🚨 CVE-2025-11663
A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
GitHub
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/manage-services.php cross site scripting · Issue…
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/manage-services.php cross site scripting Email OF AFFECTED PRODUCT(S) Complete Online Beauty Parlor Management System V...
🚨 CVE-2025-9698
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
🎖@cveNotify
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
🎖@cveNotify
WPScan
The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
See details on The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS CVE 2025-9698. View the latest Plugin Vulnerabilities on WPScan.
❤1🔥1
🚨 CVE-2025-0636
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
🎖@cveNotify
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
🎖@cveNotify
ericsson.com
Security Bulletin – Ericsson High Severity Vulnerability in EMCLI included in Ericsson RAN Compute and Site Controller, October…
Summary: Ericsson has released an update for EMCLI to address a high severity vulnerability. Ericsson PSIRT is not aware of any public announcements or...
🚨 CVE-2025-11664
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
GitHub
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/search-appointment.php SQL injection · Issue #13…
campcodes Complete Online Beauty Parlor Management System Project V1.0 /admin/search-appointment.php SQL injection NAME OF AFFECTED PRODUCT(S) Complete Online Beauty Parlor Management System Vendor...
🚨 CVE-2025-11665
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
GitHub
IOT_Firmware_Update/Dlink/DAP-2695.md at main · IOTRes/IOT_Firmware_Update
Contribute to IOTRes/IOT_Firmware_Update development by creating an account on GitHub.
🚨 CVE-2025-11666
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can only be executed locally. The exploit has been published and may be used.
🎖@cveNotify
GitHub
IOT_Firmware_Update/Tenda/RP3.md at main · IOTRes/IOT_Firmware_Update
Contribute to IOTRes/IOT_Firmware_Update development by creating an account on GitHub.
🚨 CVE-2025-27258
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
🎖@cveNotify
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
🎖@cveNotify
ericsson.com
Security Bulletin – Ericsson Network Manager (ENM), October 2025
Summary: Ericsson has released two separate updates which address two security vulnerabilities found in Ericsson Network Manager (ENM). Vulnerability...
🚨 CVE-2025-27259
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
🎖@cveNotify
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
🎖@cveNotify
ericsson.com
Security Bulletin – Ericsson Network Manager (ENM), October 2025
Summary: Ericsson has released two separate updates which address two security vulnerabilities found in Ericsson Network Manager (ENM). Vulnerability...
🚨 CVE-2025-8915
Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
🎖@cveNotify
Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
🎖@cveNotify
Kiloview
N30 Firmware Download(latest) – Kiloview
Kiloview N30 NDI bi-directional converter firmware download.
🚨 CVE-2025-9265
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects
Kiloview NDI N30
and was fixed in Firmware version later than 2.02.0246
🎖@cveNotify
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects
Kiloview NDI N30
and was fixed in Firmware version later than 2.02.0246
🎖@cveNotify
Kiloview
N30 Firmware Download(latest) – Kiloview
Kiloview N30 NDI bi-directional converter firmware download.
🔥1
🚨 CVE-2025-49177
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
🎖@cveNotify
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
🎖@cveNotify
🚨 CVE-2025-10552
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
CVE-2025-10552 - Dassault Systèmes
Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x.
🚨 CVE-2025-10556
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
CVE-2025-10556 - Dassault Systèmes
Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x.
🚨 CVE-2025-10557
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
CVE-2025-10557 - Dassault Systèmes
Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x.
🚨 CVE-2025-10558
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
🎖@cveNotify
Dassault Systèmes
CVE-2025-10558 - Dassault Systèmes
Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x.
🚨 CVE-2025-11667
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
🎖@cveNotify
🚨 CVE-2025-11668
A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
🚨 CVE-2025-11671
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses.
🎖@cveNotify
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses.
🎖@cveNotify
🚨 CVE-2025-11672
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
🎖@cveNotify
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
🎖@cveNotify
🚨 CVE-2025-11673
SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
🎖@cveNotify
SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
🎖@cveNotify
🚨 CVE-2025-11674
SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.
🎖@cveNotify
SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.
🎖@cveNotify