4.3
CVE-2025-32962 - Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the `FAB_SAFE_REDIRECT_HOSTS` conβ¦
8.7
CVE-2025-4600 - HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Enβ¦
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a β¦
5.3
CVE-2025-4778 - PHPGurukul Park Ticketing Management System normal-search.php sql injection
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploβ¦
7.3
CVE-2025-4211 - Improper Link Resolution Before File Access in QFileSystemEngine on Windows
Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPaβ¦
5.3
CVE-2025-40907 - FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fβ¦
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to theβ¦
5.3
CVE-2025-4777 - PHPGurukul Park Ticketing Management System view-foreigner-ticket.php sql injection
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The β¦
8.7
CVE-2025-40629 - Path Traversal vulnerability in PNETLab
PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.
6.9
CVE-2025-4773 - PHPGurukul Online Course Registration level.php sql injection
A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack may be launched remotely. The exploit has bβ¦
5.9
CVE-2025-2306 - Improper Access Control vulnerability in LIVE CONTRACT
An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4.
8.6
CVE-2025-2305 - Local file inclusion vulnerability in LIVE CONTRACT
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.