CVE-2025-3824 - SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3824
Published : April 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3824
Published : April 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3825 - SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3825
Published : April 20, 2025, 12:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3825
Published : April 20, 2025, 12:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3826 - SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3826
Published : April 20, 2025, 1:15 p.m. | 1 hour, 6 minutes ago
Description : A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3826
Published : April 20, 2025, 1:15 p.m. | 1 hour, 6 minutes ago
Description : A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3827 - PHPGurukul Men Salon Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3827
Published : April 20, 2025, 3:15 p.m. | 3 hours, 7 minutes ago
Description : A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3827
Published : April 20, 2025, 3:15 p.m. | 3 hours, 7 minutes ago
Description : A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3828 - PHPGurukul Men Salon Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3828
Published : April 20, 2025, 4:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3828
Published : April 20, 2025, 4:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3829 - PHPGurukul Men Salon Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3829
Published : April 20, 2025, 4:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3829
Published : April 20, 2025, 4:15 p.m. | 2 hours, 7 minutes ago
Description : A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3830 - Kuangstudy KuangSimpleBBS Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-3830
Published : April 20, 2025, 5:15 p.m. | 1 hour, 7 minutes ago
Description : A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3830
Published : April 20, 2025, 5:15 p.m. | 1 hour, 7 minutes ago
Description : A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43954 - QMarkdown Quasar-ui-QMarkdown Cross-Site Scripting (XSS)
CVE ID : CVE-2025-43954
Published : April 20, 2025, 7:15 p.m. | 3 hours, 7 minutes ago
Description : QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43954
Published : April 20, 2025, 7:15 p.m. | 3 hours, 7 minutes ago
Description : QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43955 - Convertigo TwsCachedXPathAPI Commons-JXPath API Deserialization Vulnerability
CVE ID : CVE-2025-43955
Published : April 20, 2025, 8:15 p.m. | 2 hours, 8 minutes ago
Description : TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43955
Published : April 20, 2025, 8:15 p.m. | 2 hours, 8 minutes ago
Description : TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-36844 - KnowBe4 Security Awareness Training Reflective Cross-Site Scripting
CVE ID : CVE-2020-36844
Published : April 20, 2025, 10:15 p.m. | 4 hours, 10 minutes ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-36844
Published : April 20, 2025, 10:15 p.m. | 4 hours, 10 minutes ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-36845 - KnowBe4 Security Awareness Training Cross-Site Scripting (XSS)
CVE ID : CVE-2020-36845
Published : April 20, 2025, 10:15 p.m. | 4 hours, 10 minutes ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-36845
Published : April 20, 2025, 10:15 p.m. | 4 hours, 10 minutes ago
Description : The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43961 - Fujifilm LibRaw Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-43961
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43961
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43962 - LibRaw Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-43962
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43962
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43963 - LibRaw Out-of-Bounds Access Vulnerability
CVE ID : CVE-2025-43963
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43963
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43964 - LibRaw Unvalidated Memory Access Vulnerability
CVE ID : CVE-2025-43964
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43964
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43966 - Libheif NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-43966
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43966
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43967 - Libheif NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-43967
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43967
Published : April 21, 2025, 12:15 a.m. | 2 hours, 10 minutes ago
Description : libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43970 - GoBGP MRT Length Validation Buffer Overflow
CVE ID : CVE-2025-43970
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.. by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43970
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g.. by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43971 - GoBGP Zero-Value Software Version Len Panic
CVE ID : CVE-2025-43971
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43971
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43972 - GoBGP FlowSpec Parser Denial of Service
CVE ID : CVE-2025-43972
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43972
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43973 - GoBGP Buffer Overflow Vulnerability
CVE ID : CVE-2025-43973
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43973
Published : April 21, 2025, 1:15 a.m. | 1 hour, 10 minutes ago
Description : An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...