5.3
CVE-2025-3244 - SourceCodester Web-based Pharmacy Product Management System Create User Page add-admin.php unrestriβ¦
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to uβ¦
5.3
CVE-2025-3243 - code-projects Patient Record Management System dental_form.php sql injection
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. The attack may be initiated remotely. The exβ¦
5.3
CVE-2025-3242 - PHPGurukul e-Diary Management System search-result.php sql injection
A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit hasβ¦
5.3
CVE-2025-3241 - zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference
A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the aβ¦
7.1
CVE-2025-22282 - WordPress ez Form Calculator Premouium plugin <= 2.14.1.2 - Reflected Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keksdieb ez Form Calculator Premium ez-form-calculator-premium allows Reflected XSS.This issue affects ez Form Calculator Premium: from n/a through <= 2.14.1.2.
6.9
CVE-2025-3240 - PHPGurukul Online Fire Reporting System search.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remoteβ¦
6.9
CVE-2025-3239 - PHPGurukul Online Fire Reporting System edit-guard-detail.php sql injection
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. β¦
6.9
CVE-2025-3238 - PHPGurukul Online Fire Reporting System search-request.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has beβ¦
6.9
CVE-2025-3237 - Tenda FH1202 wrlwpsset access control
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public anβ¦
6.9
CVE-2025-2245 - Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequeβ¦