Vulnerabilities (CVE)

Total 79743 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-13254 1 Rest Views Project 1 Rest Views 2025-06-04 N/A 7.5 HIGH
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.
CVE-2025-4886 1 Campcodes 1 Sales And Inventory System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-4813 1 Phpgurukul 1 Human Metapneumovirus Testing Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4812 1 Phpgurukul 1 Human Metapneumovirus 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4811 1 Codeastro 1 Pharmacy Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-13251 1 Registration Role Project 1 Registration Role 2025-06-04 N/A 8.8 HIGH
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.
CVE-2025-2676 1 Phpgurukul 1 Bank Locker Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2677 1 Phpgurukul 1 Bank Locker Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2678 1 Phpgurukul 1 Bank Locker Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-25251 1 Fortinet 1 Forticlient 2025-06-04 N/A 7.8 HIGH
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.
CVE-2025-5332 1 1000projects 1 Online Notice Board 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-48476 1 Freescout 1 Freescout 2025-06-04 N/A 8.8 HIGH
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180.
CVE-2025-48477 1 Freescout 1 Freescout 2025-06-04 N/A 8.1 HIGH
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180.
CVE-2025-2679 1 Phpgurukul 1 Bank Locker Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2680 1 Phpgurukul 1 Bank Locker Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker.php?ltid=1. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-13260 1 Migrate Queue Importer Project 1 Migrate Queue Importer 2025-06-04 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.
CVE-2024-13259 1 Image Sizes Project 1 Image Sizes 2025-06-04 N/A 7.5 HIGH
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2.
CVE-2024-13256 1 Email Contact Project 1 Email Contact 2025-06-04 N/A 7.5 HIGH
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.
CVE-2025-31678 1 Artificial Intelligence Project 1 Artificial Intelligence 2025-06-04 N/A 8.2 HIGH
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.
CVE-2025-31677 1 Artificial Intelligence Project 1 Artificial Intelligence 2025-06-04 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.