0.0
CVE-2025-52440 -
Not used
0.0
CVE-2025-52437 -
Not used
5.3
CVE-2025-6126 - PHPGurukul Rail Pass Management System contact.php cross site scripting
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotelyβ¦
8.4
CVE-2025-49124 - Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.10β¦
8.7
CVE-2025-3526 -
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-β¦
7.5
CVE-2025-49125 - Apache Tomcat: Security constraint bypass for pre/post-resources
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.Β When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by theβ¦
8.6
CVE-2025-3594 -
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server and (2) download and β¦
7.5
CVE-2025-48988 - Apache Tomcat: FileUpload large number of parts with headers DoS
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be β¦
4.8
CVE-2025-6125 - PHPGurukul Rail Pass Management System aboutus.php cross site scripting
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagedes leads to cross site scripting. It is possible to launch the attack remotely. The eβ¦
7.8
CVE-2025-36632 - Local Privilege Escalation
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.