6.9
CVE-2025-11506 - PHPGurukul Beauty Parlour Management System search-appointment.php sql injection
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The explโฆ
6.9
CVE-2025-11505 - PHPGurukul Beauty Parlour Management System new-appointment.php sql injection
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly availableโฆ
6.9
CVE-2025-11503 - PHPGurukul Beauty Parlour Management System manage-services.php sql injection
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has beโฆ
4.8
CVE-2025-11495 - GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclโฆ
4.8
CVE-2025-11494 - GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be usedโฆ
5.3
CVE-2025-11491 - wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made publโฆ
5.3
CVE-2025-11490 - wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injโฆ
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from remotโฆ
2.3
CVE-2025-61906 - Opencast's editor accidentally publishes videos/overwrites publications #1626
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for publisโฆ
5.1
CVE-2025-61788 - Opencast Paella Player 7 vulnerable to Cross-Site-Scripting
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodified. The vulnerability allows attackers to โฆ
2
CVE-2025-11489 - wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The attack'โฆ