Security Vulnerabilities - CVEs Published In May 2025
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.
CVSS Score
9.3
EPSS Score
0.002
Published
2025-05-27
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-05-27
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-05-27
A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-05-27
An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-05-27
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists in the GPRS protocol implementation because of a mismatch between the actual length of the payload and the length declared within the payload.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-27
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.
CVSS Score
4.4
EPSS Score
0.001
Published
2025-05-27
A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 1.0. Affected is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-05-27
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-05-27
In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-05-27