Skip to main content
CVE-2025-6919 CRITICAL Act Now

SQL injection in Cats Information Technology's Aykome License Tracking System (versions prior to the 06.10.2025 build) allows remote unauthenticated attackers to manipulate backend database queries via crafted input. The flaw carries a critical 9.8 CVSS score with full confidentiality, integrity, and availability impact, though EPSS rates near-term exploitation probability at only 0.04% and no public exploit identified at time of analysis. The vulnerability was disclosed by Turkey's national CERT (USOM) under advisory TR-25-0332.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-11661 MEDIUM POC This Month

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery

Authentication Bypass School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-11660 MEDIUM POC This Month

A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11659 MEDIUM POC This Month

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11658 MEDIUM POC This Month

A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11657 MEDIUM POC This Month

A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11656 MEDIUM POC This Month

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11662 MEDIUM POC This Month

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Best Salon Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-9902 HIGH This Week

Information disclosure in AKIN Software's QRMenu (versions 1.05.12 up to the build dated 05.09.2025) allows unauthenticated remote attackers to access other users' or tenants' data by manipulating user-controlled identifiers in requests (IDOR). Reported by Turkey's national CSIRT (USOM); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11666 HIGH This Week

Hard-coded credentials in Tenda RP3 Pro firmware (versions up to 22.5.7.93) allow local high-privilege attackers to bypass authentication during firmware updates via the force_upgrade.sh script. Public exploit code exists on GitHub. CVSS 7.0 (High) reflects local access requirement with high privileges, making this a lower real-world priority despite the severity rating - exploitation requires an attacker to already have administrative console access to the device.

Tenda Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-11667 LOW POC Monitor

SQL injection in Automated Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/add_candidate_modal.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a very low CVSS score (2.1) due to requirement for authenticated access and limited scope, but publicly available exploit code exists. Active exploitation is not confirmed in CISA KEV, and the EPSS score of 0.01% indicates minimal real-world exploitation probability despite public POC availability.

PHP SQLi Automated Voting System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11663 LOW POC Monitor

SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows authenticated high-privilege administrators to execute arbitrary SQL queries via the sername parameter in /admin/manage-services.php. The vulnerability requires high administrative privileges and has publicly available exploit code, though real-world impact is limited by its requirement for already-compromised admin accounts with no lateral movement or privilege escalation capability.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11668 LOW POC Monitor

SQL injection in Automated Voting System 1.0 allows high-privileged remote attackers to manipulate the Password parameter in /admin/update_user.php, potentially causing limited confidentiality and integrity impacts. The vulnerability requires admin-level privileges (PR:H) to exploit and has publicly available exploit code, but carries very low real-world risk due to EPSS of 0.01% and the high privilege requirement that limits practical attack surface.

PHP SQLi Automated Voting System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11664 LOW POC Monitor

SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows high-privileged attackers to manipulate the searchdata parameter in /admin/search-appointment.php, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires administrative privileges to exploit and has a publicly disclosed proof-of-concept, though real-world exploitation risk is minimal given the EPSS score of 0.01% and the requirement for high-privilege access.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11654 MEDIUM This Month

A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function of the file /log.php. Such manipulation of the argument cemail/password leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-39964 LOW PATCH Monitor

Concurrent write access to AF_ALG cryptographic sockets in the Linux kernel corrupts internal socket state and interleaves cryptographic data in an unpredictable manner, undermining the integrity and availability of kernel crypto operations for local users. The flaw spans multiple stable kernel branches up to and including 6.17-rc4, with six upstream patch commits available. No public exploit or active exploitation has been identified; the Siemens SSA-019113 advisory confirms downstream impact on industrial and embedded Linux-based products.

Linux Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-11655 LOW Monitor

Improper access control in Total.js Flow SVG File Handler allows high-privileged remote attackers to upload files without proper restrictions, bypassing upload security controls. The vulnerability affects versions up to commit 673ef9144dd25d4f4fd4fdfda5af27f230198924 and has public exploit code available, though real-world exploitation risk is constrained by the requirement for administrative privileges (PR:H in CVSS vector) and minor confidentiality/integrity impact.

Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy