5.3
CVE-2025-4729 - TOTOLINK A3002R/A3002RU HTTP POST Request formMapDelDevice command injection
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads β¦
5.3
CVE-2025-47930 - Zulip Server has access control bypass for restrictions on creation of specific channel types
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique workβ¦
6.9
CVE-2025-4728 - SourceCodester Best Online News Portal search.php sql injection
A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to launch the attack remotely. The exploit has beβ¦
6.3
CVE-2025-4727 - Meteor livedata_server.js Object.assign redos
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be initiaβ¦
6.5
CVE-2025-0921 - Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyβ¦
Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions β¦
6.9
CVE-2025-4726 - itsourcecode Placement Management System view_student.php sql injection
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been diβ¦
6.9
CVE-2025-4725 - itsourcecode Placement Management System view_drive.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been diβ¦
6.9
CVE-2025-4724 - itsourcecode Placement Management System student_profile.php sql injection
A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. β¦
6.9
CVE-2025-4723 - itsourcecode Placement Management System all_student.php sql injection
A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploitβ¦
6.9
CVE-2025-4722 - itsourcecode Placement Management System edit_profile.php sql injection
A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been discβ¦