6.9
CVE-2025-0534 - 1000 Projects Campaign Management System Platform for Women loginnew.php sql injection
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launcβ¦
6.9
CVE-2025-0533 - 1000 Projects Campaign Management System Platform for Women sc_login.php sql injection
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument uname leads to sql injection. The attack can beβ¦
8.8
CVE-2024-12757 - Nedap Librix Ecoreader Missing Authentication for Critical Function
Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code.
8.7
CVE-2025-0430 - Belledonne Communications Linphone-Desktop NULL Pointer Dereference
Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition.
5.3
CVE-2025-0532 - Codezips Gym Management System new_submit.php sql injection
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit hβ¦
2
CVE-2024-45832 - Ossur Mobile Logic Application Use of Hard-coded Credentials
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.
2
CVE-2024-54681 - Ossur Mobile Logic Application Command Injection
Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.
5.6
CVE-2024-53683 - Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control β¦
A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use.
6.3
CVE-2024-26153 - ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requiring any CSRF token, which can lead into denβ¦
6.1
CVE-2024-26155 - ETIC Telecom Remote Access Server (RAS) Cleartext Transmission of Sensitive Information
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enaβ¦