6.9
CVE-2025-4816 - SourceCodester Doctor's Appointment System GET Parameter appointment.php sql injection
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initβ¦
6.9
CVE-2025-4815 - Campcodes Sales and Inventory System supplier_update.php sql injection
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploβ¦
6.9
CVE-2025-4814 - Campcodes Sales and Inventory System supplier_add.php sql injection
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. Tβ¦
6.5
CVE-2024-47893 - GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups)
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
7.5
CVE-2025-1706 - GPU DDK - Improper locking when accessing the pvr_exp_fence object
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
9.1
CVE-2025-48187 -
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
6.9
CVE-2025-4813 - PHPGurukul Human Metapneumovirus Testing Management System edit-phlebotomist.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attaβ¦
6.9
CVE-2025-4812 - PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiatedβ¦
6.9
CVE-2025-4811 - CodeAstro Pharmacy Management System Login index.php sql injection
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remoβ¦
6.5
CVE-2022-4363 - Wholesale Market <= 2.2.2 - Settings Update via CSRF
The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack