4.8
CVE-2021-32584 -
An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionaβ¦
7.8
CVE-2024-54027 -
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access tβ¦
4.2
CVE-2021-26087 -
An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stoβ¦
4
CVE-2019-15706 -
An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacker to perform a stored cross site scripting aβ¦
6.9
CVE-2025-2378 - PHPGurukul Medical Card Generation System download-medical-cards.php sql injection
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. Tβ¦
5.1
CVE-2025-2377 - SourceCodester Vehicle Management System confirmbooking.php cross site scripting
A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The β¦
5.4
CVE-2025-2401 - Buffer overflow in Immunity Debugger
Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking.
6.9
CVE-2025-2376 - viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization
A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to deserializatioβ¦
5.1
CVE-2025-2375 - PHPGurukul Human Metapneumovirus Testing Management System Admin Profile Page profile.php cross sitβ¦
A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argument email leads to cross site scripting. It iβ¦
5.3
CVE-2025-2374 - PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobilenumber/email leads to sql injection. The attβ¦