CVE ID : CVE-2025-47749
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47751
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47752
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahyou function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47754
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47755
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47759
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47757
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4917
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument drivername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4923
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_delivery_update.php. The manipulation of the argument uploaded_file_cancelled leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47756
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47760
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47758
Published : May 19, 2025, 8:15 a.m. | 3 hours, 1 minute ago
Description : V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36560
Published : May 19, 2025, 9:15 a.m. | 1 hour, 29 minutes ago
Description : Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-27566
Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago
Description : Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-32999
Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago
Description : Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41429
Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago
Description : a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user’s session.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4924
Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago
Description : A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /user_void_transaction.php. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4925
Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago
Description : A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4927
Published : May 19, 2025, 10:15 a.m. | 1 hour, 1 minute ago
Description : A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4926
Published : May 19, 2025, 10:15 a.m. | 1 hour, 1 minute ago
Description : A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…