NVD disclosure day
CVE-2025-4784
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An SQL injection vulnerability exists in Moderec Tourtella, allowing attackers to manipulate database commands over the network. This could lead to unauthorized access, modification, or deletion of sensitive information. Readers should care because this impacts database integrity and confidentiality.
CVE-2025-5243
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An unrestricted file upload and OS command injection vulnerability exists in SMG Software Information Portal, potentially allowing attackers to upload a web shell or inject code to compromise the web server. This issue affects versions prior to June 13, 2025, and is network-exploitable.
CVE-2025-4822
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A SQL Injection vulnerability exists in ScadaWatt Otopilot, allowing attackers to inject malicious commands. If reachable, this could lead to unauthorized access, modification of data, or disruption of operations, impacting critical industrial control systems.