6.6
CVE-2025-32744 -
Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
8.1
CVE-2025-54082 - nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability
marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the applβ¦
4.2
CVE-2025-36603 -
Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
0.0
CVE-2025-54371 -
This CVE is a duplicate of another CVE.
6.9
CVE-2025-7930 - code-projects Church Donation System add_members.php sql injection
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobile leads to sql injection. The attack can be launched remoteβ¦
6.9
CVE-2025-7929 - code-projects Church Donation System edit_Members.php sql injection
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit β¦
6.9
CVE-2025-7928 - code-projects Church Donation System edit_user.php sql injection
A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has bβ¦
5.3
CVE-2025-7927 - PHPGurukul Online Banquet Booking System view-user-queries.php sql injection
A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The explβ¦
5.3
CVE-2025-6235 - ExtremeControl (NAC) 'onmouseover' XSS
In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user'sβ¦
7.5
CVE-2025-4130 - Hardcoded Credentials in PAVO Inc.'s PAVO Pay
Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025.