Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-04-03 CVE-2025-3181 SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System PHP and Mysql 1.0
A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-3182 SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System PHP and Mysql 1.0
A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-3183 SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System PHP and Mysql 1.0
A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-3178 SQL Injection vulnerability in Projectworlds Doctor Appointment System 1.0
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-3179 SQL Injection vulnerability in Projectworlds Doctor Appointment System 1.0
A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-3180 SQL Injection vulnerability in Projectworlds Doctor Appointment System 1.0
A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-30406 Use of Hard-coded Credentials vulnerability in Gladinet Centrestack 13.5.9808
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025.
network
low complexity
gladinet CWE-798
critical
9.8
2025-04-03 CVE-2025-31161 Unspecified vulnerability in Crushftp
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server.
network
low complexity
crushftp
critical
9.8
2025-04-03 CVE-2025-3173 SQL Injection vulnerability in Projectworlds Online Lawyer Management System 1.0
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0.
network
low complexity
projectworlds CWE-89
critical
9.8
2025-04-03 CVE-2025-3174 SQL Injection vulnerability in Projectworlds Online Lawyer Management System 1.0
A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical.
network
low complexity
projectworlds CWE-89
critical
9.8