0.0
CVE-2025-52445 -
Not used
0.0
CVE-2025-52442 -
Not used
0.0
CVE-2025-52438 -
Not used
0.0
CVE-2025-52439 -
Not used
0.0
CVE-2025-52440 -
Not used
0.0
CVE-2025-52437 -
Not used
5.3
CVE-2025-6126 - PHPGurukul Rail Pass Management System contact.php cross site scripting
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotelyβ¦
8.4
CVE-2025-49124 - Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.10β¦
8.7
CVE-2025-3526 -
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-β¦
7.5
CVE-2025-49125 - Apache Tomcat: Security constraint bypass for pre/post-resources
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.Β When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by theβ¦