Vulnerability Details

CVE-2025-29045 • published on April 17, 2025 Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value

CVE-2025-29047 • published on April 17, 2025 Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser

CVE-2025-29181 • published on April 17, 2025 FOXCMS = V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.

CVE-2025-29180 • published on April 17, 2025 In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.

CVE-2025-29316 • published on April 17, 2025 An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because the watermark is added by hooking into the OS printing mechanism, and thus is not supposed to be visible when previewing a "generated printout" on screen. The Supplier disputes the Screenshot Watermark Bypass claim because the product's documentation explains the step of setting Developer Tools to Disallowed through AD Group Policy.

CVE-2025-29453 • published on April 17, 2025 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.

CVE-2025-29455 • published on April 17, 2025 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.

CVE-2025-29458 • published on April 17, 2025 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

CVE-2025-29460 • published on April 17, 2025 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

CVE-2025-29451 • published on April 17, 2025 An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.

CVE-2025-29452 • published on April 17, 2025 An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.

CVE-2025-29461 • published on April 17, 2025 An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.

CVE-2025-29456 • published on April 17, 2025 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.

CVE-2025-29459 • published on April 17, 2025 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

CVE-2025-29449 • published on April 17, 2025 An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.

CVE-2025-29450 • published on April 17, 2025 An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.

CVE-2025-29454 • published on April 17, 2025 An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.

CVE-2025-29457 • published on April 17, 2025 An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

CVE-2025-29661 • published on April 17, 2025 Litepubl CMS = 7.0.9 is vulnerable to RCE in admin/service/run.

CVE-2025-29722 • published on April 17, 2025 A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.

Recent Vulnerabilities