0.0
CVE-2025-32938 -
Not used
5.3
CVE-2025-3587 - ZeroWdd/code-projects studentmanager getTeacherList improper authorization
A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public andβ¦
0.0
CVE-2025-1782 -
Red Hat Product Security has come to the conclusion that this CVE is not needed.
5.3
CVE-2025-3585 - westboy CicadasCMS JSP Parser upload unrestricted upload
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been diβ¦
10
CVE-2025-32445 - Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRβ¦
6.9
CVE-2025-3277 - SQLite: integer overflow in SQLite
An integer overflow can be triggered in SQLiteβs `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be trβ¦
5.6
CVE-2025-2572 - WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability
In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents ofΒ WhatsUp.dbo.WrlsMacAddressGroup.
9.3
CVE-2025-22371 - SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in Sβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 β¦
8.7
CVE-2025-22373 - XSS, HTML and Style injection on login page
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021.
9.3
CVE-2025-22372 - Insecure password storage in SicommNet BASEC
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14 Dβ¦