3.3
CVE-2025-29446 -
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
5.4
CVE-2024-41446 -
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
9.8
CVE-2025-29659 -
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.
5.3
CVE-2025-3830 - kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload
A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted β¦
6.9
CVE-2025-3829 - PHPGurukul Men Salon Management System sales-reports-detail.php sql injection
A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remoβ¦
6.9
CVE-2025-3828 - PHPGurukul Men Salon Management System view-appointment.php sql injection
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. Theβ¦
6.9
CVE-2025-3827 - PHPGurukul Men Salon Management System forgot-password.php sql injection
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit hβ¦
4.8
CVE-2025-3826 - SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible tβ¦
4.8
CVE-2025-3825 - SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scriptingβ¦
4.8
CVE-2025-3824 - SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. Thβ¦