Aggregator

Submit #558415 / VDB-306376

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. This vulnerability is handled as CVE-2025-4020. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #558413 / VDB-303261

Submit #558402 / VDB-306375

Submit #558366 / VDB-306374

Submit #558365 / VDB-306374

How Git Works

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. [...]

CamXploit: Discover and Analyze Exposed IP Cameras with Open Ports, Vulnerabilities, and Weak Credentials

A vulnerability has been found in Karaz Karazal up to 2025-04-14 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Default URI Handler. The manipulation of the argument lang leads to cross site scripting. This vulnerability is known as CVE-2025-46657. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-4019. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2025-4018. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-4017. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-4016. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-4015. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #558360 / VDB-306372

Submit #558377 / VDB-306371

Submit #558376 / VDB-306370

Submit #558375 / VDB-306369

Submit #558374 / VDB-306368