Security Vulnerabilities
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-30
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-30
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-04-30
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-30
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.013
Published
2025-04-30
A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-30
A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-04-30
A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-30
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-04-30