5.4
CVE-2025-3910 - Org.keycloak.authentication: two factor authentication bypass
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
8.8
CVE-2025-32354 -
In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifyingβ¦
9.8
CVE-2025-25962 -
An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function
8.8
CVE-2025-45956 -
A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter
3.3
CVE-2025-46328 - NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration fβ¦
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided fiβ¦
3.3
CVE-2025-46327 - Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux andβ¦
3.3
CVE-2025-46326 - Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration β¦
snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-providedβ¦
6.9
CVE-2025-4039 - PHPGurukul Rail Pass Management System search-pass.php sql injection
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. Tβ¦
4.8
CVE-2025-4038 - code-projects Train Ticket Reservation System reservation stack-based overflow
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locβ¦
6.3
CVE-2024-11922 - Input Validation vulnerability in Web Client emails that do not go through Secure Mail
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails toΒ insert arbitrary HTML or JavaScript into an email.