Security Vulnerabilities - CVEs Published In November 2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-03
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-03
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-03
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
CVSS Score
9.4
EPSS Score
0.001
Published
2025-11-03
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-03
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-03
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-03
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-03
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-11-03
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-11-03