CVE-2025-4702 - PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability
CVE ID : CVE-2025-4702
Published : May 15, 2025, 3:16 p.m. | 2 hours, 21 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4702
Published : May 15, 2025, 3:16 p.m. | 2 hours, 21 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52877 - InsydeH2O VariableRuntimeDxe Buffer Over-Read
CVE ID : CVE-2024-52877
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52877
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52878 - InsydeH2O VariableRuntimeDxe Buffer Over-Read Vulnerability
CVE ID : CVE-2024-52878
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52878
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52879 - InsydeH2O VariableRuntimeDxe Buffer Over-Read Vulnerability
CVE ID : CVE-2024-52879
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52879
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52880 - InsydeH2O VariableRuntimeDxe Buffer Overflow Vulnerability
CVE ID : CVE-2024-52880
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52880
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2527 - Mattermost Permission Verification Vulnerability
CVE ID : CVE-2025-2527
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2527
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2570 - Mattermost System Console System Manager Access Bypass
CVE ID : CVE-2025-2570
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2570
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3440 - IBM Security Guardium Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3440
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3440
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48050 - Apache DOMPurify Directory Traversal
CVE ID : CVE-2025-48050
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48050
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48051 - Lila Lichess DOM XSS
CVE ID : CVE-2025-48051
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48051
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4703 - PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability
CVE ID : CVE-2025-4703
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4703
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4704 - PHPGurukul Vehicle Parking Management System SQL Injection
CVE ID : CVE-2025-4704
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4704
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4705 - PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability
CVE ID : CVE-2025-4705
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /admin/view-incomingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4705
Published : May 15, 2025, 4:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /admin/view-incomingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1647 - Bootstrap Cross-Site Scripting (XSS)
CVE ID : CVE-2025-1647
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1647
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30417 - NI Circuit Design Suite Base64 Decode Memory Corruption Vulnerability
CVE ID : CVE-2025-30417
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30417
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30418 - NI Circuit Design Suite SymbolEditor Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-30418
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30418
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30419 - NI Circuit Design Suite SymbolEditor Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-30419
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30419
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30420 - NI Circuit Design Suite Bitmap Out-of-Bounds Read Memory Corruption Vulnerability
CVE ID : CVE-2025-30420
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30420
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30421 - NI Circuit Design Suite Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-30421
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30421
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47580 - Rustaurius Front End Users Missing Authorization Vulnerability
CVE ID : CVE-2025-47580
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47580
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4706 - Projectworlds Online Examination System SQL Injection Vulnerability
CVE ID : CVE-2025-4706
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4706
Published : May 15, 2025, 5:15 p.m. | 21 minutes ago
Description : A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...