9.3
CVE-2025-3711 - ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
9.3
CVE-2025-3710 - ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
5.3
CVE-2025-4458 - code-projects Patient Record Management System edit_upatient.php sql injection
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_upatient.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remoteβ¦
6.9
CVE-2025-4457 - Project Worlds Car Rental Project approve.php sql injection
A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has beenβ¦
6.9
CVE-2025-4456 - Project Worlds Car Rental Project signup.php sql injection
A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to theβ¦
7.3
CVE-2025-4455 - Patch My PC Home Updater System.IO uncontrolled search path
A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdβ¦
5.3
CVE-2025-4454 - D-Link DIR-619L wake_on_lan command injection
A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wake_on_lan. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure. Tβ¦
5.3
CVE-2025-4453 - D-Link DIR-619L formSysCmd command injection
A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argument sysCmd leads to command injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure. Tβ¦
6.1
CVE-2025-4434 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
9.8
CVE-2025-3811 - WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Emβ¦
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the edit_newdata_customer_callback() functβ¦