Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.

Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.

Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.

OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory.

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.

FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.

A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.