6.9
CVE-2025-3384 - 1000 Projects Human Resource Management System employee.php sql injection
A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The…
7.5
CVE-2025-32034 - Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansi…
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensiv…
7.5
CVE-2025-32033 - Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's height). If a counter…
7.5
CVE-2025-32032 - Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifical…
7.5
CVE-2025-32031 - Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal o…
7.5
CVE-2025-32030 - Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expans…
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named frag…
7.5
CVE-2025-31496 - apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in som…
6.9
CVE-2025-3383 - SourceCodester Web-based Pharmacy Product Management System search_sales.php sql injection
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search/search_sales.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotel…
6.9
CVE-2025-32029 - ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value …
ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in…
8.5
CVE-2025-29769 - libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input …
libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't …