7.6
CVE-2025-23178 - Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
7.6
CVE-2025-23177 - Ribbon Communications - CWE-427: Uncontrolled Search Path Element
CWE-427: Uncontrolled Search Path Element
6.9
CVE-2025-4071 - PHPGurukul COVID19 Testing Management System test-details.php sql injection
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attack can be initiated remotely. The exploit hasβ¦
6.9
CVE-2025-4070 - PHPGurukul Rail Pass Management System changeimage.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit haβ¦
9.3
CVE-2025-40619 - Improper access control vulnerability in Bookgy
Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.
9.3
CVE-2025-40618 - SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA"Β Β parameter in /bkg_imprimir_comprobante.php
9.3
CVE-2025-40617 - SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.
6.1
CVE-2025-1551 - IBM Operational Decision Manager cross-site scripting
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discloβ¦
5.1
CVE-2025-40616 - Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php.
5.1
CVE-2025-40615 - Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php.