Total
79790 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2677 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2678 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25251 | 1 Fortinet | 1 Forticlient | 2025-06-04 | N/A | 7.8 HIGH |
| An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | |||||
| CVE-2025-5332 | 1 1000projects | 1 Online Notice Board | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48476 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 8.8 HIGH |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48477 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 8.1 HIGH |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-2679 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2680 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker.php?ltid=1. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13260 | 1 Migrate Queue Importer Project | 1 Migrate Queue Importer | 2025-06-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | |||||
| CVE-2024-13259 | 1 Image Sizes Project | 1 Image Sizes | 2025-06-04 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | |||||
| CVE-2024-13256 | 1 Email Contact Project | 1 Email Contact | 2025-06-04 | N/A | 7.5 HIGH |
| Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | |||||
| CVE-2025-31678 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2025-06-04 | N/A | 8.2 HIGH |
| Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3. | |||||
| CVE-2025-31677 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2025-06-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2. | |||||
| CVE-2023-6620 | 1 Wpexperts | 1 Post Smtp | 2025-06-04 | N/A | 7.2 HIGH |
| The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2023-3179 | 1 Wpexperts | 1 Post Smtp | 2025-06-04 | N/A | 8.8 HIGH |
| The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). | |||||
| CVE-2023-52233 | 1 Wpexperts | 1 Post Smtp | 2025-06-04 | N/A | 8.6 HIGH |
| Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. | |||||
| CVE-2023-3082 | 1 Wpexperts | 1 Post Smtp | 2025-06-04 | N/A | 7.2 HIGH |
| The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2025-06-04 | N/A | 8.8 HIGH |
| Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | |||||
| CVE-2025-27956 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | |||||
| CVE-2025-20298 | 2025-06-04 | N/A | 8.0 HIGH | ||
| In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents. | |||||