6.9
CVE-2025-4812 - PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiatedβ¦
6.9
CVE-2025-4811 - CodeAstro Pharmacy Management System Login index.php sql injection
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remoβ¦
6.5
CVE-2022-4363 - Wholesale Market <= 2.2.2 - Settings Update via CSRF
The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack
8.7
CVE-2025-4810 - Tenda AC7 SetRebootTimer formSetRebootTimer stack-based overflow
A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched rβ¦
4.8
CVE-2025-4805 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 1β¦
4.8
CVE-2025-4804 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firewβ¦
8.7
CVE-2025-4809 - Tenda AC7 setMacFilterCfg fromSafeSetMacFilter stack-based overflow
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. β¦
5.3
CVE-2025-4808 - PHPGurukul Park Ticketing Management System add-normal-ticket.php sql injection
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical. This issue affects some unknown processing of the file /add-normal-ticket.php. The manipulation of the argument noadult/nochildren/aprice/cprice leads to sql injection. The attack may be initiatβ¦
6.9
CVE-2025-4807 - SourceCodester Online Student Clearance System exposure of information through directory listing
A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been discβ¦
3.1
CVE-2025-22233 - Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: *β¦