Skip to main content
CVE-2025-60957 CRITICAL Act Now

Authenticated command injection in EndRun Technologies Sonoma D12 GPS Network Time Server firmware (build 6010-0071-000, Ver 4.00) lets a low-privileged user inject OS commands that run on the underlying appliance, yielding arbitrary code execution, privilege escalation, information disclosure, and denial of service. The CVSS 3.1 vector (AV:N/AC:L/PR:L/S:C) shows a network-reachable, low-complexity flaw whose scope change lets a foothold on the management interface compromise the whole device. A third-party advisory (xdiv-sec) documents the issue; there is no public exploit identified and no CISA KEV listing at time of analysis, and EPSS is a modest 1.58% (73rd percentile).

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.6%
CVE-2025-11318 MEDIUM POC This Month

A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the argument File results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass File Upload Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11341 MEDIUM POC This Month

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

XXE Jinher Oa
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11317 MEDIUM POC This Month

A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11316 MEDIUM POC This Month

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11314 MEDIUM POC This Month

A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11313 MEDIUM POC This Month

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11312 MEDIUM POC This Month

A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11311 MEDIUM POC This Month

A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11310 MEDIUM POC This Month

A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11334 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11329 MEDIUM POC This Month

A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

PHP SQLi Online Course Registration Site
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11343 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Crud Operation System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11315 MEDIUM POC This Month

A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of the argument sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-60965 CRITICAL Act Now

Authenticated OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets a privileged remote user inject arbitrary operating-system commands that run outside the vulnerable component, yielding full device takeover, denial of service, privilege escalation, and disclosure of sensitive timing/configuration data. Because Network Time Servers act as an authoritative time source for entire environments, compromise can cascade into time-manipulation attacks against downstream systems (logging, certificates, Kerberos). This is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documents the flaw; EPSS is modest at 1.63% (73rd percentile).

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2025-60964 CRITICAL Act Now

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets an authenticated high-privileged operator inject shell commands into the appliance's underlying OS, escaping the management application to run arbitrary code as the device. Because the appliance is a hardened timing source, successful exploitation yields full compromise: code execution, denial of service, privilege escalation, and disclosure of sensitive data. No public exploit is identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; the EPSS score is moderate at 1.63% (73rd percentile) and the CVE is not on CISA KEV.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2025-60963 HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject shell commands that the appliance executes, enabling arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data. The NVD CVSS 3.1 base score is 8.2 (AV:N/AC:L/PR:N/UI:N) and a third-party technical advisory (xdiv-sec) has been published, but there is no public exploit identified at time of analysis and the flaw is not on CISA KEV. EPSS is modest at 1.20% (64th percentile), indicating no observed mass exploitation to date.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2025-60960 HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, Ver 4.00) lets remote attackers inject operating-system commands into the appliance, enabling arbitrary code execution, privilege escalation, disclosure of sensitive data, and disruption of the device's timing service. A third-party advisory (xdiv-sec) documents the issue, but no public exploit was identified at time of analysis and it is not listed in CISA KEV; EPSS is modest at 1.20% (64th percentile). Because this device supplies authoritative time to dependent infrastructure, compromise can cascade beyond the appliance itself.

Command Injection Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2025-60962 HIGH This Week

OS command injection in EndRun Technologies' Sonoma D12 GPS Network Time Server (firmware 6010-0071-000, version 4.00) lets remote attackers inject operating-system commands through the appliance's management interface, exposing sensitive information and, per the CVSS integrity rating, allowing manipulation of the device. The vendor-supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, score 8.2) indicates network-reachable, low-complexity exploitation, and an independent security-research advisory (xdiv-sec) documents the flaw. No public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS is 1.00% (59th percentile), signaling low measured exploitation activity so far.

Command Injection Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2025-60959 HIGH This Week

OS command injection in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets remote attackers inject operating-system commands and extract sensitive information from the appliance. The flaw is reachable over the network without authentication per the published CVSS vector, and a third-party security advisory (xdiv-sec) documents the issue. No public exploit identified at time of analysis, and EPSS probability is low (1.00%, 59th percentile).

Command Injection Sonoma D12 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2025-60956 HIGH This Week

Cross-site request forgery in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets a remote attacker forge state-changing web requests that a logged-in operator's browser executes, chaining into arbitrary code execution, denial of service, privilege escalation, and disclosure of sensitive data on the appliance. Any organization relying on this GPS-disciplined NTP appliance for time synchronization is affected. No public exploit identified at time of analysis, though an independent research advisory (xdiv-sec) documenting the flaw has been published.

