4.8
CVE-2025-5255 - TCC Bypass via Dylib Injection in Phoenix Code
The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use envirโฆ
5.3
CVE-2025-6331 - PHPGurukul Directory Management System search-directory.php sql injection
A vulnerability classified as critical was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-directory.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotelyโฆ
6.9
CVE-2025-6330 - PHPGurukul Directory Management System searchdata.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /searchdata.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been diโฆ
5.3
CVE-2025-6329 - ScriptAndTools Real Estate Management System User Delete userdelete.php authorization
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack mayโฆ
8.7
CVE-2025-6328 - D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow
A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public anโฆ
6.9
CVE-2025-6323 - PHPGurukul Pre-School Enrollment System enrollment.php sql injection
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /enrollment.php. The manipulation of the argument fathername leads to sql injection. It is possible to initiate the attack remotely. The exploit hasโฆ
6.9
CVE-2025-6322 - PHPGurukul Pre-School Enrollment System visit.php sql injection
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visit.php. The manipulation of the argument gname leads to sql injection. The attack may be launched remotely. The exploit has been โฆ
5.3
CVE-2025-6321 - PHPGurukul Pre-School Enrollment System add-subadmin.php sql injection
A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be launcheโฆ
5.3
CVE-2025-6320 - PHPGurukul Pre-School Enrollment System add-class.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The exploitโฆ
6.4
CVE-2025-6257 - Euro FxRef Currency Converter <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vโฆ
The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authโฆ