Security Vulnerabilities - CVEs Published In April 2025
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-16
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
CVSS Score
7.5
EPSS Score
0.008
Published
2025-04-16
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-16
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-16
A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component MIC Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-04-16
A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-04-16
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component MDTM Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-04-16
A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-04-16
CVE-2025-31200
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Known exploited
CVSS Score
6.8
EPSS Score
0.003
Published
2025-04-16
CVE-2025-31201
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Known exploited
CVSS Score
7.5
EPSS Score
0.002
Published
2025-04-16