CVE-2025-61198 - Optimod XSS Stored
CVE ID : CVE-2025-61198
Published : Oct. 6, 2025, 2:15 p.m. | 23 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61198
Published : Oct. 6, 2025, 2:15 p.m. | 23 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36355 - IBM Security Verify Access code execution
CVE ID : CVE-2025-36355
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36355
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36356 - IBM Security Verify Access privilege escalation
CVE ID : CVE-2025-36356
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36356
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57247 - Apache BATBToken Incorrect Access Control Vulnerability
CVE ID : CVE-2025-57247
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared as public without proper access control modifiers, allowing any user to bypass transfer restrictions and manipulate special address settings. This enables unauthorized users to circumvent cold time transfer restrictions and potentially disrupt dividend distribution mechanisms, leading to privilege escalation and violation of the contract's intended tokenomics.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57247
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared as public without proper access control modifiers, allowing any user to bypass transfer restrictions and manipulate special address settings. This enables unauthorized users to circumvent cold time transfer restrictions and potentially disrupt dividend distribution mechanisms, leading to privilege escalation and violation of the contract's intended tokenomics.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60956 - EndRun Technologies Sonoma D12 Network Time Server (GPS) CSRF Vulnerability
CVE ID : CVE-2025-60956
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60956
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60957 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection Vulnerability
CVE ID : CVE-2025-60957
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60957
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60958 - Cross Site Scripting (XSS) vulnerability in EndRun
CVE ID : CVE-2025-60958
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60958
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60959 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60959
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60959
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60960 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection Vulnerability
CVE ID : CVE-2025-60960
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60960
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60961 - EndRun Technologies Sonoma D12 Network Time Server (GPS) XSS Vulnerability
CVE ID : CVE-2025-60961
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60961
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60962 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60962
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60962
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60963 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60963
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60963
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60964 - EndRun Technologies Sonoma D12 Network Time Server (GPS) OS Command Injection
CVE ID : CVE-2025-60964
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60964
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60965 - EndRun Technologies Sonoma D12 Network Time Server (GPS) Command Injection Vulnerability
CVE ID : CVE-2025-60965
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60965
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60967 - EndRun Technologies Sonoma D12 Network Time Server (GPS) XSS
CVE ID : CVE-2025-60967
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60967
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60969 - EndRun Technologies Sonoma D12 Network Time Server (GPS) Directory Traversal Vulnerability
CVE ID : CVE-2025-60969
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60969
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61766 - Bucket vulnerable to infinite recursion when querying a bucket using the != operator
CVE ID : CVE-2025-61766
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61766
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61769 - Emlog vulnerable to stored XSS in file upload functionality in emlog
CVE ID : CVE-2025-61769
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61769
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61777 - FlagForge Allows Unauthenticated Badge Template API Access
CVE ID : CVE-2025-61777
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized users to retrieve all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and/or create arbitrary badge templates in the database. This could lead to data exposure, database pollution, or abuse of the badge system. The issue has been fixed in FlagForge v2.3.2. GET, POST, UPDATE, and DELETE endpoints now require authentication. Authorization checks ensure only admins can access and modify badge templates. No reliable workarounds are available.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61777
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized users to retrieve all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and/or create arbitrary badge templates in the database. This could lead to data exposure, database pollution, or abuse of the badge system. The issue has been fixed in FlagForge v2.3.2. GET, POST, UPDATE, and DELETE endpoints now require authentication. Authorization checks ensure only admins can access and modify badge templates. No reliable workarounds are available.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61778 - Akka.Remote TLS did not properly implement certificate-based authentication
CVE ID : CVE-2025-61778
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation on the server-side of inbound connections. Akka.Remote, however, never asked the outbound-connecting client to present ITS certificate - therefore it's possible for untrusted parties to connect to a private key'd Akka.NET cluster and begin communicating with it without any certificate. The issue here is that for certificate-based authentication to work properly, ensuring that all members of the Akka.Remote network are secured with the same private key, Akka.Remote needed to implement mutual TLS. This was not the case before Akka.NET v1.5.52. Those who run Akka.NET inside a private network that they fully control or who were never using TLS in the first place are now affected by the bug. However, those who use TLS to secure their networks must upgrade to Akka.NET V1.5.52 or later. One patch forces "fail fast" semantics if TLS is enabled but the private key is missing or invalid. Previous versions would only check that once connection attempts occurred. The second patch, a critical fix, enforces mutual TLS (mTLS) by default, so both parties must be keyed using the same certificate. As a workaround, avoid exposing the application publicly to avoid the vulnerability having a practical impact on one's application. However, upgrading to version 1.5.52 is still recommended by the maintainers.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61778
Published : Oct. 6, 2025, 5:16 p.m. | 1 hour, 22 minutes ago
Description : Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation on the server-side of inbound connections. Akka.Remote, however, never asked the outbound-connecting client to present ITS certificate - therefore it's possible for untrusted parties to connect to a private key'd Akka.NET cluster and begin communicating with it without any certificate. The issue here is that for certificate-based authentication to work properly, ensuring that all members of the Akka.Remote network are secured with the same private key, Akka.Remote needed to implement mutual TLS. This was not the case before Akka.NET v1.5.52. Those who run Akka.NET inside a private network that they fully control or who were never using TLS in the first place are now affected by the bug. However, those who use TLS to secure their networks must upgrade to Akka.NET V1.5.52 or later. One patch forces "fail fast" semantics if TLS is enabled but the private key is missing or invalid. Previous versions would only check that once connection attempts occurred. The second patch, a critical fix, enforces mutual TLS (mTLS) by default, so both parties must be keyed using the same certificate. As a workaround, avoid exposing the application publicly to avoid the vulnerability having a practical impact on one's application. However, upgrading to version 1.5.52 is still recommended by the maintainers.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11342 - code-projects Online Course Registration edit-course.php sql injection
CVE ID : CVE-2025-11342
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11342
Published : Oct. 6, 2025, 6:15 p.m. | 23 minutes ago
Description : A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...