6.9
CVE-2025-11557 - projectworlds Gate Pass Management System add-pass.php sql injection
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publicβ¦
6.3
CVE-2025-61783 - Python Social Auth - Django has unsafe account association
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service dβ¦
8.7
CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key).β¦
0.0
CVE-2025-43296 -
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
8.1
CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsaβ¦
7.2
CVE-2025-34248 - D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File Deletion
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity β¦
7.5
CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaβ¦
6.9
CVE-2025-11556 - code-projects Simple Leave Manager user.php sql injection
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
6.9
CVE-2025-11555 - Campcodes Online Learning Management System calendar_of_events.php sql injection
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be launched remotely. The exploit is now public and may be usβ¦
7.5
CVE-2025-61601 - BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation
BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array β¦