Latest CVE Feed
-
6.5
CVSS31CVE-2025-52166
Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.2
CVSS31CVE-2025-52164
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52163
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-50586
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
0.0
NONECVE-2025-50585
StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-45157
Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
5.3
CVSS31CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
5.4
CVSS31CVE-2025-33014
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.5
CVSS31CVE-2025-7754
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The atta... Read more
Affected Products : patient_record_management_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
9.8
CVSS31CVE-2025-7753
A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is po... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
9.8
CVSS31CVE-2025-7752
A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql inject... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
9.8
CVSS31CVE-2025-7751
A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sq... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
9.8
CVSS31CVE-2025-7750
A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
5.3
CVSS31CVE-2025-7797
A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null poi... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.8
CVSS31CVE-2025-7796
A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible ... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.8
CVSS31CVE-2025-7795
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflo... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
3.5
CVSS31CVE-2025-53901
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is trig... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025