Skip to main content
CVE-2025-6533 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Authentication Bypass
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-6552 LOW POC Monitor

A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Open Redirect
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6569 LOW POC Monitor

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6532 LOW POC Monitor

A security vulnerability in NOYAFA/Xiami LF9 Pro (CVSS 4.3). Risk factors: public PoC available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6581 LOW POC Monitor

A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobilenum/gender/details/dob/marriage_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6570 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6535 LOW POC Monitor

A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation of the argument sort/order leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6551 LOW POC Monitor

A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6534 LOW POC Monitor

A remote code execution vulnerability in xxyopen/201206030 novel-plus (CVSS 4.2). Risk factors: public PoC available.

Information Disclosure Java
NVD VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-48463 LOW Monitor

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.

Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-6531 LOW Monitor

A security vulnerability in SIFUSM/MZZYG BD S1 (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-6536 LOW PATCH Monitor

A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-52884 LOW PATCH Monitor

A security vulnerability in RISC Zero (CVSS 1.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub
CVSS 4.0
1.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy