8.8
CVE-2025-1389 - Learning Digital Orca HCM - SQL Injection
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
5.3
CVE-2025-1374 - code-projects Real Estate Property Management System search.php sql injection
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to initiate the attack rβ¦
8.8
CVE-2025-1388 - Learning Digital Orca HCM - Arbitrary File Upload
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
9.8
CVE-2025-1387 - Learning Digital Orca HCM - Improper Authentication
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
4.8
CVE-2025-1373 - FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The β¦
4.8
CVE-2025-1372 - GNU elfutils eu-readelf readelf.c print_string_section buffer overflow
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has toβ¦
5.2
CVE-2025-26700 -
Authentication bypass using an alternate path or channel issue exists in βRoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive information.
4.8
CVE-2025-1371 - GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference
A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has bβ¦
4.8
CVE-2025-1370 - MicroWorld eScan Antivirus Autoscan USB epsdaemon sprintf os command injection
A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locallyβ¦
2
CVE-2025-1369 - MicroWord eScan Antivirus USB Password os command injection
A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexity β¦