Skip to main content
CVE-2025-6793 CRITICAL POC THREAT Emergency

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files and disclose information in the context of SYSTEM. Was ZDI-CAN-24912.

Information Disclosure Path Traversal Qconvergeconsole
NVD GitHub
CVSS 3.0
9.4
EPSS
18.9%
CVE-2025-45479 CRITICAL POC Act Now

Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container.

RCE Code Injection Challenges
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-53529 CRITICAL POC PATCH Act Now

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to inject arbitrary SQL commands. The vulnerability is fixed in 3.4.3.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-25176 CRITICAL POC PATCH Act Now

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

Buffer Overflow Stack Overflow Ubuntu Debian Luajit +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53527 CRITICAL POC PATCH Act Now

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. This vulnerability is fixed in 3.4.1.

PHP SQLi Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-6794 CRITICAL Act Now

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveAsText method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24913.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.0
9.8
EPSS
16.9%
CVE-2025-32023 HIGH POC PATCH THREAT Act Now

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

Redis RCE Buffer Overflow Ubuntu Debian +2
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
10.7%
CVE-2024-25178 CRITICAL POC PATCH Act Now

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

Information Disclosure Buffer Overflow Ubuntu Debian Luajit +2
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-7116 HIGH POC This Week

A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Buffer Overflow 750w Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-7117 HIGH POC This Week

A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Buffer Overflow 840g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7118 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Buffer Overflow 840g Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-6805 CRITICAL Act Now

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteEventLogFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24925.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
9.1
EPSS
13.5%
CVE-2025-6798 CRITICAL Act Now

Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-24918.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
9.1
EPSS
13.5%
CVE-2024-25177 HIGH POC PATCH This Week

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

Null Pointer Dereference Denial Of Service Ubuntu Debian Luajit +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-53531 HIGH POC PATCH This Week

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

Denial Of Service Wegia
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-53530 HIGH POC PATCH This Week

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

Denial Of Service Wegia
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-3225 HIGH POC PATCH This Week

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29.

Denial Of Service Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-3262 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.

Denial Of Service Transformers Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53539 HIGH POC PATCH This Week

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. This vulnerability is fixed in 3.0.1.

Denial Of Service Fastapi Guard
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3046 HIGH POC PATCH This Week

A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

Path Traversal Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-6209 HIGH POC PATCH This Week

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.

Path Traversal Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-3466 HIGH POC PATCH This Week

CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.

RCE Authentication Bypass Dify
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-6802 CRITICAL Act Now

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24922.

File Upload RCE Qconvergeconsole
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2025-5472 MEDIUM POC PATCH This Month

The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.

Denial Of Service Llamaindex Red Hat
NVD GitHub
CVSS 3.0
6.5
EPSS
0.0%
CVE-2025-6210 MEDIUM POC PATCH This Month

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.

Path Traversal Llamaindex D-Link Red Hat
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2025-6804 HIGH Act Now

Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressFirmwareDumpFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24924.

Information Disclosure Path Traversal Qconvergeconsole
NVD
CVSS 3.0
7.5
EPSS
13.3%
CVE-2025-6803 HIGH Act Now

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressDriverFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24923.

Information Disclosure Path Traversal Qconvergeconsole
NVD
CVSS 3.0
7.5
EPSS
13.3%
CVE-2025-6800 HIGH Act Now

Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the restoreESwitchConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24920.

Information Disclosure Path Traversal Qconvergeconsole
NVD
CVSS 3.0
7.5
EPSS
13.3%
CVE-2025-6799 HIGH Act Now

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24919.

Information Disclosure Path Traversal Qconvergeconsole
NVD
CVSS 3.0
7.5
EPSS
13.3%
CVE-2025-6797 HIGH Act Now

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24917.

Information Disclosure Path Traversal Qconvergeconsole
NVD
CVSS 3.0
7.5
EPSS
13.3%
CVE-2025-6796 HIGH Act Now

Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getAppFileBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-24916.

Information Disclosure Path Traversal Qconvergeconsole
NVD
CVSS 3.0
7.5
EPSS
13.3%
CVE-2025-4779 MEDIUM POC PATCH This Month

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An unauthenticated attacker can inject malicious JavaScript into the `v1/runs/ingest` endpoint by adding an empty `citations` field, triggering a code path where `dangerouslySetInnerHTML` is used to render attacker-controlled text. This vulnerability allows the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions.

XSS Lunary
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-37656 MEDIUM POC This Month

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.

PHP Open Redirect Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-37658 MEDIUM POC PATCH This Month

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.

PHP Open Redirect Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-37657 MEDIUM POC PATCH This Month

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.

PHP Open Redirect Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-53526 MEDIUM POC PATCH This Month

WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-53525 MEDIUM POC PATCH This Month

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter. This vulnerability is fixed in 3.4.3.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-53377 MEDIUM POC PATCH This Month

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_funcionario parameter. This vulnerability is fixed in 3.4.3.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-6811 CRITICAL Act Now

Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the TypeResolutionService class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25397.

Deserialization RCE Activereports.Net
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2025-6810 CRITICAL Act Now

Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the ReadValue method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25246.

Deserialization RCE Activereports.Net
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2025-41672 CRITICAL Act Now

CVE-2025-41672 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-48501 CRITICAL Act Now

An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.

Command Injection
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2025-43933 CRITICAL Act Now

A security vulnerability in fblog through 983bede (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43930 CRITICAL Act Now

A security vulnerability in Hashview 0.8.1 (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43932 CRITICAL Act Now

A security vulnerability in JobCenter through 7e7b0b2 (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-43931 CRITICAL Act Now

A security vulnerability in flask-boilerplate through a170e7c (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.

Information Disclosure Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-45065 CRITICAL Act Now

employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.

PHP SQLi
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-7114 MEDIUM POC This Month

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-7147 MEDIUM POC This Month

A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7136 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/view_vacancy.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy