CVE ID : CVE-2024-12915
Published : June 30, 2025, 4:15 p.m. | 1 hour, 26 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53017
Published : June 30, 2025, 4:15 p.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Reason: This candidate was issued in error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53001
Published : June 30, 2025, 4:15 p.m. | 1 hour, 26 minutes ago
Description : Rejected reason: Reason: This candidate was issued in error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6913
Published : June 30, 2025, 4:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument aemailid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6914
Published : June 30, 2025, 4:15 p.m. | 1 hour, 26 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of the argument fmarks2 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-26074
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45931
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46702
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : Mattermost versions 10.5.x
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47871
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : Mattermost versions 10.5.x
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45143
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52895
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-52896
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6916
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6915
Published : June 30, 2025, 5:15 p.m. | 26 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-8419
Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago
Description : The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41439
Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago
Description : A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-53416
Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6901
Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago
Description : A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/removeUser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6902
Published : June 30, 2025, 10:15 a.m. | 5 hours, 14 minutes ago
Description : A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /php_action/editUser.php. The manipulation of the argument edituserName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40710
Published : June 30, 2025, 11:15 a.m. | 4 hours, 14 minutes ago
Description : Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…