6.3
CVE-2025-4727 - Meteor livedata_server.js Object.assign redos
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be initiaโฆ
6.5
CVE-2025-0921 - Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyโฆ
Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions โฆ
6.9
CVE-2025-4726 - itsourcecode Placement Management System view_student.php sql injection
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been diโฆ
6.9
CVE-2025-4725 - itsourcecode Placement Management System view_drive.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been diโฆ
6.9
CVE-2025-4724 - itsourcecode Placement Management System student_profile.php sql injection
A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. โฆ
6.9
CVE-2025-4723 - itsourcecode Placement Management System all_student.php sql injection
A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploitโฆ
6.9
CVE-2025-4722 - itsourcecode Placement Management System edit_profile.php sql injection
A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been discโฆ
7.5
CVE-2025-47287 - Tornado vulnerable to excessive logging caused by malformed multipart form data
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constโฆ
9.1
CVE-2025-47275 - Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthโฆ
6.9
CVE-2025-4721 - itsourcecode Placement Management System drive.php sql injection
A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosโฆ