Skip to main content
CVE-2025-11407 LOW POC Monitor

OS command injection in D-Link DI-7001 MINI firmware 24.04.18B1 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the path argument in /upgrade_filter.asp. Public exploit code is available, though the CVSS 2.1 score and 0.07% EPSS percentile indicate limited real-world exploitation likelihood despite the vulnerability's remote network accessibility.

Command Injection D-Link Di 7001Mini 8G Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11390 LOW POC Monitor

Stored cross-site scripting (XSS) in PHPGurukul Cyber Cafe Management System 1.0 allows remote attackers to inject malicious scripts via the searchdata POST parameter in /search.php, requiring user interaction to execute. The vulnerability has a low CVSS score (2.1) due to limited impact scope, but publicly available exploit code exists and the EPSS score (0.05%, 14th percentile) suggests minimal real-world exploitation likelihood despite public availability.

PHP XSS Cyber Cafe Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11354 LOW POC Monitor

Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload files via manipulation of the image parameter in /admin/addslideexec.php, leading to potential remote code execution. The CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact due to authentication requirements (PR:L), but publicly available exploit code exists and the low EPSS score (0.05%, 14th percentile) indicates exploitation is unlikely to be widespread in practice.

PHP Authentication Bypass File Upload Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11353 LOW POC Monitor

Code-Projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /admin/addgalleryexec.php, bypassing file upload restrictions. The vulnerability requires valid admin credentials (PR:L in CVSS vector) and results in limited confidentiality, integrity, and availability impact. Public exploit code is available, though the low EPSS score (0.04%) and limited scope suggest this is not actively exploited at scale.

PHP Authentication Bypass File Upload Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11352 LOW POC Monitor

Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/addexec.php, potentially leading to remote code execution. The vulnerability has a low CVSS score (2.1) due to requirement for low-privilege authentication and limited impact scope, but publicly available exploit code exists and the issue affects confidentiality, integrity, and availability at the application layer.

PHP Authentication Bypass File Upload Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11351 LOW POC Monitor

Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/editpicexec.php, potentially leading to remote code execution. The vulnerability affects a low-impact scope but is publicly exploitable by authenticated users; EPSS scores this at 0.04% exploitation probability despite public POC availability, indicating limited real-world adoption of the vulnerable software.

PHP Authentication Bypass File Upload Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11398 LOW POC Monitor

Unrestricted file upload vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /profile.php, with publicly available exploit code and low real-world risk despite network accessibility due to authentication requirement and minimal impact scope.

PHP Authentication Bypass File Upload Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11410 LOW POC Monitor

SQL injection in Campcodes Advanced Online Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/voters_add.php, leading to limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and has a publicly available exploit, but EPSS scoring (0.03%, percentile 8%) suggests low real-world exploitation probability despite public POC availability.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11409 LOW POC Monitor

SQL injection in Campcodes Advanced Online Voting Management System 1.0 allows authenticated remote attackers to manipulate the voter parameter in /index.php, potentially leading to unauthorized data access or modification. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and exploitation probability is rated at 8th percentile by EPSS, suggesting this remains a lower-priority issue despite public POC availability.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11359 LOW POC Monitor

SQL injection in Simple Banking System 1.0 via the ID parameter in /transfermoney.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. The vulnerability requires login credentials (PR:L) and exploitation probability is low (EPSS 0.03%), but publicly available exploit code exists and disclosure has occurred.

PHP SQLi Simple Banking System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11358 LOW POC Monitor

SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /removeuser.php, leading to unauthorized database queries with limited information disclosure impact. The CVSS score of 2.1 reflects restricted exploitation scope (authenticated access required, PR:L), but publicly available exploit code exists, warranting patched deployment if still in use.

PHP SQLi Simple Banking System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11357 LOW POC Monitor

SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /createuser.php and execute arbitrary SQL queries, resulting in limited impact to confidentiality, integrity, and availability. The vulnerability has a low CVSS score of 2.1 due to requirement for prior authentication (PR:L) and limited scope of impact, but publicly available exploit code exists and the EPSS score of 0.03% suggests minimal real-world exploitation probability despite public POC availability.

PHP SQLi Simple Banking System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11405 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /del_tax.php. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited technical impact, but publicly available exploit code exists and the EPSS score of 0.03% indicates minimal real-world exploitation probability despite public POC availability.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11404 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the percentage argument in /pages/save_tax.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS score of 0.03% suggests low real-world exploitation probability despite the SQL injection capability.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11403 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_booking.php, enabling unauthorized database queries with limited impact on confidentiality and integrity. Publicly available exploit code exists, but the EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, likely due to authentication requirement and limited scope of impact.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11402 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_curr.php, enabling database query modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates low real-world exploitation probability despite public disclosure, suggesting limited practical risk in typical deployments.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11401 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the currcode parameter in /pages/save_curr.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. CVSS 2.1 reflects the authentication requirement (PR:L) and restricted scope, but publicly available exploit code exists despite low EPSS score (0.03%), suggesting this is a low-priority threat suitable only for defense-in-depth and secure coding reviews rather than emergency patching.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11400 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_room.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists; however, EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, suggesting this is primarily a security researcher proof-of-concept rather than an active threat.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11399 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the floorno parameter in /pages/save_room.php, affecting data confidentiality and integrity with limited scope. CVSS score of 2.1 reflects low severity due to authentication requirement and limited impact, though publicly available exploit code exists and EPSS suggests minimal real-world exploitation probability at 0.03%.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11414 LOW POC Monitor

Out-of-bounds read vulnerability in GNU Binutils 2.45 linker allows local authenticated attackers to trigger memory access violations via crafted input to the get_link_hash_entry function in bfd/elflink.c. The vulnerability has low severity (CVSS 1.9) with minimal direct impact but publicly available exploit code exists. Upgrade to version 2.46 resolves the issue.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11412 LOW POC PATCH Monitor

Out-of-bounds read in GNU Binutils 2.45 linker component affects the bfd_elf_gc_record_vtentry function in bfd/elflink.c, allowing authenticated local attackers to trigger memory access violations. The CVSS score of 1.9 reflects low real-world impact (no confidentiality, integrity, or system-level damage) despite the out-of-bounds read classification, suggesting this is primarily a denial-of-service vector or development/debugging concern rather than a critical exploitation pathway. Publicly available exploit code exists, but EPSS exploitation probability remains very low at 0.03 percentile, indicating minimal real-world adoption despite public disclosure.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-11413 LOW POC PATCH Monitor

Out-of-bounds read in GNU Binutils 2.45 linker function elf_link_add_object_symbols allows local authenticated attackers to trigger memory disclosure or denial of service by providing a malformed ELF object file. Publicly available exploit code exists, though EPSS assessment indicates very low exploitation probability (0.03%) in practice. Patch available in version 2.46.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2022-50522 LOW PATCH Monitor

CVE-2022-50522 is a security vulnerability (CVSS 3.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-11406 LOW Monitor

Information disclosure in kaifangqian-base's SysUserController.getAllUsers endpoint allows authenticated remote attackers to retrieve sensitive user data. The vulnerability affects the function up to commit 7b3faecda13848b3ced6c17c7423b76c5b47b8ab and requires login credentials (PR:L in CVSS 4.0), limiting exposure to authenticated users. Public exploit code exists, but the low CVSS score (2.1) and minimal EPSS percentile (8%) suggest limited real-world exploitation despite public availability.

Information Disclosure Java
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy