7.5
CVE-2025-2898 - IBM Maximo Application Suite privilege escalation
IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.
6.9
CVE-2025-4361 - PHPGurukul Company Visitor Management System department.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. This affects an unknown part of the file /department.php. The manipulation of the argument departmentname leads to sql injection. It is possible to initiate the attack remotely. The exploit haβ¦
6.9
CVE-2025-4360 - itsourcecode Gym Management System view_member.php sql injection
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploiβ¦
6.9
CVE-2025-4359 - itsourcecode Gym Management System ajax.php sql injection
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The expβ¦
6.9
CVE-2025-4358 - PHPGurukul Company Visitor Management System admin-profile.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname/mobilenumber leads to sql injection. It is possible to launch the attack remotely. Thβ¦
5.1
CVE-2025-4357 - Tenda RX3 telnet command injection
A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be β¦
8.7
CVE-2025-4356 - Tenda DAP-1520 Authentication storage mod_graph_auth_uri_handler stack-based overflow
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be iniβ¦
8.7
CVE-2025-4355 - Tenda DAP-1520 api set_ws_action heap-based overflow
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the β¦
8.7
CVE-2025-4354 - Tenda DAP-1520 storage check_dws_cookie stack-based overflow
A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publβ¦
5.3
CVE-2025-4353 - Brilliance Golden Link Secondary System queryTsDictionaryType.htm sql injection
A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch theβ¦