5.3
CVE-2025-11511 - code-projects E-Commerce Website supplier_add.php sql injection
A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
10
CVE-2025-61913 - Flowise is vulnerable to arbitrary file read, arbitrary file write
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any paโฆ
5.3
CVE-2025-11509 - code-projects E-Commerce Website product_add.php sql injection
A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/product_add.php. Performing manipulation of the argument prod_name results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
5.1
CVE-2025-11508 - code-projects Voting System voters_add.php unrestricted upload
A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/voters_add.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and mโฆ
8.8
CVE-2025-11535 - MongoDB Connector for BI installation MSI leave ACLs unset on custom installation directories
MongoDB Connector for BI installation viaย MSIย on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24.
9.3
CVE-2017-20202 - Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake โrepairโ alerts that redirected users to affiliโฆ
9.3
CVE-2017-20201 - CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functioโฆ
6.9
CVE-2025-11507 - PHPGurukul Beauty Parlour Management System search-invoices.php sql injection
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made aโฆ
6.9
CVE-2025-11506 - PHPGurukul Beauty Parlour Management System search-appointment.php sql injection
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The explโฆ
6.9
CVE-2025-11505 - PHPGurukul Beauty Parlour Management System new-appointment.php sql injection
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly availableโฆ