CVE-2025-6876

A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/add-category.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The...

CVE-2025-6867

A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-6856

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FLreggclist of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

CVE-2025-6850

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forum1.php. The manipulation of the argument File leads to sql injection. The attack can be launched remotely. The exploit has been...

DEBIAN-CVE-2025-6818

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5Ochunkprotect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may ...

CVE-2025-6664

CVE-2025-6664 affects CodeAstro Patient Record Management System 1.0. The vulnerability is a cross-site request forgery in an unknown function, allowing remote attack with a publicly disclosed exploit. Root cause details and affected component/version beyond 1.0 are not specified in the provided ...

CVE-2025-6608

The CVE-2025-6608 entry affects SourceCodester Best Salon Management System 1.0. The vulnerability is in an unknown functionality of the file /panel/edit-services.php where manipulating the editid argument causes an SQL injection. Exploitation can be remote, and publicly disclosed exploits exist....

CVE-2025-6534

Summary: CVE-2025-6534 affects xxyopen/201206030 novel-plus up to version 5.1.3. The vulnerability resides in the File Handler’s remove function (novel-admin/src/main/java/com/java2nb/common/controller/FileController.java) and stems from improper control of resource identifiers. The issue can be ...

CVE-2025-6277

A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack...

CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

CVE-2025-6347

A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiate...

CVE-2025-6340 code-projects School Fees Payment System branch.php cross site scripting

A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-6317 code-projects Online Shoe Store confirm.php sql injection

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-6310

A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely...

CVE-2025-6287 PHPGurukul COVID19 Testing Management System Take Action test-details.php cross site scripting

A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. Th...

CVE-2025-6281 OpenBMB XAgent community path traversal

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2025-6270 HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FSsectfindnode of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-6153

A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument searchbox leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-6111

A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7775. This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has bee...

CVE-2025-6100

CVE-2025-6100 affects realguoshuai open-video-cms 1.0. The vulnerability is in the /v1/video/list endpoint, where manipulating the sort argument exposes a SQL injection flaw. It can be exploited remotely, and the exploit has been disclosed publicly. Multiple feeds corroborate a critical-risk issu...