3.7
CVE-2025-3416 - Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
5.3
CVE-2025-3267 - qinguoyi TinyWebServer http_conn.cpp sql injection
A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has beenβ¦
6.9
CVE-2025-3266 - qinguoyi TinyWebServer http_conn.cpp stack-based overflow
A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0. Affected by this issue is some unknown functionality of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to stack-based buffer overflow. The attack may be launcheβ¦
6.9
CVE-2025-3265 - PHPGurukul e-Diary Management System add-category.php sql injection
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit β¦
9.2
CVE-2024-11235 - Reference counting in php_request_shutdown causes Use-After-Free
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=Β Β operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the β¦
8.7
CVE-2025-3259 - Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. Thβ¦
6.9
CVE-2025-3258 - PHPGurukul Old Age Home Management System search.php sql injection
A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been discloseβ¦
5.3
CVE-2025-3257 - xujiangfei admintwo updateSet cross-site request forgery
A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may bβ¦
5.3
CVE-2025-3256 - xujiangfei admintwo updateSet access control
A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has been β¦
5.3
CVE-2025-3255 - xujiangfei admintwo home access control
A vulnerability was found in xujiangfei admintwo 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/home. The manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit has bβ¦