6.9
CVE-2025-6342 - code-projects Online Shoe Store admin_football.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit β¦
5.3
CVE-2025-6341 - code-projects School Fees Payment System cross-site request forgery
A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
5.1
CVE-2025-6340 - code-projects School Fees Payment System branch.php cross site scripting
A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The eβ¦
6.9
CVE-2025-6339 - ponaravindb Hospital Management System func3.php sql injection
A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit haβ¦
8.7
CVE-2025-6337 - TOTOLINK A3002R/A3002RU HTTP POST Request formTmultiAP buffer overflow
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argumβ¦
8.7
CVE-2025-6336 - TOTOLINK EX1200T HTTP POST Request formTmultiAP buffer overflow
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possibleβ¦
7.2
CVE-2025-4102 - Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upβ¦
The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-levelβ¦
5.1
CVE-2025-6335 - DedeCMS Template dedetag.class.php command injection
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. β¦
8.7
CVE-2025-6334 - D-Link DIR-867 Query String strncpy stack-based overflow
A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the β¦
5.3
CVE-2025-6333 - PHPGurukul Directory Management System admin-profile.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploβ¦