CyberSecurityBoard
Sponsor Register Login

CVE-2025-3783

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Publication date: Fri, 18 Apr 2025 05:31:00 +0000


Cyber News related to CVE-2025-3783

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
1 month ago Cybersecuritynews.com CVE-2024-5594
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
2 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
2 weeks ago Bleepingcomputer.com CVE-2025-30456
CVE-2025-3783 - A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar ...
1 day ago
CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data - In an era where file system vulnerabilities comprise 23% of KEV entries, the March 2025 advisories serve as a stark reminder: patch, segment, and verify—before attackers exploit the gaps. These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993, ...
1 month ago Cybersecuritynews.com CVE-2025-24984
CVE-2007-3783 - SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4. ...
6 years ago
CVE-2019-3783 - Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. ...
4 years ago
CVE-2013-3783 - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. ...
2 years ago
CVE-2022-3783 - A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation ...
2 years ago
CVE-2023-3783 - A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is ...
1 year ago
CVE-2012-3783 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago
CVE-2016-3783 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
55 years ago Tenable.com
CVE-2021-3783 - yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ...
3 years ago
CVE-2020-3783 - Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution. ...
3 years ago
CVE-2010-3783 - Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. ...
14 years ago
CVE-2011-3783 - phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. ...
12 years ago
CVE-2006-3783 - Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point. ...
7 years ago
CVE-2009-3783 - Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. ...
7 years ago
CVE-2015-3783 - SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. ...
7 years ago
CVE-2008-3783 - Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. ...
7 years ago
CVE-2014-3783 - SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter. ...
6 years ago
CVE-2005-3783 - The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). ...
6 years ago
CVE-2018-3783 - A privilege escalation detected in flintcms versions < 1.1.9 allows account takeover due to blind MongoDB injection in password reset. ...
5 years ago
CVE-2017-3783 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-3783 - The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system. ...
1 year ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)