Skip to main content
CVE-2025-11667 LOW POC Monitor

SQL injection in Automated Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/add_candidate_modal.php, resulting in limited confidentiality, integrity, and availability impact. The vulnerability has a very low CVSS score (2.1) due to requirement for authenticated access and limited scope, but publicly available exploit code exists. Active exploitation is not confirmed in CISA KEV, and the EPSS score of 0.01% indicates minimal real-world exploitation probability despite public POC availability.

PHP SQLi Automated Voting System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11663 LOW POC Monitor

SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows authenticated high-privilege administrators to execute arbitrary SQL queries via the sername parameter in /admin/manage-services.php. The vulnerability requires high administrative privileges and has publicly available exploit code, though real-world impact is limited by its requirement for already-compromised admin accounts with no lateral movement or privilege escalation capability.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11668 LOW POC Monitor

SQL injection in Automated Voting System 1.0 allows high-privileged remote attackers to manipulate the Password parameter in /admin/update_user.php, potentially causing limited confidentiality and integrity impacts. The vulnerability requires admin-level privileges (PR:H) to exploit and has publicly available exploit code, but carries very low real-world risk due to EPSS of 0.01% and the high privilege requirement that limits practical attack surface.

PHP SQLi Automated Voting System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11664 LOW POC Monitor

SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows high-privileged attackers to manipulate the searchdata parameter in /admin/search-appointment.php, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires administrative privileges to exploit and has a publicly disclosed proof-of-concept, though real-world exploitation risk is minimal given the EPSS score of 0.01% and the requirement for high-privilege access.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-39964 LOW PATCH Monitor

Concurrent write access to AF_ALG cryptographic sockets in the Linux kernel corrupts internal socket state and interleaves cryptographic data in an unpredictable manner, undermining the integrity and availability of kernel crypto operations for local users. The flaw spans multiple stable kernel branches up to and including 6.17-rc4, with six upstream patch commits available. No public exploit or active exploitation has been identified; the Siemens SSA-019113 advisory confirms downstream impact on industrial and embedded Linux-based products.

Linux Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-11655 LOW Monitor

Improper access control in Total.js Flow SVG File Handler allows high-privileged remote attackers to upload files without proper restrictions, bypassing upload security controls. The vulnerability affects versions up to commit 673ef9144dd25d4f4fd4fdfda5af27f230198924 and has public exploit code available, though real-world exploitation risk is constrained by the requirement for administrative privileges (PR:H in CVSS vector) and minor confidentiality/integrity impact.

Authentication Bypass File Upload
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy