Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-4251

Published : May 4, 2025, 10:15 p.m. | 1 hour, 17 minutes ago

Description : A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4252

Published : May 4, 2025, 11:15 p.m. | 17 minutes ago

Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component APPEND Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4253

Published : May 4, 2025, 11:15 p.m. | 17 minutes ago

Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4247

Published : May 4, 2025, 5:15 a.m. | 6 hours, 12 minutes ago

Description : A vulnerability, which was classified as critical, was found in SourceCodester Simple To-Do List System 1.0. Affected is an unknown function of the file /delete_task.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4248

Published : May 4, 2025, 6:15 a.m. | 5 hours, 12 minutes ago

Description : A vulnerability has been found in SourceCodester Simple To-Do List System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /complete_task.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4249

Published : May 4, 2025, 7:15 a.m. | 4 hours, 12 minutes ago

Description : A vulnerability was found in PHPGurukul e-Diary Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage-categories.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4250

Published : May 4, 2025, 9:17 a.m. | 2 hours, 10 minutes ago

Description : A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47244

Published : May 3, 2025, 11:15 p.m. | 2 hours, 16 minutes ago

Description : Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47245

Published : May 4, 2025, 12:15 a.m. | 1 hour, 16 minutes ago

Description : In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4240

Published : May 3, 2025, 6:15 p.m. | 3 hours, 16 minutes ago

Description : A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. This issue affects some unknown processing of the component LCD Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4241

Published : May 3, 2025, 6:15 p.m. | 3 hours, 16 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1838

Published : May 3, 2025, 7:15 p.m. | 2 hours, 16 minutes ago

Description : IBM Cloud Pak for Business Automation

24.0.0 and 24.0.1 through 24.0.1 IF001

Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4242

Published : May 3, 2025, 7:15 p.m. | 2 hours, 16 minutes ago

Description : A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/between-dates-report.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4243

Published : May 3, 2025, 7:15 p.m. | 2 hours, 16 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Online Bus Reservation System 1.0. Affected by this issue is some unknown functionality of the file /print.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4244

Published : May 3, 2025, 8:15 p.m. | 1 hour, 16 minutes ago

Description : A vulnerability, which was classified as critical, was found in code-projects Online Bus Reservation System 1.0. This affects an unknown part of the file /seatlocation.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-47241

Published : May 3, 2025, 9:15 p.m. | 16 minutes ago

Description : In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37799

Published : May 3, 2025, 12:15 p.m. | 5 hours, 16 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp

vmxnet3 driver’s XDP handling is buggy for packet sizes using ring0 (that
is, packet sizes between 128 – 3k bytes).

We noticed MTU-related connectivity issues with Cilium’s service load-
balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP
backend service where the XDP LB was doing IPIP encap led to overly large
packet sizes but only for *some* of the packets (e.g. HTTP GET request)
while others (e.g. the prior TCP 3WHS) looked completely fine on the wire.

In fact, the pcap recording on the backend node actually revealed that the
node with the XDP LB was leaking uninitialized kernel data onto the wire
for the affected packets, for example, while the packets should have been
152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes
was padded with whatever other data was in that page at the time (e.g. we
saw user/payload data from prior processed packets).

We only noticed this through an MTU issue, e.g. when the XDP LB node and
the backend node both had the same MTU (e.g. 1500) then the curl request
got dropped on the backend node’s NIC given the packet was too large even
though the IPIP-encapped packet normally would never even come close to
the MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let
the curl request succeed (which also indicates that the kernel ignored the
padding, and thus the issue wasn’t very user-visible).

Commit e127ce7699c1 (“vmxnet3: Fix missing reserved tailroom”) was too eager
to also switch xdp_prepare_buff() from rcd->len to rbi->len. It really needs
to stick to rcd->len which is the actual packet length from the descriptor.
The latter we also feed into vmxnet3_process_xdp_small(), by the way, and
it indicates the correct length needed to initialize the xdp->{data,data_end}
parts. For e127ce7699c1 (“vmxnet3: Fix missing reserved tailroom”) the
relevant part was adapting xdp_init_buff() to address the warning given the
xdp_data_hard_end() depends on xdp->frame_sz. With that fixed, traffic on
the wire looks good again.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4236

Published : May 3, 2025, 2:15 p.m. | 3 hours, 16 minutes ago

Description : A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4237

Published : May 3, 2025, 3:15 p.m. | 2 hours, 16 minutes ago

Description : A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41753

Published : May 3, 2025, 4:15 p.m. | 1 hour, 16 minutes ago

Description : IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…