5.3
CVE-2025-4768 - feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload
A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotelyβ¦
4.8
CVE-2025-4767 - defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection
A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injectβ¦
6.9
CVE-2025-4766 - PHPGurukul Zoo Management System profile.php sql injection
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely.β¦
6.5
CVE-2025-4679 -
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
6.9
CVE-2025-4765 - PHPGurukul Zoo Management System contactus.php sql injection
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. Affected is an unknown function of the file /admin/contactus.php. The manipulation of the argument mobnum leads to sql injection. It is possible to launch the attack remotely. The exploit has beenβ¦
7.5
CVE-2025-1975 - Improper Validation of Array Index in ollama/ollama
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lβ¦
6.9
CVE-2025-4761 - PHPGurukul Complaint Management System admin-profile.php sql injection
A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The explβ¦
6.9
CVE-2025-4758 - PHPGurukul Beauty Parlour Management System contact.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclβ¦
6.9
CVE-2025-4757 - PHPGurukul Beauty Parlour Management System forgot-password.php sql injection
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit β¦
6.9
CVE-2025-4756 - D-Link DI-7003GV2 restart.asp denial of service
A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the publβ¦