| CVE-2025-3359 | A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. | medium |
| CVE-2025-3353 | A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3352 | A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php. The manipulation of the argument contnum leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3351 | A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3350 | A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-0050 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0. | medium |
| CVE-2025-3349 | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SYST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3348 | A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. This vulnerability affects unknown code of the file /edit_dpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-21448 | Transient DOS may occur while parsing SSID in action frames. | high |
| CVE-2025-21447 | Memory corruption may occur while processing device IO control call for session control. | high |
| CVE-2025-21443 | Memory corruption while processing message content in eAVB. | high |
| CVE-2025-21442 | Memory corruption while transmitting packet mapping information with invalid header payload size. | high |
| CVE-2025-21441 | Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | high |
| CVE-2025-21440 | Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | high |
| CVE-2025-21439 | Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer. | high |
| CVE-2025-21438 | Memory corruption while IOCTL call is invoked from user-space to read board data. | high |
| CVE-2025-21437 | Memory corruption while processing memory map or unmap IOCTL operations simultaneously. | high |
| CVE-2025-21436 | Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | high |
| CVE-2025-21435 | Transient DOS may occur while parsing extended IE in beacon. | high |
| CVE-2025-21434 | Transient DOS may occur while parsing EHT operation IE or EHT capability IE. | high |
| CVE-2025-21431 | Information disclosure may be there when a guest VM is connected. | medium |
| CVE-2025-21430 | Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. | high |
| CVE-2025-21429 | Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. | high |
| CVE-2025-21428 | Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. | high |
| CVE-2025-21425 | Memory corruption may occur due top improper access control in HAB process. | high |
| CVE-2025-21423 | Memory corruption occurs when handling client calls to EnableTestMode through an Escape call. | high |
| CVE-2025-21421 | Memory corruption while processing escape code in API. | high |
| CVE-2024-49848 | Memory corruption while processing multiple IOCTL calls from HLOS to DSP. | medium |
| CVE-2024-45557 | Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. | high |
| CVE-2024-45556 | Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. | medium |
| CVE-2024-45552 | Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. | high |
| CVE-2024-45551 | Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. | medium |
| CVE-2024-45549 | Information disclosure while creating MQ channels. | high |
| CVE-2024-45544 | Memory corruption while processing IOCTL calls to add route entry in the HW. | medium |
| CVE-2024-45543 | Memory corruption while accessing MSM channel map and mixer functions. | medium |
| CVE-2024-45540 | Memory corruption while invoking IOCTL map buffer request from userspace. | medium |
| CVE-2024-43067 | Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | high |
| CVE-2024-43066 | Memory corruption while handling file descriptor during listener registration/de-registration. | high |
| CVE-2024-43065 | Cryptographic issues while generating an asymmetric key pair for RKP use cases. | high |
| CVE-2024-43058 | Memory corruption while processing IOCTL calls. | high |
| CVE-2024-43046 | There may be information disclosure during memory re-allocation in TZ Secure OS. | medium |
| CVE-2024-33058 | Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | high |
| CVE-2025-3347 | A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_pending.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3346 | A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | high |
| CVE-2025-3345 | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/combo.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3344 | A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/assign_save.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-30473 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could inject arbitrary SQL command when triggering DAG exposing partition_clause to the user. This allowed the DAG Triggering user to escalate privileges to execute those arbitrary commands which they normally would not have. This issue affects Apache Airflow Common SQL Provider: before 1.24.1. Users are recommended to upgrade to version 1.24.1, which fixes the issue. | high |
| CVE-2024-11859 | DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | high |
| CVE-2025-3343 | A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/reservation_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3342 | A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/payment_save.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
