Total
79004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4818 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4817 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4816 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4815 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4814 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4190 | 2025-05-19 | N/A | 7.2 HIGH | ||
| The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | |||||
| CVE-2025-26785 | 2025-05-19 | N/A | 7.5 HIGH | ||
| An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2025-24661 | 2025-05-19 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8. | |||||
| CVE-2025-4872 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4871 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4848 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4837 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4836 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4716 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4715 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/view_application.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4714 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/reprint.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4713 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. The manipulation of the argument sid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4712 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/account_summary.php. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47948 | 2025-05-19 | N/A | 7.2 HIGH | ||
| Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the `/echo <qqbot-at-everyone />` command to cause the bot to send a message that mentions all members in the chat, bypassing any permission controls. This can lead to spam, disruption, or abuse of notification systems. Version 1.6.2 contains a patch for the issue. | |||||
| CVE-2025-47785 | 2025-05-19 | N/A | 8.3 HIGH | ||
| Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | |||||