Security Vulnerabilities - CVEs Published In April 2025
in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-04-07
A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. This issue affects some unknown processing of the file /payment_save.php. The manipulation of the argument mode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-04-07
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-04-07
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-04-07
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-04-07
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-07
A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. This vulnerability affects unknown code of the file /reservation_save.php. The manipulation of the argument first leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
6.9
EPSS Score
0.002
Published
2025-04-07
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
2.3
EPSS Score
0.001
Published
2025-04-07
A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-04-07
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
8.7
EPSS Score
0.011
Published
2025-04-07