Security Vulnerabilities
A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-05-24
Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-23
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-05-23
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-05-23
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-23
PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-05-23
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-23
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-23
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVSS Score
9.8
EPSS Score
0.004
Published
2025-05-23
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-23