4.3
CVE-2025-47871 - Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informaโฆ
5.4
CVE-2025-46702 - Mattermost Playbooks allows privilege escalation through improper access control in playbook run paโฆ
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admiโฆ
5.3
CVE-2025-6915 - PHPGurukul Student Record System register.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The attack may be launched remotely. The exploiโฆ
5.3
CVE-2025-6914 - PHPGurukul Student Record System edit-student.php sql injection
A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of the argument fmarks2 leads to sql injection. The attack can be launched remotely. The exploit has bโฆ
4.6
CVE-2024-12915 - Reflected XSS in Devinim Software's Modified Koha Library Software
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02.
5.3
CVE-2025-6913 - PHPGurukul Student Record System admin-profile.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument aemailid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosโฆ
5.3
CVE-2025-6912 - PHPGurukul Student Record System manage-students.php sql injection
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been rated as critical. This issue affects some unknown processing of the file /manage-students.php. The manipulation of the argument del leads to sql injection. The attack may be initiated remotely. The exploit has been discโฆ
5.4
CVE-2025-2895 - IBM Cloud Pak System HTML injection
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting siโฆ
5.3
CVE-2025-6911 - PHPGurukul Student Record System manage-subjects.php sql injection
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /manage-subjects.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely. The exploit has been discโฆ
5.3
CVE-2025-6910 - PHPGurukul Student Record System session.php sql injection
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been classified as critical. This affects an unknown part of the file /session.php. The manipulation of the argument session leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosโฆ