Total
1689 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2927 | 2025-03-28 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2916 | 2025-03-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12969 | 1 Fabianros | 1 Hospital Management System | 2025-03-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12976 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-2854 | 2025-03-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2022-4064 | 1 Dalli Project | 1 Dalli | 2025-03-28 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.3 is able to address this issue. The patch is identified as 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to upgrade the affected component. | |||||
| CVE-2025-2674 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2383 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2386 | 1 Phpgurukul | 1 Local Services Search Engine Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2681 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2682 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2683 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2734 | 2025-03-27 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2728 | 2025-03-27 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2732 | 2025-03-27 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2736 | 2025-03-27 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-2731 | 2025-03-27 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2738 | 2025-03-27 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2725 | 2025-03-27 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27632 | 2025-03-27 | N/A | 6.1 MEDIUM | ||
| A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning. | |||||