2.3
CVE-2025-23376 -
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.
6.9
CVE-2025-4024 - itsourcecode Placement Management System add_drive.php sql injection
A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is possible to launch the attack remotely. The exploit has been β¦
7.8
CVE-2025-23375 -
Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
6.9
CVE-2025-4023 - itsourcecode Placement Management System add_company.php sql injection
A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has beenβ¦
5.3
CVE-2025-4022 - web-arena-x webarena evaluators.py HTMLContentEvaluator code injection
A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack canβ¦
5.3
CVE-2025-4021 - code-projects Patient Record Management System edit_spatient.php sql injection
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit hβ¦
6.9
CVE-2025-4020 - PHPGurukul Old Age Home Management System contact.php sql injection
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has bβ¦
5.3
CVE-2025-32472 - DoS attack by conducting a slowloris-type attack
The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.
6.9
CVE-2025-4019 - 20120630 Novel-Plus GeneratorController.java genCode missing authentication
A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authenβ¦
6.9
CVE-2025-4018 - 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to β¦