5.1
CVE-2025-11665 - D-Link DAP-2695 Firmware Update rgbin fwupdater_main os command injection
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products thaβ¦
8.4
CVE-2025-0636 - Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
6.9
CVE-2025-27258 - Ericsson Network Manager: escalation of privilege vulnerability
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
2.4
CVE-2025-27259 - Ericsson Network Manager: improper neutralization of user controlled input
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
5.1
CVE-2025-11664 - Campcodes Online Beauty Parlor Management System search-appointment.php sql injection
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exβ¦
6.8
CVE-2025-9698 - The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
5.1
CVE-2025-11663 - Campcodes Online Beauty Parlor Management System manage-services.php sql injection
A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been madeβ¦
6.9
CVE-2025-11662 - SourceCodester Best Salon Management System booking.php sql injection
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the pubβ¦
3.5
CVE-2025-31995 - HCL Unica MaxAI Workbench is vulnerable to improper input validation
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.
6.9
CVE-2025-11661 - ProjectsAndPrograms School Management System missing authentication
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and β¦