Vulnerability Summary for the Week of September 1, 2025

2025-09-08 19:09

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
1000projects–Beauty Parlour Management System	A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.	2025-09-03	7.3	CVE-2025-9919
1000projects–Beauty Parlour Management System	A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.	2025-09-03	7.3	CVE-2025-9930
aakash1911–WP likes	Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This issue affects WP likes: from n/a through 3.1.1.	2025-09-05	7.1	CVE-2025-58848
Akinsoft–e-Mutabakat	Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.	2025-09-04	8.6	CVE-2025-2417
Akin […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of September 1, 2025 Tags: Bulletins EN Post navigation ← GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies This “insidious” police tech claims to predict crime (Lock and Code S06E18) → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts New 3D mapping tech goes way beyond GPS to let us see the earth in ways never before possible September 9, 2025 18 Popular Code Packages Hacked, Rigged to Steal Crypto September 9, 2025 Netskope follows Rubrik as a rare cybersecurity IPO, both backed by Lightspeed September 9, 2025 IT Security News Hourly Summary 2025-09-09 00h : 6 posts September 9, 2025 IT Security News Daily Summary 2025-09-08 September 9, 2025 NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages September 9, 2025 Apple Event live updates 2025: Last minute leaks on iPhone 17, AirPods 3, Apple Watch Series 11, more September 8, 2025 Google Meet is back after an outage. Here are a few workarounds for next time September 8, 2025 7 most exciting tech accessories from IFA 2025 (and that you can actually buy) September 8, 2025 Innovator Spotlight: Seraphic September 8, 2025 The US government has no idea how many cybersecurity pros it employs September 8, 2025 Report: OpenAI will launch its own AI chip next year September 8, 2025 7 useful iOS 26 AI features launching alongside iPhone 17 (and these older models) September 8, 2025 Why I recommend these OnePlus earbuds over pricier models (including AirPods) – and they’re on sale September 8, 2025 Why the new Apple Watch Series 11 may be the most ambitious model we’ve seen yet September 8, 2025 Every iPhone model that supports Apple’s new iOS 26 AI features (and no, its not just the iPhone 17) September 8, 2025 Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack September 8, 2025 When You’re Always Under #DDoS Attack September 8, 2025 Drift massive attack traced back to loose Salesloft GitHub account September 8, 2025 IT Security News Hourly Summary 2025-09-08 21h : 10 posts September 8, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}