CSRF Denial Of Service RCE Sonoma D12 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-60967 HIGH This Week

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000, version 4.00) lets an attacker inject script into the appliance's web management interface, executing in the browser of an authenticated operator who views the malicious content and enabling theft of session data and sensitive configuration information. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R) indicates a remote, low-complexity attack that requires low-privilege access to inject and victim interaction to trigger. No public exploit identified at time of analysis, though a third-party research advisory (xdiv-sec) documents the finding; EPSS is low at 0.28% (20th percentile).

XSS Sonoma D12 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-60958 HIGH This Week

Cross-site scripting in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0071-000 Ver 4.00) lets an attacker inject script into the device's web management interface to steal sensitive information such as session data or configuration from an authenticated operator. Exploitation requires a low-privileged authenticated context and victim interaction (a user must load the malicious content), and there is no public exploit identified at time of analysis, though a third-party advisory (xdiv-sec) documenting the flaw is publicly available. EPSS is low at 0.28% (20th percentile), and the issue is not listed in CISA KEV.

XSS Sonoma D12 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-60961 MEDIUM This Month

Cross-site scripting in EndRun Technologies Sonoma D12 GPS Network Time Server firmware 6010-0071-000 Ver 4.00 allows a remote unauthenticated attacker to inject and execute malicious scripts in the context of an authenticated user's browser session against the device's web management interface. Exploitation requires the attacker to trick an administrator into interacting with a crafted URL or page, after which the scope crosses into the victim's browser context, enabling session theft or credential harvesting. No public exploit confirmed at time of analysis, and EPSS of 0.22% (13th percentile) signals low automated exploitation activity.

XSS Sonoma D12 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-11330 LOW POC Monitor

SQL injection in PHPGurukul Beauty Parlour Management System 1.1 allows authenticated remote attackers to execute arbitrary SQL queries via manipulated fromdate and todate parameters in /admin/sales-reports-detail.php. The vulnerability has low real-world impact (CVSS 2.1, EPSS 0.04%) despite public exploit availability, as it requires valid admin authentication and yields only limited data disclosure without full database manipulation capability.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11331 LOW POC Monitor

Command injection in IdeaCMS up to version 1.8 allows high-privileged remote attackers to execute arbitrary system commands via manipulation of the 网站名称 (website name) parameter in the Website Name Handler component. The vulnerability exists in app/common/logic/admin/Config.php and requires high-privilege credentials but has publicly available exploit code and carries notable risk given the vendor's non-responsiveness to early disclosure.

PHP Command Injection Ideacms
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-0606 MEDIUM This Month

Authorization bypass in Logo Cloud (all versions before 0.67) allows an authenticated high-privilege user to manipulate user-controlled key parameters to access resources outside their authorization scope via forceful browsing, resulting in high confidentiality impact alongside limited integrity and availability effects. The flaw is a classic Insecure Direct Object Reference (IDOR) pattern (CWE-639) made exploitable over the network without user interaction. No public exploit code exists and the EPSS score sits at 0.05% (17th percentile), indicating very low observed exploitation probability; however, the data-exposure risk for affected deployments warrants prompt patching to version 0.67.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-11342 LOW POC Monitor

SQL injection in code-projects Online Course Registration 1.0 allows high-privileged remote attackers to manipulate the coursecode parameter in /admin/edit-course.php, potentially extracting or modifying database contents. CVSS 4.0 reflects limited scope (only confidentiality/integrity impact to database layer with no system scope expansion), but the vulnerability requires administrative authentication (PR:H), significantly constraining real-world risk despite public exploit availability and 0.03% EPSS indicating minimal spontaneous exploitation likelihood.

PHP SQLi Online Course Registration Site
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11332 LOW POC Monitor

Reflected cross-site scripting (XSS) in CmsEasy up to version 7.7.7 allows authenticated remote attackers to inject malicious scripts via manipulation of the PHP_SELF argument in the URL handler component (lib/inc/view.php). The vulnerability requires user interaction (clicking a malicious link) and user login to trigger, resulting in limited integrity impact. Publicly available exploit code exists, though EPSS score remains low at 0.03%, reflecting the significant prerequisites (authentication and user click required) that limit real-world exploitation potential. The vendor has not responded to disclosure attempts.

