Skip to main content
CVE-2025-11589 LOW POC Monitor

SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the plan parameter in /admin/user-payment.php, resulting in limited data access. The vulnerability requires valid login credentials and has low real-world impact due to constrained scope (no server impact, no integrity violation), though publicly available exploit code exists and exploitation probability is minimal per EPSS analysis.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11588 LOW POC Monitor

SQL injection in CodeAstro Gym Management System 1.0 via the fullname parameter in /customer/index.php allows authenticated remote attackers to execute arbitrary SQL queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation despite public POC availability, likely due to authentication requirement and narrow deployment scope of this niche management application.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-52635 LOW Monitor

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52625 LOW Monitor

HCL AION 2.0 improperly caches sensitive SSL/HTTPS page content, allowing attackers or local users with device or browser access to retrieve cached credentials, system identifiers, and internal file paths. The vulnerability has a CVSS score of 3.7 (low severity) due to high attack complexity and local/physical access requirements, with no public exploit or active exploitation confirmed.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52634 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52630 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-11570 LOW Monitor

Cross-site scripting (XSS) in drupal-pattern-lab/unified-twig-extensions (all versions from 0.0.0) allows authenticated users to inject malicious scripts through insufficient output filtering, but only when the code is executed outside of Drupal environments such as Pattern Lab. The package is unmaintained; the vulnerability is fixed in the successor drupal/unified_twig_ext version 1.1.1. EPSS exploitation probability is extremely low at 0.02%, and no public exploit code has been identified.

XSS
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy