8.8
CVE-2025-0556 - Telerik Report Server Clear Text Transmission of Agent Commands
In Progressยฎ Telerikยฎ Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local netwoโฆ
7.8
CVE-2024-12251 - Improper neutralization special element in hyperlinks
In Progressยฎ Telerikยฎ UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
6.5
CVE-2024-12379 - Allocation of Resources Without Limits or Throttling in GitLab
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.
8.7
CVE-2025-0376 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.
4.3
CVE-2025-1212 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.
4.9
CVE-2025-1042 - Files or Directories Accessible to External Parties in GitLab
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.
5.3
CVE-2025-1206 - Codezips Gym Management System viewdetailroutine.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploโฆ
5.3
CVE-2025-1202 - SourceCodester Best Church Management Software edit_slider.php sql injection
A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has โฆ
5.3
CVE-2025-1201 - SourceCodester Best Church Management Software profile_crud.php sql injection
A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/app/profile_crud.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disโฆ
3.9
CVE-2024-23563 - HCL Connections Docs is vulnerable to a sensitive information disclosure
HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.