NVD disclosure day

Published threat advisories for April 28, 2025

CVE advisoryCRITICAL

CVE-2025-45953

PHPGurukul Hostel Management System Session Hijacking Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the PHPGurukul Hostel Management System allows for session hijacking, potentially enabling remote attackers to take over user accounts by exploiting improper session data handling. This could grant unauthorized access to sensitive information within the system.

CVE advisoryCRITICAL

CVE-2025-45947

phpgurukul Online Banquet Booking System Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An issue in the phpgurukul Online Banquet Booking System allows for arbitrary code execution via the change password component. This vulnerability is reachable over the network, and successful exploitation could impact system confidentiality, integrity, and availability. Confirming if this system is deployed is crucial