5.1
CVE-2025-3087 - Stored XSS Vulnerability in M-Files Web
Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts
6.3
CVE-2025-3086 - User in anonymous role could create and delete views
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
6.9
CVE-2025-3216 - PHPGurukul e-Diary Management System password-recovery.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. Theβ¦
5.3
CVE-2025-3215 - PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. Thβ¦
5.1
CVE-2025-2159 - Stored XSS in M-Files Admin user interface
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI
5.3
CVE-2025-3214 - JFinal CMS readTemplate engine.getTemplate path traversal
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit haβ¦
5.9
CVE-2025-2279 - Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
6.9
CVE-2025-3213 - PHPGurukul e-Diary Management System view-note.php sql injection
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be initiated remotely. The exploit has been discβ¦
5.3
CVE-2025-3211 - code-projects Patient Record Management System birthing_print.php sql injection
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The expβ¦
3.5
CVE-2024-42208 - HCL Connections is vulnerable to an information disclosure vulnerability
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.