Total
79743 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-13254 | 1 Rest Views Project | 1 Rest Views | 2025-06-04 | N/A | 7.5 HIGH |
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | |||||
CVE-2025-4886 | 1 Campcodes | 1 Sales And Inventory System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
CVE-2025-4813 | 1 Phpgurukul | 1 Human Metapneumovirus Testing Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-4812 | 1 Phpgurukul | 1 Human Metapneumovirus | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-4811 | 1 Codeastro | 1 Pharmacy Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-13251 | 1 Registration Role Project | 1 Registration Role | 2025-06-04 | N/A | 8.8 HIGH |
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | |||||
CVE-2025-2676 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-2677 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-2678 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-25251 | 1 Fortinet | 1 Forticlient | 2025-06-04 | N/A | 7.8 HIGH |
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | |||||
CVE-2025-5332 | 1 1000projects | 1 Online Notice Board | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-48476 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 8.8 HIGH |
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180. | |||||
CVE-2025-48477 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 8.1 HIGH |
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180. | |||||
CVE-2025-2679 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-2680 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker.php?ltid=1. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-13260 | 1 Migrate Queue Importer Project | 1 Migrate Queue Importer | 2025-06-04 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | |||||
CVE-2024-13259 | 1 Image Sizes Project | 1 Image Sizes | 2025-06-04 | N/A | 7.5 HIGH |
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | |||||
CVE-2024-13256 | 1 Email Contact Project | 1 Email Contact | 2025-06-04 | N/A | 7.5 HIGH |
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | |||||
CVE-2025-31678 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2025-06-04 | N/A | 8.2 HIGH |
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3. | |||||
CVE-2025-31677 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2025-06-04 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2. |