2.9
CVE-2025-43964 - LibRaw: Improper Validation of Specified Quantity in Input in LibRaw
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
6.1
CVE-2020-36844 -
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
2.9
CVE-2025-43962 - LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
5.3
CVE-2020-36845 -
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
8.7
CVE-2025-3820 - Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launcheβ¦
6.9
CVE-2025-3819 - PHPGurukul Men Salon Management System search-appointment.php sql injection
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launchβ¦
5.3
CVE-2025-3818 - webpy web.py db.py PostgresDB._process_insert_query sql injection
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disβ¦
5.3
CVE-2025-3817 - SourceCodester Online Eyewear Shop Master.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The attack may be initiated remoteβ¦
5.1
CVE-2025-3816 - westboy CicadasCMS Scheduled Task save os command injection
A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been dβ¦
5.3
CVE-2025-3808 - zhenfeng13 My-BBS cross-site request forgery
A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple endpointβ¦