NA - CVE-2025-26376 - A CWE-862 "Missing Authorization" in...
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via...
NA - CVE-2025-26377 - A CWE-862 "Missing Authorization" in...
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted...
NA - CVE-2025-26378 - A CWE-862 "Missing Authorization" in...
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords,...
NA - CVE-2024-12251 - In Progress® Telerik® UI for WinUI versions...
In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
NA - CVE-2024-12379 - A denial of service vulnerability in GitLab...
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of...
NA - CVE-2024-54160 - dashboards-reporting (aka Dashboards Reports)...
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
NA - CVE-2025-0376 - An XSS vulnerability exists in GitLab CE/EE...
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions...
NA - CVE-2025-1042 - An insecure direct object reference...
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view...
Medium - CVE-2025-1202 - A vulnerability classified as critical has been...
A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of...
Medium - CVE-2025-1206 - A vulnerability was found in Codezips Gym...
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The...