CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13973
https://notcve.org/view.php?id=CVE-2024-13973
21 Jul 2025 — A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13974
https://notcve.org/view.php?id=CVE-2024-13974
21 Jul 2025 — A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7926 – PHPGurukul Online Banquet Booking System booking-search.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7926
21 Jul 2025 — A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1SHG0BMHHfc-6XDm43_zYVrcZEYiUvdP9/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7382
https://notcve.org/view.php?id=CVE-2025-7382
21 Jul 2025 — A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled. A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OT... • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7624
https://notcve.org/view.php?id=CVE-2025-7624
21 Jul 2025 — An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6704
https://notcve.org/view.php?id=CVE-2025-6704
21 Jul 2025 — An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote ... • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7925 – PHPGurukul Online Banquet Booking System login.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7925
21 Jul 2025 — A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument user_login/userpassword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1CnrQn_-nSWLCUXJrwgrDFyI5D5MOzD-n/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7924 – PHPGurukul Online Banquet Booking System admin-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-7924
21 Jul 2025 — A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1vrvOnw662FZ7CIfhr5EnXPLRqwTRkJqA/view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41459 – Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS
https://notcve.org/view.php?id=CVE-2025-41459
21 Jul 2025 — Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection. • https://www.cirosec.de/sa/sa-2025-006 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0664
https://notcve.org/view.php?id=CVE-2025-0664
21 Jul 2025 — A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges. • https://thrive.trellix.com/s/article/000014450 • CWE-94: Improper Control of Generation of Code ('Code Injection') •