Security Vulnerabilities - CVEs Published In April 2025
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-30
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-04-30
A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-04-30
A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-30
A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-30
A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-04-30
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-30
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-04-30
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-04-30
A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-04-30