2
EPSS Score
0.02
Published
2025-02-13