6.9
CVE-2025-5365 - Campcodes Online Hospital Management System patient-search.php sql injection
A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. Tβ¦
5.1
CVE-2018-25111 -
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
6.9
CVE-2025-5364 - Campcodes Online Hospital Management System add-patient.php sql injection
A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection. The attack may be launched remotely. Thβ¦
6.9
CVE-2025-5363 - Campcodes Online Hospital Management System index.php sql injection
A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /doctor/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remoteβ¦
6.9
CVE-2025-5362 - Campcodes Online Hospital Management System doctor-specilization.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to launch the attβ¦
6.9
CVE-2025-5361 - Campcodes Online Hospital Management System contact.php sql injection
A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the file /contact.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The explβ¦
8.7
CVE-2025-48882 - PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.
8.9
CVE-2025-48949 - Navidrome allows SQL Injection via role parameter
Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentiallβ¦
6.9
CVE-2025-5360 - Campcodes Online Hospital Management System book-appointment.php sql injection
A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation of the argument doctor leads to sql injection. The attack can be initiated remotely. The exploit has been β¦
7.4
CVE-2025-48948 - Navidrome Transcoding Permission Bypass Vulnerability Report
Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifyβ¦