π¨ CVE-2025-36087
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
π@cveNotify
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
π@cveNotify
Ibm
Security Bulletin: Security vulnerability has been found in IBM Verify Identity Access/IBM Security Verify Access (CVE-2025-36087)
Security vulnerability has been addressed in IBM Verify Identity Access/IBM Security Verify Access
π₯1
π¨ CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
π@cveNotify
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
π@cveNotify
π¨ CVE-2025-11655
A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π₯1
π¨ CVE-2025-11656
A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
π@cveNotify
A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
π@cveNotify
GitHub
1 Β· Issue #1 Β· qqy-123/cve
Unauthenticated Arbitrary File Upload to RCE in School Management System CVE ID: CVE-2025-11656 Published: 2025-09-27 Product: School Management System Vendor/Project: ProjectsAndPrograms/school-ma...
π¨ CVE-2025-11657
A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
π@cveNotify
A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
π@cveNotify
GitHub
2 Β· Issue #2 Β· qqy-123/cve
Unauthenticated Arbitrary File Upload to RCE in School Management System CVE ID: pending Published: 2025-09-27 Product: School Management System Vendor/Project: ProjectsAndPrograms/school-managemen...
π¨ CVE-2025-11658
A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
π@cveNotify
A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
π@cveNotify
GitHub
3 Β· Issue #3 Β· qqy-123/cve
Unauthenticated Arbitrary File Upload to RCE in School Management System CVE ID: CVE-2025-11658 Published: 2025-09-27 Product: School Management System Vendor/Project: ProjectsAndPrograms/school-ma...
π¨ CVE-2025-11659
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
GitHub
4 Β· Issue #4 Β· qqy-123/cve
Unauthenticated Arbitrary File Upload to RCE in School Management System CVE ID: CVE-2025-11659 Published: 2025-09-27 Product: School Management System Vendor/Project: ProjectsAndPrograms/school-ma...
π¨ CVE-2025-11660
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.
π@cveNotify
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.
π@cveNotify
GitHub
5 Β· Issue #5 Β· qqy-123/cve
Unauthenticated Arbitrary File Upload to RCE in School Management System CVE ID: CVE-2025-11660 Published: 2025-09-27 Product: School Management System Vendor/Project: ProjectsAndPrograms/school-ma...
π¨ CVE-2025-31994
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.
π@cveNotify
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS) - Customer Support
Reflected Cross-Site Scripting (XSS) affects HCL Unica Campaign.
π¨ CVE-2025-31996
HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.
π@cveNotify
HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.
π@cveNotify
Hcl-Software
Security Bulletin: Unprotected files are impacting HCL Unica Platform - Customer Support
Unprotected files due to improper access controls are impacting HCL Unica Platform.
π¨ CVE-2025-11661
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery
π@cveNotify
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery
π@cveNotify
GitHub
6 Β· Issue #6 Β· qqy-123/cve
Widespread Missing Authentication in School Management System CVE ID: CVE-2025-11661 Published: 2025-09-27 Product: School Management System Vendor/Project: ProjectsAndPrograms/school-management-sy...
π¨ CVE-2025-11662
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
GitHub - Scorbunny2/Best-salon-management-system-SQL-injection: During the security review of "Best salon management system", discoveredβ¦
During the security review of "Best salon management system", discovered a critical SQL injection vulnerability in the "booking.php" file. - Scorbunny2/Best-salo...
π¨ CVE-2025-31995
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.
π@cveNotify
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Unica MaxAI is vulnerable to improper input validation - Customer Support
Improper input validation affects HCL Unica MaxAI Workbench.
π¨ CVE-2025-11663
A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/manage-services.php cross site scripting Β· Issueβ¦
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/manage-services.php cross site scripting Email OF AFFECTED PRODUCT(S) Complete Online Beauty Parlor Management System V...
π¨ CVE-2025-9698
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
π@cveNotify
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
π@cveNotify
WPScan
The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
See details on The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS CVE 2025-9698. View the latest Plugin Vulnerabilities on WPScan.
β€1π₯1
π¨ CVE-2025-0636
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
π@cveNotify
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson High Severity Vulnerability in EMCLI included in Ericsson RAN Compute and Site Controller, Octoberβ¦
Summary: Ericsson has released an update for EMCLI to address a high severity vulnerability. Ericsson PSIRT is not aware of any public announcements or...
π¨ CVE-2025-11664
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/search-appointment.php SQL injection Β· Issue #13β¦
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/search-appointment.php SQL injection NAME OF AFFECTED PRODUCT(S) Complete Online Beauty Parlor Management System Vendor...
π¨ CVE-2025-11665
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
IOT_Firmware_Update/Dlink/DAP-2695.md at main Β· IOTRes/IOT_Firmware_Update
Contribute to IOTRes/IOT_Firmware_Update development by creating an account on GitHub.
π¨ CVE-2025-11666
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.
π@cveNotify
GitHub
IOT_Firmware_Update/Tenda/RP3.md at main Β· IOTRes/IOT_Firmware_Update
Contribute to IOTRes/IOT_Firmware_Update development by creating an account on GitHub.
π¨ CVE-2025-27258
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
π@cveNotify
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson Network Manager (ENM), October 2025
Summary: Ericsson has released two separate updates which address two security vulnerabilities found in Ericsson Network Manager (ENM). Vulnerability...
π¨ CVE-2025-27259
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
π@cveNotify
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson Network Manager (ENM), October 2025
Summary: Ericsson has released two separate updates which address two security vulnerabilities found in Ericsson Network Manager (ENM). Vulnerability...