We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
This is a
It contains information on publicly disclosed Cybersecurity vulnerabilities based on data from the CVE® Program, please see the official CVE website and CVE List V5 on GitHub.
Whenever applicable we show information from the Known Exploited Vulnerabilities Catalog provided by CISA as the authoritative source of vulnerabilities that have been exploited in the wild.
CVE-2025-3244: SourceCodester Web-based Pharmacy Product Management System Create User Page add-admin.php unrestricted upload: A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to unrestr...
CVE-2025-3243: code-projects Patient Record Management System dental_form.php sql injection: A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be ...
CVE-2025-3242: PHPGurukul e-Diary Management System search-result.php sql injection: A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3241: zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference: A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routerconte...
CVE-2025-22282: WordPress ez Form Calculator - WordPress plugin plugin <= 2.14.1.2 - Reflected Cross Site Scripting (XSS) vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n/a through 2.14.1.2.
CVE-2025-3241: zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference: A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routerconte...
CVE-2025-3242: PHPGurukul e-Diary Management System search-result.php sql injection: A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3243: code-projects Patient Record Management System dental_form.php sql injection: A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be ...
CVE-2024-12537: Unauthenticated Denial of Service in open-webui/open-webui: In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely unresponsive. This could lead to severe performance issues, caus...
CVE-2024-12450: RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow: In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions o...
CVE-2025-24813 Apache Tomcat: Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.
CVE-2024-20439 Cisco Smart Licensing Utility: Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.
CVE-2025-2783 Google Chromium Mojo: Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2019-9875 Sitecore CMS and Experience Platform (XP): Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
CVE-2019-9874 Sitecore CMS and Experience Platform (XP): Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
Support options
