Development

CVE ID : CVE-2025-4695

Published : May 15, 2025, 1:16 p.m. | 2 hours, 1 minute ago

Description : A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4696

Published : May 15, 2025, 1:16 p.m. | 2 hours, 1 minute ago

Description : A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4697

Published : May 15, 2025, 1:16 p.m. | 2 hours, 1 minute ago

Description : A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44180

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44181

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44182

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber’ in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44183

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46052

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4516

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : There is an issue in CPython when using `bytes.decode(“unicode_escape”, error=”ignore|replace”)`. If you are not using the “unicode_escape” encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4698

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4699

Published : May 15, 2025, 2:15 p.m. | 1 hour, 2 minutes ago

Description : A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Machine learning engineering (MLE) involves developing, tuning, and deploying machine learning systems that require iterative experimentation, model optimization, and robust…

The blog discusses how end-to-end testing helps energy providers ensure reliable service by validating system performance, data accuracy, and security. It supports smooth operations, fast outage recovery, and seamless integration of new AI and ML technologies.
The post How End-to-End Testing Supports Grid Reliability for Energy Providers first appeared on TestingXperts.

CVE ID : CVE-2025-4564

Published : May 15, 2025, 12:15 p.m. | 42 minutes ago

Description : The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the ‘delpdf’ action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4762

Published : May 15, 2025, 12:15 p.m. | 42 minutes ago

Description : Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32002

Published : May 15, 2025, 9:15 a.m. | 1 hour, 44 minutes ago

Description : Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in I-O DATA network attached hard disk ‘HDL-T Series’ firmware Ver.1.21 and earlier when ‘Remote Link3 function’ is enabled. If exploited, a remote unauthenticated attacker may execute an arbitrary OS command.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32738

Published : May 15, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Missing authentication for critical function issue exists in I-O DATA network attached hard disk ‘HDL-T Series’ firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-31947

Published : May 15, 2025, 11:15 a.m. | 52 minutes ago

Description : Mattermost versions 10.6.x
Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3446

Published : May 15, 2025, 11:15 a.m. | 52 minutes ago

Description : Mattermost versions 10.6.x
Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3053

Published : May 15, 2025, 5:15 a.m. | 1 hour, 40 minutes ago

Description : The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…