5.4
CVE-2025-2401 - Buffer overflow in Immunity Debugger
Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking.
6.9
CVE-2025-2376 - viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization
A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to deserializatio…
5.1
CVE-2025-2375 - PHPGurukul Human Metapneumovirus Testing Management System Admin Profile Page profile.php cross sit…
A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argument email leads to cross site scripting. It i…
5.3
CVE-2025-2374 - PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobilenumber/email leads to sql injection. The att…
5.3
CVE-2025-2373 - PHPGurukul Human Metapneumovirus Testing Management System check_availability.php sql injection
A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /check_availability.php. The manipulation of the argument mobnumber/employeeid leads to sql injection. The attack can be initiated …
6.9
CVE-2025-2202 - Broken access control vulnerability in the Innovación y Cualificación local administration plugin a…
Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email.
6.9
CVE-2025-2201 - Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
9.3
CVE-2025-2200 - SQL injection vulnerability in the Innovación y Cualificación IcProgreso plugin
QL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar…
9.3
CVE-2025-2199 - SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php
SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’, ‘searchSpecialitiesLinked’…
6.9
CVE-2025-2372 - PHPGurukul Human Metapneumovirus Testing Management System Password Recovery Page password-recovery…
A vulnerability classified as critical has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This affects an unknown part of the file /password-recovery.php of the component Password Recovery Page. The manipulation of the argument username leads to sql injection. It is p…