5.3
CVE-2025-12263 - code-projects Online Event Judging System edit_judge.php sql injection
A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
5.3
CVE-2025-12262 - code-projects Online Event Judging System edit_criteria.php sql injection
A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed anβ¦
4.3
CVE-2025-59463 - Denial-of-service (DoS) via chunk size mismatch
An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
6.5
CVE-2025-59462 - Denial-of-service (DoS) via delayed or missing client response
An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
7.6
CVE-2025-59461 - API does not require authentication
A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
7.5
CVE-2025-59460 - Unsecure access configuration
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.
5.5
CVE-2025-59459 - Denial-of-service (DoS) via resource consumption
An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.
8.4
CVE-2025-8432 - CentreonBI user account on the MBI server can execute commands as root by modifying script runned bβ¦
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts byΒ CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15.
5.3
CVE-2025-12261 - CodeAstro Gym Management System remove-announcement.php sql injection
A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and coβ¦
8.7
CVE-2025-12260 - TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to launβ¦