8.1
CVE-2025-1723 - Account takeover
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to theΒ session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
6.9
CVE-2025-1856 - Codezips Gym Management System gen_invoice.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The expβ¦
5.3
CVE-2025-1855 - PHPGurukul Online Shopping Portal product-details.php sql injection
A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attβ¦
5.3
CVE-2025-1854 - Codezips Gym Management System del_member.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit hβ¦
8.7
CVE-2025-1853 - Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remoβ¦
8.7
CVE-2025-1852 - Totolink EX1800T cstecgi.cgi loginAuth buffer overflow
A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The expβ¦
8.7
CVE-2025-1851 - Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotβ¦
6.9
CVE-2025-1850 - Codezips College Management System university.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips College Management System 1.0. Affected by this issue is some unknown functionality of the file /university.php. The manipulation of the argument book_name leads to sql injection. The attack may be launched remotely. The β¦
5.3
CVE-2025-1849 - zj1983 zz import_data_todb server-side request forgery
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been β¦
5.3
CVE-2025-1848 - zj1983 zz import_data_check server-side request forgery
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed toβ¦