CVE-2025-6880 – SourceCodester Best Salon Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6880

Published : June 30, 2025, 1:15 a.m. | 2 hours, 11 minutes ago

Description : A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-0634 – Samsung rLottie After Free Remote Code Inclusion Vulnerability

CVE ID : CVE-2025-0634

Published : June 30, 2025, 2:15 a.m. | 1 hour, 11 minutes ago

Description : Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-53075 – Samsung Open Source rLottie Path Traversal Vulnerability

CVE ID : CVE-2025-53075

Published : June 30, 2025, 2:15 a.m. | 1 hour, 11 minutes ago

Description : Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46014 – Honor PC Manager Named Pipe Privilege Escalation Vulnerability

CVE ID : CVE-2025-46014

Published : June 30, 2025, 2:15 a.m. | 1 hour, 11 minutes ago

Description : Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6881 – D-Link jhttpd PPPoE Buffer Overflow Vulnerability

CVE ID : CVE-2025-6881

Published : June 30, 2025, 2:15 a.m. | 44 minutes ago

Description : A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoe_base.asp of the component jhttpd. The manipulation of the argument mschap_en leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

DistroWatch Weekly, Issue 1128

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: AxOS 25.06 and 25.01, AlmaLinux OS 10.0
News: Ubuntu to boost Intel graphics performance, Fedora discusses dropping i686 packages, SDesk switches from SELinux to AppArmor
Questions and answers: Transferring Flatpak packages between computers
Released last week: postmarketOS 25.06, Escuelas Linux 8.12, IPFire 2.29 Core 195,….

CVE-2025-6866 – Simple Forum PathTraversal

CVE ID : CVE-2025-6866

Published : June 29, 2025, 6:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6868 – SourceCodester Simple Company Website SQL Injection Vulnerability

CVE ID : CVE-2025-6868

Published : June 29, 2025, 7:15 p.m. | 3 hours, 9 minutes ago

Description : A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6867 – SourceCodester Simple Company Website SQL Injection Vulnerability

CVE ID : CVE-2025-6867

Published : June 29, 2025, 7:15 p.m. | 3 hours, 9 minutes ago

Description : A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-24290 – UISP Authenticated SQL Injection Privilege Escalation

CVE ID : CVE-2025-24290

Published : June 29, 2025, 8:15 p.m. | 2 hours, 14 minutes ago

Description : Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

CVE ID : CVE-2025-24289

Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago

Description : A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…