Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-03 | CVE-2025-3181 | SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System PHP and Mysql 1.0 A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. | 9.8 |
2025-04-03 | CVE-2025-3182 | SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System PHP and Mysql 1.0 A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. | 9.8 |
2025-04-03 | CVE-2025-3183 | SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System PHP and Mysql 1.0 A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. | 9.8 |
2025-04-03 | CVE-2025-3178 | SQL Injection vulnerability in Projectworlds Doctor Appointment System 1.0 A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. | 9.8 |
2025-04-03 | CVE-2025-3179 | SQL Injection vulnerability in Projectworlds Doctor Appointment System 1.0 A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. | 9.8 |
2025-04-03 | CVE-2025-3180 | SQL Injection vulnerability in Projectworlds Doctor Appointment System 1.0 A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. | 9.8 |
2025-04-03 | CVE-2025-30406 | Use of Hard-coded Credentials vulnerability in Gladinet Centrestack 13.5.9808 Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. | 9.8 |
2025-04-03 | CVE-2025-31161 | Unspecified vulnerability in Crushftp CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. | 9.8 |
2025-04-03 | CVE-2025-3173 | SQL Injection vulnerability in Projectworlds Online Lawyer Management System 1.0 A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. | 9.8 |
2025-04-03 | CVE-2025-3174 | SQL Injection vulnerability in Projectworlds Online Lawyer Management System 1.0 A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. | 9.8 |