6.3
CVE-2025-3086 - User in anonymous role could create and delete views
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
6.9
CVE-2025-3216 - PHPGurukul e-Diary Management System password-recovery.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. Theβ¦
5.3
CVE-2025-3215 - PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. Thβ¦
5.1
CVE-2025-2159 - Stored XSS in M-Files Admin user interface
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI
5.3
CVE-2025-3214 - JFinal CMS readTemplate engine.getTemplate path traversal
A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic. Affected by this vulnerability is the function engine.getTemplate of the file /readTemplate. The manipulation of the argument template leads to path traversal. The attack can be launched remotely. The exploit haβ¦
5.9
CVE-2025-2279 - Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
6.9
CVE-2025-3213 - PHPGurukul e-Diary Management System view-note.php sql injection
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be initiated remotely. The exploit has been discβ¦
5.3
CVE-2025-3211 - code-projects Patient Record Management System birthing_print.php sql injection
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The expβ¦
3.5
CVE-2024-42208 - HCL Connections is vulnerable to an information disclosure vulnerability
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
7.2
CVE-2024-13708 - Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages thaβ¦