6
CVE-2025-40885 - Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
7.2
CVE-2025-3719 - Incorrect authorization for CLI in Guardian/CMC before 25.2.0
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/or โฆ
5.8
CVE-2025-3718 - Client-side path traversal in Guardian/CMC before 25.2.0
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting โฆ
5.3
CVE-2025-40676 - Mรบltiples vulnerabilidades en Negotiator de BBMRI-ERIC
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in '/apโฆ
5.1
CVE-2025-40649 - Mรบltiples vulnerabilidades en Negotiator de BBMRI-ERIC
Stored Cross-Site Scripting (XSS) in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure (BBMRI-ERIC), consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations/<postUIDโฆ
5.3
CVE-2025-11390 - PHPGurukul Cyber Cafe Management System POST Parameter search.php cross site scripting
A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attackโฆ
9.8
CVE-2025-0603 - SQLi in Callvision Healthcare's Callvision Emergency Code
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This issue affects Callvision Emergency Code: before V3.0.
8.7
CVE-2025-11389 - Tenda AC15 saveAutoQos stack-based overflow
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to thโฆ
8.7
CVE-2025-11388 - Tenda AC15 setNotUpgrade stack-based overflow
A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
8.7
CVE-2025-11387 - Tenda AC15 fast_setting_pppoe_set stack-based overflow
A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and mayโฆ