CVE ID : CVE-2025-4029

Published : April 28, 2025, 5:15 p.m. | 1 hour, 50 minutes ago

Description : A vulnerability was found in code-projects Personal Diary Management System 1.0 and classified as critical. Affected by this issue is the function addrecord of the component New Record Handler. The manipulation of the argument filename leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12706

Published : April 28, 2025, 6:15 p.m. | 50 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in OpenText™ Digital Asset Management. T

he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database.

This issue affects Digital Asset Management.: through 24.4.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4030

Published : April 28, 2025, 6:15 p.m. | 50 minutes ago

Description : A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. This affects an unknown part of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4031

Published : April 28, 2025, 6:15 p.m. | 50 minutes ago

Description : A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The 4MLinux project has released version 48.0 of its lightweight operating system for games, system recovery, multimedia, and network services. Version 48.0 focuses on improving multimedia support: “The status of the 4MLinux 48.0 series has been changed to STABLE. Edit your documents with LibreOffice 25.2 and GNOME Office….

Free42 is a re-implementation of the HP-42S Scientific Programmable Calculator and HP-82240 Printer. The post Free42 is an HP-42S calculator…

iOS and Android juice jacking defenses have been trivial to bypass for years

SON OF JUICE JACKING ARISES
New ChoiceJacking attack allows malicious chargers to steal data from phones.
Credit:
Aurich Lawson | Getty Images
About a decade ago, Apple and Google started updating iOS …
Read more

Published Date:
Apr 28, 2025 (4 hours, 23 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24193

CVE-2024-54096

CVE-2024-43085

CVE-2024-20900

CVE ID : CVE-2025-4018

Published : April 28, 2025, 12:15 p.m. | 2 hours, 50 minutes ago

Description : A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4019

Published : April 28, 2025, 12:15 p.m. | 2 hours, 50 minutes ago

Description : A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32472

Published : April 28, 2025, 1:15 p.m. | 1 hour, 50 minutes ago

Description : The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46661

Published : April 28, 2025, 1:15 p.m. | 1 hour, 35 minutes ago

Description : IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4020

Published : April 28, 2025, 1:15 p.m. | 1 hour, 50 minutes ago

Description : A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4021

Published : April 28, 2025, 1:15 p.m. | 1 hour, 50 minutes ago

Description : A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4022

Published : April 28, 2025, 2:15 p.m. | 50 minutes ago

Description : A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target[“url”] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4023

Published : April 28, 2025, 2:15 p.m. | 50 minutes ago

Description : A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…