Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-7480

Published : July 12, 2025, 4:15 p.m. | 2 hours, 26 minutes ago

Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /users/signup.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-41169

Published : July 12, 2025, 5:15 p.m. | 1 hour, 27 minutes ago

Description : The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server’s resources, including directories and files.

This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.

Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7481

Published : July 12, 2025, 5:15 p.m. | 1 hour, 27 minutes ago

Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /users/profile.php. The manipulation of the argument firstname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7482

Published : July 12, 2025, 5:15 p.m. | 1 hour, 27 minutes ago

Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. This vulnerability affects unknown code of the file /users/print.php. The manipulation of the argument vid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7483

Published : July 12, 2025, 6:15 p.m. | 26 minutes ago

Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. This issue affects some unknown processing of the file /users/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7484

Published : July 12, 2025, 6:15 p.m. | 26 minutes ago

Description : A vulnerability classified as critical has been found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/view-outgoingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-38648

Published : July 12, 2025, 4:15 a.m. | 44 minutes ago

Description : A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7459

Published : July 11, 2025, 9:15 p.m. | 3 hours, 52 minutes ago

Description : A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7457

Published : July 11, 2025, 9:15 p.m. | 3 hours, 52 minutes ago

Description : A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects an unknown part of the file /admin/manage_movie.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53636

Published : July 11, 2025, 10:15 p.m. | 2 hours, 52 minutes ago

Description : Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7460

Published : July 11, 2025, 10:15 p.m. | 2 hours, 52 minutes ago

Description : A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5199

Published : July 12, 2025, 12:15 a.m. | 52 minutes ago

Description : In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50121

Published : July 11, 2025, 10:15 a.m. | 9 hours, 59 minutes ago

Description : CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created
over the web interface HTTP when enabled. HTTP is disabled by default.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50122

Published : July 11, 2025, 10:15 a.m. | 9 hours, 59 minutes ago

Description : CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reverse engineered with access to installation or upgrade artifacts.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52950

Published : July 11, 2025, 3:15 p.m. | 4 hours, 59 minutes ago

Description : A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.

Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user’s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.

This issue affects Security Director version 24.4.1.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7026

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values (e.g., ‘$DB$’ or ‘2DB$’), the function performs arbitrary writes to System Management RAM (SMRAM), leading to potential privilege escalation to System Management Mode (SMM) and persistent firmware compromise.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52989

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.

A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration.

This issue affects:

 Junos OS: 

* all versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S7,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R1-S2, 24.4R2;

Junos OS Evolved:

* all versions before 22.4R3-S7-EVO,
* 23.2-EVO versions before 23.2R2-S4-EVO,
* 23.4-EVO versions before 23.4R2-S5-EVO, 
* 24.2-EVO versions before 24.2R2-S1-EVO

* 24.4-EVO versions before 24.4R2-EVO.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6549

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the

Juniper Web Device Manager

(J-Web).

When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces.
This issue affects Junos OS:

* all versions before 21.4R3-S9,
* 22.2 versions before 22.2R3-S5,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S5,
* 24.2 versions before 24.2R2.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7027

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firmware compromise.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7028

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions (ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo) that dereference both the structure and its nested members, such as BufAddr. This enables arbitrary read/write access to System Management RAM (SMRAM), allowing an attacker to corrupt firmware memory, exfiltrate SMRAM content via flash, or install persistent implants.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…