VasilVK/CVE

Releases0

A curated collection of CVEs discovered through focused research, real-world testing, and continuous learning. This repository highlights my commitment to uncovering vulnerabilities, analyzing their impact, and contributing to the cybersecurity community with practical insights.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-50485 ↗	Jul 28, 2025Monday, 28 July 2025, 20:17	7.1 HIGH	—
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
CVE-2025-50484 ↗	Jul 28, 2025Monday, 28 July 2025, 19:15	7.1 HIGH	—
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-50487 ↗	Jul 28, 2025Monday, 28 July 2025, 19:15	7.1 HIGH	—
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.
CVE-2025-50491 ↗	Jul 28, 2025Monday, 28 July 2025, 18:15	7.1 HIGH	—
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
CVE-2025-50492 ↗	Jul 28, 2025Monday, 28 July 2025, 18:15	7.5 HIGH	—
Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.
CVE-2025-50488 ↗	Jul 28, 2025Monday, 28 July 2025, 18:15	7.1 HIGH	—
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-50489 ↗	Jul 28, 2025Monday, 28 July 2025, 18:15	7.5 HIGH	—
Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVE-2025-50490 ↗	Jul 28, 2025Monday, 28 July 2025, 17:15	7.5 HIGH	—
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVE-2025-50493 ↗	Jul 28, 2025Monday, 28 July 2025, 17:15	7.5 HIGH	—
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
CVE-2025-50494 ↗	Jul 28, 2025Monday, 28 July 2025, 17:15	7.5 HIGH	—
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
CVE-2025-45953 ↗	Apr 28, 2025Monday, 28 April 2025, 20:15	9.1 CRITICAL	—
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
CVE-2025-45949 ↗	Apr 28, 2025Monday, 28 April 2025, 20:15	9.8 CRITICAL	—
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
CVE-2025-45947 ↗	Apr 28, 2025Monday, 28 April 2025, 20:15	9.8 CRITICAL	—
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component