PHP XSS Cmseasy
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-60969 MEDIUM This Month

Path traversal in the EndRun Technologies Sonoma D12 GPS Network Time Server (firmware 6010-0076-000 Ver 4.00) exposes sensitive files to authenticated network attackers. The flaw resides in the device's web interface, where insufficiently validated path input allows an attacker to escape the intended directory root and read arbitrary files from the underlying filesystem. No public exploit code or active exploitation has been confirmed at time of analysis, but a third-party security researcher advisory exists at xdiv-sec.github.io detailing the issue.

Path Traversal Sonoma D12 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2025-0608 MEDIUM This Month

Open redirect in Logo Cloud before version 2025.R6 enables phishing and forceful browsing attacks against authenticated users who click attacker-crafted URLs. The CVSS vector (PR:L/UI:R) confirms the attacker requires low-privilege access and victim interaction, making this a social-engineering-dependent vulnerability. No public exploit code exists and EPSS sits at 0.03% (10th percentile), indicating negligible opportunistic exploitation activity at time of analysis.

Open Redirect
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0609 MEDIUM This Month

Stored or persistent cross-site scripting in Logo Cloud versions before 1.18 allows a high-privileged authenticated attacker to inject malicious scripts into web pages served by the application. Successful exploitation can result in limited confidentiality, integrity, and availability impact within the application's scope. No public exploit code exists and EPSS sits at the 14th percentile (0.04%), indicating this is not actively targeted in the wild at time of analysis.

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-0607 MEDIUM This Month

Improper output encoding in Logo Cloud before version 2.57 enables phishing attacks by allowing injected or unescaped content to be rendered in the application context. The CVSS vector (PR:H/UI:R) narrows the realistic threat to authenticated high-privilege users who can introduce malicious output that is then presented to other users without proper sanitization. No active exploitation is confirmed - no CISA KEV listing and an EPSS score of 0.03% (10th percentile) both signal this is low-priority in the broader threat landscape.

Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11322 LOW Monitor

Weak password requirements in Mangati NovoSGA up to version 2.2.12 allow remote attackers to bypass password policy validation during user account creation via manipulation of the Senha/Confirmação da senha (password/password confirmation) parameters on the /novosga.users/new endpoint. The vulnerability is difficult to exploit (CVSS AC:H) and offers only low confidentiality impact, but public exploit code is available and enables brute-force attacks against weak user credentials. EPSS score of 0.04% (percentile 12%) indicates limited real-world exploitation likelihood despite CVE publication.

Information Disclosure Brute Force
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-11320 LOW Monitor

Unrestricted file upload in zhuimengshaonian wisdom-education up to version 1.0.4 allows authenticated remote attackers to upload arbitrary files via the uploadFile function in UploadController.java, potentially enabling remote code execution or system compromise. The vulnerability has publicly disclosed exploit code available. Despite a low CVSS score of 2.1 reflecting limited direct impact scope, the presence of public exploits and authentication bypass tags suggests practical exploitation risk in environments where attacker access is feasible.

Java Authentication Bypass File Upload
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11321 LOW Monitor

Authorization bypass in zhuimengshaonian wisdom-education up to version 1.0.4 allows authenticated remote attackers to manipulate the subjectId parameter in WrongBookController.java to access unauthorized resources. The vulnerability has a low CVSS score (2.1) due to limited confidentiality impact and requirement for prior authentication, but publicly available exploit code exists and the attack vector is entirely network-accessible.

Java Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11319 LOW Monitor

SQL injection in nahiduddinahammed Hospital-Management-System-Website allows authenticated remote attackers to execute arbitrary SQL queries via the ai parameter in /delete.php, with public exploit code available. The CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world risk despite network accessibility, as exploitation requires valid user authentication and produces only limited confidentiality impact. The vendor has not responded to disclosure attempts.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11335 LOW Monitor

Command injection in D-Link DI-7100G C1 firmware up to version 20250928 allows remote authenticated attackers to execute arbitrary commands via the iface parameter in the /msp_info.htm?flag=qos endpoint of the jhttpd component. The vulnerability requires high-level administrative privileges and publicly available exploit code exists, but EPSS score of 0.06% indicates exploitation is unlikely in real-world scenarios due to the privilege requirement.

Command Injection D-Link Di 7100g C1 Firmware
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-11333 LOW Monitor

Stored cross-site scripting (XSS) in Langley FCU Online Banking System via the First Name field on the Add Customer Page (/customer_add_action.php) allows high-privileged authenticated users to inject malicious scripts affecting other users. The CVSS score of 1.9 reflects the high privilege requirement (PR:H) and user interaction dependency (UI:P), limiting real-world risk despite public exploit availability. No active exploitation has been confirmed in CISA KEV at time of analysis.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy