CVE Daily — Latest CVEs

Popular tags from the latest CVEs.

CVSS ≥ 0.0

Trends

New CVEs per day — New CVEs per day (open larger)

Top CWE categories — Top CWE categories (open larger)

Today’s CVEs (your timezone)

Medium

CVE-2025-9102

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.…

CVSS: 5.3 CWE: CWE-926

Low

CVE-2025-9101

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipul…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2025-9100

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment H…

CVSS: 5.3 CWE: CWE-287

Medium

CVE-2025-9099

A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulatio…

CVSS: 6.3 CWE: CWE-284

Medium

CVE-2025-9098

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulat…

CVSS: 5.3 CWE: CWE-926

Critical

CVE-2025-31715

In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privilege…

CVSS: 9.8 CWE: N/A

Medium

CVE-2025-31714

In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.

CVSS: 6.8 CWE: N/A

High

CVE-2025-31713

In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution pri…

CVSS: 8.4 CWE: N/A

Medium

CVE-2025-9097

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidM…

CVSS: 5.3 CWE: CWE-926

Low

CVE-2025-9096

A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoi…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2025-9095

A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST End…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2025-9094

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of…

CVSS: 4.3 CWE: CWE-791

High

CVE-2025-7342

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. Additionally, virtual machine images built us…

CVSS: 7.5 CWE: CWE-798

Medium

CVE-2025-9093

A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. T…

CVSS: 5.3 CWE: CWE-926

Low

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to har…

CVSS: 2.5 CWE: CWE-259

Medium

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation lead…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-9089

A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9088

A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the ar…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9087

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoi…

CVSS: 8.8 CWE: CWE-119

Unknown

CVE-2023-4515

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except…

CVSS: N/A CWE: N/A

Unknown

CVE-2023-4130

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers…

CVSS: N/A CWE: N/A

Unknown

CVE-2023-3867

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup…

CVSS: N/A CWE: N/A

Unknown

CVE-2023-3866

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in…

CVSS: N/A CWE: N/A

Unknown

CVE-2023-3865

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2_write ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->N…

CVSS: N/A CWE: N/A

Unknown

CVE-2023-32249

In the Linux kernel, the following vulnerability has been resolved: ksmbd: not allow guest user on multichannel This patch return STATUS_NOT_SUPPORTED if binding session is gues…

CVSS: N/A CWE: N/A

Unknown

CVE-2023-32246

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a…

CVSS: N/A CWE: N/A

Medium

CVE-2025-8878

The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary short…

CVSS: 6.5 CWE: CWE-94

Medium

CVE-2025-8143

The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient…

CVSS: 6.4 CWE: CWE-79

High

CVE-2025-8142

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for aut…

CVSS: 8.8 CWE: CWE-98

High

CVE-2025-8105

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execu…

CVSS: 7.3 CWE: CWE-94

Unknown

CVE-2025-38552

In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38551

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnl_lock() during probe() The deadlock appears in a stack trace like: virtnet_…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38550

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths When processing mount options, efivar…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38548

In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size o…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38547

In the Linux kernel, the following vulnerability has been resolved: iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps The AXP717 ADC channel maps is missing…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38546

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38545

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info While transitioning from ne…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38544

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to prea…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38543

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38542

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_create() When updating an existing route entry in atrtr_cre…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38541

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Curre…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38540

In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB I…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38539

In the Linux kernel, the following vulnerability has been resolved: tracing: Add down_write(trace_event_sem) when adding trace event When a module is loaded, it adds trace event…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38538

In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38537

In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38536

In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_p…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38535

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USB_ROLE_DEVICE t…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38534

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix copy-to-cache so that it performs collection with ceph+fscache The netfs copy-to-cache that is use…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38533

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wx_rx_buffer structure contained two DMA address fields: 'dma'…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38532

In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature changes such as toggl…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38531

In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38530

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl812: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is u…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38529

In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt[] = "%p%"; bpf_trace_printk(f…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38527

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leadin…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38526

In the Linux kernel, the following vulnerability has been resolved: ice: add NULL check in eswitch lag check The function ice_lag_is_switchdev_running() is being called from out…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38525

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix irq-disabled in local_bh_enable() The rxrpc_assess_MTU_size() function calls down into the IP laye…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event (such as incoming data), the call get…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38523

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the smbd_response slab to allow usercopy The handling of received data in the smbdirect client code…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38522

In the Linux kernel, the following vulnerability has been resolved: sched/ext: Prevent update_locked_rq() calls with NULL rq Avoid invoking update_locked_rq() when the runqueue…

CVSS: N/A CWE: N/A

Low

CVE-2025-9092

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This v…

CVSS: 1.0 CWE: CWE-400

Unknown

CVE-2025-38521

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pm_runtime_fo…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38520

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Don't call mmput from MMU notifier callback If the process is exiting, the mmput inside mmu notif…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38519

In the Linux kernel, the following vulnerability has been resolved: mm/damon: fix divide by zero in damon_get_intervals_score() The current implementation allows having zero siz…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38518

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disable INVLPGB on Zen2 AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h) has an issue tha…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38517

In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lo…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38516

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no i…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38515

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spsc_queue_push an…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38514

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix oops due to non-existence of prealloc backlog struct If an AF_RXRPC service socket is opened and b…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38513

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointe…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulne…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38511

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and duri…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38510

In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_c…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38509

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not def…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38508

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation When using Secure TSC, the GUEST_TSC_FREQ MSR re…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38507

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using blu…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38506

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a su…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38505

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: discard erroneous disassoc frames on STA interface When operating in concurrent STA/AP mode wi…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38504

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix pp destruction warnings With multiple page pools and in some other cases we can have alloc…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38503

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tre…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38502

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local stor…

CVSS: N/A CWE: N/A

Medium

CVE-2025-8719

The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘base_lang’ parameter in all versions up to, and including, 1.0 d…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8464

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_gue…

CVSS: 5.3 CWE: CWE-23

Medium

CVE-2025-7499

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulne…

CVSS: 5.3 CWE: CWE-862

Critical

CVE-2025-8898

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This…

CVSS: 9.8 CWE: CWE-862

Medium

CVE-2025-8896

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_comm…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8089

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient…

CVSS: 5.4 CWE: CWE-79

Unknown

CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross…

CVSS: N/A CWE: N/A

Unknown

CVE-2025-38501

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the sa…

CVSS: N/A CWE: N/A

Medium

CVE-2025-8293

The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficie…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-7686

The weichuncai(WP伪春菜) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validat…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation o…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7668

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce…

CVSS: 6.1 CWE: CWE-352

High

CVE-2025-7664

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/pre…

CVSS: 7.5 CWE: CWE-862

Medium

CVE-2025-7651

The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.73 due to…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-7649

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and in…

CVSS: 6.4 CWE: CWE-79

Critical

CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief…

CVSS: 9.8 CWE: CWE-434

Medium

CVE-2025-7440

The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-7439

Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']’ parameter in all versions up to, and including,…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-6221

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sa…

CVSS: 6.4 CWE: CWE-79

High

CVE-2025-6080

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to…

CVSS: 8.8 CWE: CWE-269

High

CVE-2025-6079

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all version…

CVSS: 8.8 CWE: CWE-434

High

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This…

CVSS: 8.8 CWE: CWE-22

Medium

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes…

CVSS: 6.6 CWE: CWE-98

High

CVE-2024-12612

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and includ…

CVSS: 7.5 CWE: CWE-89

High

CVE-2025-49895

Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a throu…

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2024-12575

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'a…

CVSS: 5.3 CWE: CWE-200

High

CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the net…

CVSS: 7.1 CWE: CWE-78

High

CVE-2025-55286

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. Thi…

CVSS: 7.3 CWE: CWE-119

Low

CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper acc…

CVSS: 3.1 CWE: CWE-266

Medium

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an u…

CVSS: 5.3 CWE: CWE-346

Medium

CVE-2025-52620

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2025-52619

HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about th…

CVSS: 5.3 CWE: CWE-209

Medium

CVE-2025-52618

HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.

CVSS: 4.3 CWE: CWE-89

Unknown

CVE-2025-43201

This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.

CVSS: N/A CWE: N/A

High

CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This v…

CVSS: 7.5 CWE: CWE-59

Medium

CVE-2025-36088

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitr…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-43490

A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is…

CVSS: 4.8 CWE: CWE-59

Low

CVE-2025-55285

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:templa…

CVSS: 2.6 CWE: CWE-532

Critical

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functi…

CVSS: 9.1 CWE: CWE-20

Medium

CVE-2025-8996

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 befor…

CVSS: 4.3 CWE: CWE-862

Critical

CVE-2025-8995

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.…

CVSS: 9.8 CWE: CWE-288

Medium

CVE-2025-8675

Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.

CVSS: 4.7 CWE: CWE-918

Medium

CVE-2025-8362

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects…

CVSS: 4.3 CWE: CWE-79

High

CVE-2025-8361

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.

CVSS: 7.6 CWE: CWE-962

High

CVE-2025-8092

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issu…

CVSS: 7.6 CWE: CWE-79

Medium

CVE-2025-7961

Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.

CVSS: 6.9 CWE: CWE-94

Medium

CVE-2025-8066

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.

CVSS: 4.8 CWE: CWE-601

Medium

CVE-2025-55207

Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to vers…

CVSS: 5.5 CWE: CWE-601

Medium

CVE-2025-49898

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-49897

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. Thi…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-49432

Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Pl…

CVSS: 5.3 CWE: CWE-862

High

CVE-2025-5048

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to ex…

CVSS: 7.8 CWE: CWE-120

High

CVE-2025-5047

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause…

CVSS: 7.8 CWE: CWE-457

High

CVE-2025-5046

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to…

CVSS: 7.8 CWE: CWE-125

Medium

CVE-2025-55203

Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This fl…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird…

CVSS: 5.3 CWE: CWE-476

Medium

CVE-2025-54466

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 o…

CVSS: 6.3 CWE: CWE-94

High

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connection…

CVSS: 7.1 CWE: CWE-754

High

CVE-2025-9053

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the a…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9052

A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 lead…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9051

A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulatio…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9050

A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.

CVSS: 8.7 CWE: CWE-89

High

CVE-2025-54474

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.

CVSS: 8.5 CWE: CWE-89

Critical

CVE-2025-54473

An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.

CVSS: 9.2 CWE: CWE-434

High

CVE-2025-1929

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazı…

CVSS: 7.2 CWE: CWE-89

High

CVE-2025-9047

A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid l…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9046

A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceLi…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9028

A vulnerability was found in code-projects Online Medicine Guide 1.0. This issue affects some unknown processing of the file /adphar.php. The manipulation of the argument phuname…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-26709

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information…

CVSS: 5.7 CWE: CWE-200

High

CVE-2025-9027

A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument de…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. Th…

CVSS: 7.3 CWE: CWE-77

Medium

CVE-2025-9025

A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-9024

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The man…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9023

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argum…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2025-8905

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is…

CVSS: 6.3 CWE: CWE-94

Medium

CVE-2025-8720

The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insuffici…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due…

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2025-8080

The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient inpu…

CVSS: 4.4 CWE: CWE-79

Critical

CVE-2025-7778

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function i…

CVSS: 9.8 CWE: CWE-285

Medium

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validatio…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7662

The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient e…

CVSS: 6.5 CWE: CWE-89

High

CVE-2025-7650

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.50 via the 'bizcalv' shortcode. This makes it possible f…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-7641

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0…

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2025-7507

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that…

CVSS: 6.4 CWE: CWE-20

Medium

CVE-2025-5844

The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insuff…

CVSS: 6.4 CWE: CWE-79

High

CVE-2025-9022

A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipula…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9021

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-9020

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink…

CVSS: 4.5 CWE: CWE-119

Medium

CVE-2025-8604

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and includin…

CVSS: 6.4 CWE: CWE-79

Low

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-b…

CVSS: 3.1 CWE: CWE-119

Medium

CVE-2025-9017

A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of th…

CVSS: 4.3 CWE: CWE-79

High

CVE-2025-9016

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\C…

CVSS: 7.0 CWE: CWE-426

Medium

CVE-2025-8451

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’…

CVSS: 6.4 CWE: CWE-79

Low

CVE-2025-8013

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function…

CVSS: 3.8 CWE: CWE-918

Critical

CVE-2025-6679

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it p…

CVSS: 9.8 CWE: CWE-434

High

CVE-2025-9013

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulat…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9012

A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9011

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipul…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9010

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_repor…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9009

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation o…

CVSS: 7.3 CWE: CWE-74

Low

CVE-2025-31961

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

CVSS: 3.7 CWE: CWE-1220

High

CVE-2025-9008

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The man…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9007

A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer ov…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9006

A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buf…

CVSS: 8.8 CWE: CWE-119

Low

CVE-2025-9005

A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error mess…

CVSS: 3.7 CWE: CWE-200

Low

CVE-2025-9004

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of…

CVSS: 3.7 CWE: CWE-307

Low

CVE-2025-9003

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manip…

CVSS: 3.5 CWE: CWE-79

High

CVE-2025-9002

A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql i…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the compo…

CVSS: 5.3 CWE: CWE-119

Medium

CVE-2025-8867

The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8680

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request funct…

CVSS: 4.3 CWE: CWE-918

Medium

CVE-2025-8676

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugi…

CVSS: 4.3 CWE: CWE-200

High

CVE-2025-8342

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_…

CVSS: 8.1 CWE: CWE-862

High

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of s…

CVSS: 7.5 CWE: CWE-602

High

CVE-2025-9000

A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulati…

CVSS: 7.0 CWE: CWE-426

High

CVE-2025-8993

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8992

A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack m…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-8991

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Bu…

CVSS: 4.3 CWE: CWE-840

High

CVE-2025-8990

A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search lea…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8989

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8988

A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8987

A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. This affects an unknown part of the file /test-details.php. The manipulation of the argume…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-31987

HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.

CVSS: 4.8 CWE: CWE-405

High

CVE-2025-8986

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8985

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8984

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. Th…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8983

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8982

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. Th…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8981

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8980

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation lea…

CVSS: 6.6 CWE: CWE-345

Medium

CVE-2025-8979

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Han…

CVSS: 6.6 CWE: CWE-345

Medium

CVE-2025-51965

OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed a…

CVSS: 6.1 CWE: CWE-79

Unknown

CVE-2025-50862

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devic…

CVSS: N/A CWE: N/A

Medium

CVE-2025-50861

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or maliciou…

CVSS: 6.5 CWE: CWE-284

Medium

CVE-2025-8978

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of d…

CVSS: 6.6 CWE: CWE-345

Low

CVE-2025-8976

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2025-8975

A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads t…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2025-55716

Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-55714

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects Je…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-55713

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-55712

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-55711

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Ta…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-55710

Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.…

CVSS: 4.3 CWE: CWE-201

Medium

CVE-2025-55709

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-55708

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue a…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-54749

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS. This issue affects JetProduct…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54747

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS. This issue affects Templatera: from…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54746

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode R…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54740

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My B…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54739

Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a t…

CVSS: 5.3 CWE: CWE-862

Medium

CVE-2025-54736

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: fro…

CVSS: 5.3 CWE: CWE-497

Medium

CVE-2025-54732

Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54730

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for…

CVSS: 5.3 CWE: CWE-862

Medium

CVE-2025-54729

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54728

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54727

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. Thi…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54717

Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a…

CVSS: 5.4 CWE: CWE-862

Medium

CVE-2025-54715

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager al…

CVSS: 4.9 CWE: CWE-22

Medium

CVE-2025-54712

Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-54708

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54054

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-53587

Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2025-53582

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a th…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53581

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro:…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-53575

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-53347

Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-53343

Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53342

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS. This issue affects Modernize: from n/…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53341

Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53330

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53249

Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2025-53241

Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9.

CVSS: 5.5 CWE: CWE-918

Medium

CVE-2025-53221

Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53219

Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a th…

CVSS: 5.4 CWE: CWE-352

High

CVE-2025-52797

Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1.

CVSS: 8.2 CWE: CWE-352

Medium

CVE-2025-52771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander:…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-52769

Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery allows Cross Site Request Forgery. This issue affects flexo-social-gallery: from n/a through 1.…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-52767

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics I…

CVSS: 4.3 CWE: CWE-352

High

CVE-2025-52765

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Pl…

CVSS: 7.1 CWE: CWE-352

Low

CVE-2025-8974

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/li…

CVSS: 3.7 CWE: CWE-259

High

CVE-2025-8973

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username le…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8972

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The mani…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.

CVSS: 6.1 CWE: CWE-79

High

CVE-2025-51986

An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a pac…

CVSS: 7.5 CWE: CWE-835

Medium

CVE-2025-21110

Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exp…

CVSS: 6.7 CWE: CWE-250

Medium

CVE-2024-37945

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-43687

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of…

CVSS: 6.5 CWE: CWE-421

Medium

CVE-2025-9043

The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CW…

CVSS: 6.7 CWE: CWE-428

Medium

CVE-2025-9039

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the…

CVSS: 4.3 CWE: CWE-277

High

CVE-2025-8971

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8970

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8969

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.p…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8968

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disappro…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-55195

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus a…

CVSS: 7.3 CWE: CWE-1321

High

CVE-2025-55192

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions wo…

CVSS: 8.6 CWE: CWE-94

Medium

CVE-2025-50817

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automaticall…

CVSS: 5.4 CWE: CWE-77

Medium

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.

CVSS: 6.5 CWE: CWE-77

Medium

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-le…

CVSS: 4.9 CWE: CWE-77

Medium

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report fro…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-20268

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to b…

CVSS: 5.8 CWE: CWE-229

Critical

CVE-2025-20265

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrar…

CVSS: 10.0 CWE: CWE-74

High

CVE-2025-20263

A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could all…

CVSS: 8.6 CWE: CWE-680

Medium

CVE-2025-20254

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD)…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20253

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker…

CVSS: 8.6 CWE: CWE-835

Medium

CVE-2025-20252

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD)…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20251

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software c…

CVSS: 8.5 CWE: CWE-1287

High

CVE-2025-20244

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software c…

CVSS: 7.7 CWE: CWE-1287

High

CVE-2025-20243

A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the de…

CVSS: 8.6 CWE: CWE-835

High

CVE-2025-20239

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secu…

CVSS: 8.6 CWE: CWE-401

Medium

CVE-2025-20238

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local att…

CVSS: 6.0 CWE: CWE-1244

Medium

CVE-2025-20237

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local att…

CVSS: 6.0 CWE: CWE-146

Medium

CVE-2025-20235

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-20225

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secu…

CVSS: 5.8 CWE: CWE-401

Medium

CVE-2025-20224

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD)…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20222

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense…

CVSS: 8.6 CWE: CWE-120

Medium

CVE-2025-20220

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local at…

CVSS: 6.0 CWE: CWE-78

Medium

CVE-2025-20219

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall…

CVSS: 5.3 CWE: CWE-284

Medium

CVE-2025-20218

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive…

CVSS: 4.9 CWE: CWE-643

High

CVE-2025-20217

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remot…

CVSS: 8.6 CWE: CWE-835

High

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary H…

CVSS: 8.5 CWE: CWE-20

High

CVE-2025-20136

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software a…

CVSS: 8.6 CWE: CWE-835

Medium

CVE-2025-20135

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could…

CVSS: 4.3 CWE: CWE-401

High

CVE-2025-20134

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could all…

CVSS: 8.6 CWE: CWE-415

High

CVE-2025-20133

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthentic…

CVSS: 8.6 CWE: CWE-401

High

CVE-2025-20127

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (…

CVSS: 7.7 CWE: CWE-404

High

CVE-2023-43692

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system…

CVSS: 7.5 CWE: CWE-125

Medium

CVE-2023-43683

An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underfl…

CVSS: 6.5 CWE: CWE-121

High

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8966

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manip…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8965

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litem…

CVSS: 6.3 CWE: CWE-284

High

CVE-2025-54867

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the h…

CVSS: 7.0 CWE: CWE-61

Medium

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program dur…

CVSS: 6.2 CWE: CWE-476

Medium

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious…

CVSS: 6.2 CWE: CWE-117

Medium

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScr…

CVSS: 5.3 CWE: CWE-79

Critical

CVE-2025-50518

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the…

CVSS: 9.8 CWE: CWE-416

Medium

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exp…

CVSS: 5.3 CWE: CWE-770

Medium

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVSS: 5.3 CWE: CWE-295

Medium

CVE-2023-43694

An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities…

CVSS: 5.2 CWE: CWE-125

High

CVE-2025-9042

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the…

CVSS: 8.7 CWE: CWE-1287

High

CVE-2025-9041

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the…

CVSS: 8.7 CWE: CWE-1287

Medium

CVE-2025-8964

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation l…

CVSS: 5.3 CWE: CWE-287

Medium

CVE-2025-8962

A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component…

CVSS: 5.3 CWE: CWE-119

High

CVE-2025-8876

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

CVSS: 8.8 CWE: CWE-20

High

CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

CVSS: 7.8 CWE: CWE-502

High

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This b…

CVSS: 8.4 CWE: CWE-286

High

CVE-2025-7971

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; Howev…

CVSS: 7.3 CWE: CWE-20

Critical

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. T…

CVSS: 9.1 CWE: CWE-306

High

CVE-2025-40758

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (M…

CVSS: 8.7 CWE: CWE-347

Medium

CVE-2025-38745

Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privilege…

CVSS: 4.8 CWE: CWE-532

Medium

CVE-2025-38738

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker w…

CVSS: 6.7 CWE: CWE-266

Low

CVE-2025-36613

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low…

CVSS: 2.8 CWE: CWE-266

Medium

CVE-2025-36612

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potential…

CVSS: 6.7 CWE: CWE-266

Medium

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.

CVSS: 4.3 CWE: CWE-269

Medium

CVE-2025-27846

In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.

CVSS: 4.3 CWE: CWE-269

Critical

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions…

CVSS: 9.8 CWE: CWE-200

Medium

CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could po…

CVSS: 5.5 CWE: CWE-611

High

CVE-2025-9036

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted…

CVSS: 8.5 CWE: CWE-200

High

CVE-2025-7973

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe con…

CVSS: 8.5 CWE: CWE-268

High

CVE-2025-7774

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unaut…

CVSS: 8.8 CWE: CWE-306

High

CVE-2025-7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two co…

CVSS: 8.8 CWE: CWE-863

Critical

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB a…

CVSS: 9.3 CWE: CWE-1188

Medium

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about d…

CVSS: 5.3 CWE: CWE-285

Medium

CVE-2025-55674

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circu…

CVSS: 5.3 CWE: CWE-89

Medium

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying que…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2025-55672

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious pay…

CVSS: 5.3 CWE: CWE-80

Critical

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/g…

CVSS: 9.8 CWE: CWE-78

Low

CVE-2025-36581

Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local…

CVSS: 3.8 CWE: CWE-788

High

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenti…

CVSS: 8.8 CWE: CWE-352

High

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can exec…

CVSS: 8.8 CWE: CWE-77

Medium

CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the…

CVSS: 6.3 CWE: CWE-20

Low

CVE-2025-8961

A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption.…

CVSS: 3.3 CWE: CWE-119

High

CVE-2025-8715

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system…

CVSS: 8.8 CWE: CWE-93

High

CVE-2025-8714

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating sys…

CVSS: 8.8 CWE: CWE-829

Low

CVE-2025-8713

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row s…

CVSS: 3.1 CWE: CWE-1230

Medium

CVE-2023-5342

The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.

CVSS: 4.1 CWE: CWE-324

High

CVE-2025-8960

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8958

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The mani…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-8957

A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

Critical

CVE-2025-54707

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a throu…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magi…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54705

Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a thr…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-54704

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Eas…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54703

Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54702

Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013.

CVSS: 4.3 CWE: CWE-352

High

CVE-2025-54701

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This is…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-54700

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This…

CVSS: 8.1 CWE: CWE-98

Medium

CVE-2025-54699

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - L…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54698

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified…

CVSS: 5.4 CWE: CWE-80

High

CVE-2025-54697

Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Emai…

CVSS: 7.2 CWE: CWE-266

Medium

CVE-2025-54696

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54695

Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.

CVSS: 5.4 CWE: CWE-862

Medium

CVE-2025-54694

Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.

CVSS: 4.3 CWE: CWE-352

Critical

CVE-2025-54693

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.…

CVSS: 9.0 CWE: CWE-434

High

CVE-2025-54692

Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooC…

CVSS: 7.5 CWE: CWE-862

Medium

CVE-2025-54691

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motor…

CVSS: 5.3 CWE: CWE-639

High

CVE-2025-54690

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This i…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-54689

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue a…

CVSS: 8.1 CWE: CWE-98

Medium

CVE-2025-54688

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54687

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a…

CVSS: 6.5 CWE: CWE-79

Critical

CVE-2025-54686

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.

CVSS: 9.8 CWE: CWE-502

Medium

CVE-2025-54685

Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through…

CVSS: 6.5 CWE: CWE-201

Medium

CVE-2025-54684

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored X…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54683

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54682

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Grav…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2025-54681

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Grav…

CVSS: 4.7 CWE: CWE-601

Medium

CVE-2025-54680

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buz…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-54679

Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon…

CVSS: 7.5 CWE: CWE-862

Critical

CVE-2025-54678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affec…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2025-54676

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stor…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54675

Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54674

Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for Wo…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2025-54673

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54672

Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54671

Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.

CVSS: 4.3 CWE: CWE-352

Critical

CVE-2025-54669

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a th…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2025-54668

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a thro…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54667

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects m…

CVSS: 5.3 CWE: CWE-367

High

CVE-2025-52823

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfol…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-52820

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This iss…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-52806

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This iss…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-52801

Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.…

CVSS: 7.3 CWE: CWE-862

High

CVE-2025-52800

Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The…

CVSS: 7.3 CWE: CWE-862

High

CVE-2025-52788

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionP…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-52785

Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0…

CVSS: 7.1 CWE: CWE-862

High

CVE-2025-52775

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Projec…

CVSS: 7.1 CWE: CWE-862

High

CVE-2025-52732

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Incl…

CVSS: 8.8 CWE: CWE-98

High

CVE-2025-52731

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Le…

CVSS: 7.5 CWE: CWE-862

Medium

CVE-2025-52730

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allo…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-52728

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin…

CVSS: 7.5 CWE: CWE-98

Medium

CVE-2025-52721

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a th…

CVSS: 6.5 CWE: CWE-862

Critical

CVE-2025-52720

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super…

CVSS: 9.3 CWE: CWE-89

High

CVE-2025-52716

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This…

CVSS: 7.5 CWE: CWE-98

Medium

CVE-2025-52712

Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGri…

CVSS: 4.2 CWE: CWE-35

Medium

CVE-2025-50040

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Stored XSS. This issue affects CF7 Spreadsh…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-50031

Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DB Backup: from n/a…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-50029

Missing Authorization vulnerability in Ashish AI Tools allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Tools: from n/a through 4.0.7.

CVSS: 6.5 CWE: CWE-862

Critical

CVE-2025-49887

Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Prod…

CVSS: 9.9 CWE: CWE-94

High

CVE-2025-49869

Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection. This issue affects Eventin: from n/a through 4.0.31.

CVSS: 8.8 CWE: CWE-502

Medium

CVE-2025-49437

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation allows Stored XSS. This issue affects WP LOL Rotatio…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-49433

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink allows DOM-Based XSS. This issue affects Supermalink: from…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-49271

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags allows PHP Local File Inc…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-49267

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This i…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-49264

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-49065

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Cou…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49064

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User La…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49063

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduX…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49062

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPa…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-49061

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos E…

CVSS: 6.5 CWE: CWE-79

Critical

CVE-2025-49059

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injection. This issue affects CleverR…

CVSS: 9.3 CWE: CWE-89

High

CVE-2025-49058

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS. This issue affects…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49057

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS. This issue affects WP Voting: from n/a…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49056

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS. This issue affects 多说社会化评论框: from n/a th…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49054

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: fro…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-49053

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdr…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-49052

Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a t…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-49051

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode allows Stored XSS. This issue affects Hide Text S…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-49048

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps allows Stor…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-49047

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync allows Stored XSS. This issue affects Digita…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-49044

Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1.

CVSS: 7.1 CWE: CWE-352

High

CVE-2025-49038

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic L…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49037

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer allows Reflected XSS. This…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49036

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer allows PH…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-49033

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects Profile…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-48332

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks allows PHP Local File Inclus…

CVSS: 7.5 CWE: CWE-98

Critical

CVE-2025-48293

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. Th…

CVSS: 9.8 CWE: CWE-98

High

CVE-2025-47689

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Bl…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-47610

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-47536

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection. This issue affects Content Egg: from n/a through 7.0.0.

CVSS: 7.2 CWE: CWE-502

High

CVE-2025-3703

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local Fil…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-39510

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. This issue affects P…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-39483

Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer allows Code Injection. This issue affects Eventer: from n/a through 3.9.6.

CVSS: 6.5 CWE: CWE-94

High

CVE-2025-32288

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions allows PHP Local File Incl…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-31425

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Cap…

CVSS: 7.5 CWE: CWE-862

High

CVE-2025-31007

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affe…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-30998

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links P…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-30993

Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security…

CVSS: 6.5 CWE: CWE-862

High

CVE-2025-30639

Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a thr…

CVSS: 7.5 CWE: CWE-862

High

CVE-2025-30635

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. T…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-30626

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allow…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-29014

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a t…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-28999

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-28987

Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1.

CVSS: 6.4 CWE: CWE-918

High

CVE-2025-28979

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This i…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-28975

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-28962

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ad…

CVSS: 6.5 CWE: CWE-862

Critical

CVE-2025-25174

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inc…

CVSS: 10.0 CWE: CWE-98

High

CVE-2025-25172

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This is…

CVSS: 8.1 CWE: CWE-98

Critical

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms: from n/a through 2.9.0.

CVSS: 9.9 CWE: CWE-434

High

CVE-2025-24766

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Incl…

CVSS: 7.5 CWE: CWE-98

Medium

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to c…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-8955

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the ar…

CVSS: 7.3 CWE: CWE-74

Critical

CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and autho…

CVSS: 9.8 CWE: N/A

Critical

CVE-2025-8047

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an…

CVSS: 9.8 CWE: N/A

Medium

CVE-2025-7761

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed o…

CVSS: 5.1 CWE: CWE-79

Critical

CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the ho…

CVSS: 9.8 CWE: CWE-94

High

CVE-2025-8954

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8953

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8952

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=l…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater r…

CVSS: 6.5 CWE: N/A

High

CVE-2025-54472

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In t…

CVSS: 7.5 CWE: CWE-190

High

CVE-2025-48862

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the p…

CVSS: 7.1 CWE: CWE-311

Medium

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including pote…

CVSS: 5.3 CWE: CWE-284

High

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a…

CVSS: 8.0 CWE: CWE-284

High

CVE-2025-8951

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8950

A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacan…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.

CVSS: 8.3 CWE: CWE-20

High

CVE-2025-8949

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The m…

CVSS: 7.2 CWE: CWE-119

High

CVE-2025-8948

A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads t…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8947

A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8946

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8940

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation o…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-8939

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cr…

CVSS: 6.1 CWE: N/A

Medium

CVE-2025-7808

The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which coul…

CVSS: 6.1 CWE: N/A

Medium

CVE-2025-6790

The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admi…

CVSS: 4.3 CWE: N/A

Medium

CVE-2025-3414

The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the bl…

CVSS: 5.4 CWE: N/A

Medium

CVE-2025-8938

A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipul…

CVSS: 6.3 CWE: CWE-912

Medium

CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injecti…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-5942

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow i…

CVSS: 5.7 CWE: CWE-122

Low

CVE-2025-5941

Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successf…

CVSS: 2.0 CWE: CWE-125

Medium

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope…

CVSS: 6.0 CWE: CWE-295

High

CVE-2024-7402

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Ma…

CVSS: 7.0 CWE: CWE-354

High

CVE-2025-8935

A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipul…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8934

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 le…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2025-8933

A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation o…

CVSS: 4.3 CWE: CWE-79

High

CVE-2025-8932

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of t…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argum…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2025-8930

A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update C…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2025-55199

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available me…

CVSS: 6.5 CWE: CWE-770

Medium

CVE-2025-55198

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a pani…

CVSS: 6.5 CWE: CWE-908

High

CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the…

CVSS: 7.5 CWE: CWE-400

High

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where t…

CVSS: 7.1 CWE: CWE-284

Medium

CVE-2025-55194

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading fil…

CVSS: 5.7 CWE: CWE-248

Low

CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escap…

CVSS: 2.7 CWE: CWE-150

Medium

CVE-2025-8929

A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the ar…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2025-8928

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicine…

CVSS: 6.3 CWE: CWE-74

Critical

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which…

CVSS: 9.2 CWE: CWE-22

Critical

CVE-2012-10060

Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication,…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2012-10059

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sani…

CVSS: 9.4 CWE: CWE-78

Critical

CVE-2012-10058

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this…

CVSS: 10.0 CWE: CWE-121

High

CVE-2012-10057

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag…

CVSS: 8.4 CWE: CWE-121

High

CVE-2012-10056

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/docum…

CVSS: 8.7 CWE: CWE-434

Critical

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format speci…

CVSS: 9.3 CWE: CWE-134

Critical

CVE-2012-10054

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that…

CVSS: 9.3 CWE: CWE-22

Critical

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via t…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payl…

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2011-10017

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed…

CVSS: 10.0 CWE: CWE-78

Critical

CVE-2011-10016

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2011-10015

Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copie…

CVSS: 9.3 CWE: CWE-121

High

CVE-2011-10014

GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulne…

CVSS: 8.7 CWE: CWE-121

Critical

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed…

CVSS: 10.0 CWE: CWE-94

High

CVE-2011-10012

NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a s…

CVSS: 8.4 CWE: CWE-121

Critical

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into incl…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit thi…

CVSS: 9.4 CWE: CWE-22

High

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and…

CVSS: 8.7 CWE: CWE-22

Low

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Han…

CVSS: 3.7 CWE: CWE-307

High

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipula…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-43988

KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin cr…

CVSS: 7.5 CWE: CWE-200

Critical

CVE-2025-43986

An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.

CVSS: 9.8 CWE: CWE-200

Critical

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.

CVSS: 9.8 CWE: CWE-798

High

CVE-2025-8925

A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code le…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8924

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8923

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8922

A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-45313

A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a c…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter…

CVSS: 6.5 CWE: CWE-78

High

CVE-2025-8921

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument j…

CVSS: 7.3 CWE: CWE-74

Low

CVE-2025-8920

A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicio…

CVSS: 2.4 CWE: CWE-79

Low

CVE-2025-8919

A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page…

CVSS: 2.4 CWE: CWE-79

Critical

CVE-2025-8904

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account…

CVSS: 9.0 CWE: CWE-257

Medium

CVE-2025-8770

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated us…

CVSS: 6.5 CWE: CWE-639

High

CVE-2025-8754

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.

CVSS: 7.5 CWE: CWE-306

High

CVE-2025-7739

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve store…

CVSS: 8.7 CWE: CWE-79

High

CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have a…

CVSS: 8.7 CWE: CWE-79

High

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account…

CVSS: 8.7 CWE: CWE-79

Medium

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated user…

CVSS: 5.0 CWE: CWE-732

Medium

CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.

CVSS: 6.5 CWE: CWE-78

High

CVE-2025-50617

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-122

High

CVE-2025-50616

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50615

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-400

Medium

CVE-2025-45317

A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.

CVSS: 6.5 CWE: CWE-77

Medium

CVE-2025-45316

A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a cra…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-45315

A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-45314

A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-2937

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users…

CVSS: 6.5 CWE: CWE-1333

Medium

CVE-2025-2614

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated us…

CVSS: 6.5 CWE: CWE-770

Low

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have a…

CVSS: 3.1 CWE: CWE-1220

High

CVE-2025-23306

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23305

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerabil…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously…

CVSS: 7.8 CWE: CWE-22

High

CVE-2025-23303

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of thi…

CVSS: 7.8 CWE: CWE-502

High

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of thi…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23296

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerabilit…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful explo…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability m…

CVSS: 7.8 CWE: CWE-78

Medium

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated…

CVSS: 6.5 CWE: CWE-770

High

CVE-2024-5477

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of serv…

CVSS: 7.3 CWE: CWE-1256

Medium

CVE-2024-12303

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have al…

CVSS: 6.7 CWE: CWE-266

Medium

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have al…

CVSS: 6.5 CWE: CWE-863

Critical

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVSS: 9.8 CWE: CWE-287

Critical

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to re…

CVSS: 9.8 CWE: CWE-640

Critical

CVE-2025-34153

Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remotin…

CVSS: 10.0 CWE: CWE-502

Medium

CVE-2025-2184

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users know…

CVSS: 5.3 CWE: CWE-1392

Medium

CVE-2025-2183

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable…

CVSS: 5.3 CWE: CWE-295

Medium

CVE-2025-2182

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is o…

CVSS: 5.6 CWE: CWE-312

Medium

CVE-2025-2181

A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's outpu…

CVSS: 5.9 CWE: CWE-312

Medium

CVE-2025-2180

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scann…

CVSS: 4.8 CWE: CWE-502

Low

CVE-2025-8918

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Pa…

CVSS: 2.4 CWE: CWE-79

Critical

CVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVSS: 9.8 CWE: CWE-288

High

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability b…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50613

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50612

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability b…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50611

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High Risk CVEs

Critical

CVE-2025-31715

In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privilege…

CVSS: 9.8 CWE: N/A

Critical

CVE-2025-8898

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This…

CVSS: 9.8 CWE: CWE-862

Critical

CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief…

CVSS: 9.8 CWE: CWE-434

Critical

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functi…

CVSS: 9.1 CWE: CWE-20

Critical

CVE-2025-8995

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.…

CVSS: 9.8 CWE: CWE-288

Critical

CVE-2025-54473

An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.

CVSS: 9.2 CWE: CWE-434

Critical

CVE-2025-7778

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function i…

CVSS: 9.8 CWE: CWE-285

Critical

CVE-2025-6679

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it p…

CVSS: 9.8 CWE: CWE-434

Critical

CVE-2025-20265

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrar…

CVSS: 10.0 CWE: CWE-74

Critical

CVE-2025-50518

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the…

CVSS: 9.8 CWE: CWE-416

Critical

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. T…

CVSS: 9.1 CWE: CWE-306

Critical

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions…

CVSS: 9.8 CWE: CWE-200

Critical

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB a…

CVSS: 9.3 CWE: CWE-1188

Critical

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/g…

CVSS: 9.8 CWE: CWE-78

Critical

CVE-2025-54707

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a throu…

CVSS: 9.3 CWE: CWE-89

Critical

CVE-2025-54693

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.…

CVSS: 9.0 CWE: CWE-434

Critical

CVE-2025-54686

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.

CVSS: 9.8 CWE: CWE-502

Critical

CVE-2025-54678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affec…

CVSS: 9.3 CWE: CWE-89

Critical

CVE-2025-54669

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a th…

CVSS: 9.3 CWE: CWE-89

Critical

CVE-2025-52720

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super…

CVSS: 9.3 CWE: CWE-89

Critical

CVE-2025-49887

Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Prod…

CVSS: 9.9 CWE: CWE-94

Critical

CVE-2025-49059

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injection. This issue affects CleverR…

CVSS: 9.3 CWE: CWE-89

Critical

CVE-2025-48293

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. Th…

CVSS: 9.8 CWE: CWE-98

Critical

CVE-2025-25174

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inc…

CVSS: 10.0 CWE: CWE-98

Critical

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms: from n/a through 2.9.0.

CVSS: 9.9 CWE: CWE-434

Critical

CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and autho…

CVSS: 9.8 CWE: N/A

Critical

CVE-2025-8047

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an…

CVSS: 9.8 CWE: N/A

Critical

CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the ho…

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which…

CVSS: 9.2 CWE: CWE-22

Critical

CVE-2012-10060

Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication,…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2012-10059

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sani…

CVSS: 9.4 CWE: CWE-78

Critical

CVE-2012-10058

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this…

CVSS: 10.0 CWE: CWE-121

Critical

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format speci…

CVSS: 9.3 CWE: CWE-134

Critical

CVE-2012-10054

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that…

CVSS: 9.3 CWE: CWE-22

Critical

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via t…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payl…

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2011-10017

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed…

CVSS: 10.0 CWE: CWE-78

Critical

CVE-2011-10016

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2011-10015

Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copie…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into incl…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit thi…

CVSS: 9.4 CWE: CWE-22

Critical

CVE-2025-43986

An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.

CVSS: 9.8 CWE: CWE-200

Critical

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.

CVSS: 9.8 CWE: CWE-798

Critical

CVE-2025-8904

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account…

CVSS: 9.0 CWE: CWE-257

Critical

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVSS: 9.8 CWE: CWE-287

Critical

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to re…

CVSS: 9.8 CWE: CWE-640

Critical

CVE-2025-34153

Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remotin…

CVSS: 10.0 CWE: CWE-502

Critical

CVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVSS: 9.8 CWE: CWE-288

Recently Updated

2025-08-17

Low

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to har…

CVSS: 2.5 CWE: CWE-259

Medium

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation lead…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-9089

A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads…

CVSS: 8.8 CWE: CWE-119

2025-08-16

High

CVE-2025-9088

A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the ar…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9087

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoi…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2025-8878

The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary short…

CVSS: 6.5 CWE: CWE-94

Medium

CVE-2025-8143

The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient…

CVSS: 6.4 CWE: CWE-79

High

CVE-2025-8142

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for aut…

CVSS: 8.8 CWE: CWE-98

High

CVE-2025-8105

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execu…

CVSS: 7.3 CWE: CWE-94

Low

CVE-2025-9092

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This v…

CVSS: 1.0 CWE: CWE-400

Medium

CVE-2025-8719

The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘base_lang’ parameter in all versions up to, and including, 1.0 d…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8464

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_gue…

CVSS: 5.3 CWE: CWE-23

Medium

CVE-2025-7499

The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulne…

CVSS: 5.3 CWE: CWE-862

Critical

CVE-2025-8898

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This…

CVSS: 9.8 CWE: CWE-862

Medium

CVE-2025-8896

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_comm…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8089

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-8293

The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficie…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-7686

The weichuncai(WP伪春菜) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validat…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation o…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7668

The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce…

CVSS: 6.1 CWE: CWE-352

High

CVE-2025-7664

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/pre…

CVSS: 7.5 CWE: CWE-862

Medium

CVE-2025-7651

The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.73 due to…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-7649

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and in…

CVSS: 6.4 CWE: CWE-79

Critical

CVE-2025-7441

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief…

CVSS: 9.8 CWE: CWE-434

Medium

CVE-2025-7440

The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-7439

Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']’ parameter in all versions up to, and including,…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-6221

The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sa…

CVSS: 6.4 CWE: CWE-79

High

CVE-2025-6080

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to…

CVSS: 8.8 CWE: CWE-269

High

CVE-2025-6079

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all version…

CVSS: 8.8 CWE: CWE-434

High

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This…

CVSS: 8.8 CWE: CWE-22

Medium

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes…

CVSS: 6.6 CWE: CWE-98

High

CVE-2024-12612

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and includ…

CVSS: 7.5 CWE: CWE-89

High

CVE-2025-49895

Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a throu…

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2024-12575

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'a…

CVSS: 5.3 CWE: CWE-200

High

CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the net…

CVSS: 7.1 CWE: CWE-78

High

CVE-2025-55286

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. Thi…

CVSS: 7.3 CWE: CWE-119

Low

CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper acc…

CVSS: 3.1 CWE: CWE-266

2025-08-15

Medium

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an u…

CVSS: 5.3 CWE: CWE-346

Medium

CVE-2025-52620

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2025-52619

HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about th…

CVSS: 5.3 CWE: CWE-209

Medium

CVE-2025-52618

HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.

CVSS: 4.3 CWE: CWE-89

High

CVE-2025-8959

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This v…

CVSS: 7.5 CWE: CWE-59

Medium

CVE-2025-36088

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitr…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-43490

A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is…

CVSS: 4.8 CWE: CWE-59

Low

CVE-2025-55285

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:templa…

CVSS: 2.6 CWE: CWE-532

Critical

CVE-2025-9060

A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functi…

CVSS: 9.1 CWE: CWE-20

Medium

CVE-2025-8996

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 befor…

CVSS: 4.3 CWE: CWE-862

Critical

CVE-2025-8995

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.…

CVSS: 9.8 CWE: CWE-288

Medium

CVE-2025-8675

Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.

CVSS: 4.7 CWE: CWE-918

Medium

CVE-2025-8362

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects…

CVSS: 4.3 CWE: CWE-79

High

CVE-2025-8092

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issu…

CVSS: 7.6 CWE: CWE-79

Medium

CVE-2025-7961

Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.

CVSS: 6.9 CWE: CWE-94

Medium

CVE-2025-8066

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.

CVSS: 4.8 CWE: CWE-601

Medium

CVE-2025-55207

Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to vers…

CVSS: 5.5 CWE: CWE-601

Medium

CVE-2025-49898

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-49897

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. Thi…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-49432

Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Pl…

CVSS: 5.3 CWE: CWE-862

High

CVE-2025-5048

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to ex…

CVSS: 7.8 CWE: CWE-120

High

CVE-2025-5047

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause…

CVSS: 7.8 CWE: CWE-457

High

CVE-2025-5046

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to…

CVSS: 7.8 CWE: CWE-125

Medium

CVE-2025-55203

Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This fl…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird…

CVSS: 5.3 CWE: CWE-476

Medium

CVE-2025-54466

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 o…

CVSS: 6.3 CWE: CWE-94

High

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connection…

CVSS: 7.1 CWE: CWE-754

High

CVE-2025-9053

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the a…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9052

A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 lead…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9051

A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulatio…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9050

A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.

CVSS: 8.7 CWE: CWE-89

High

CVE-2025-54474

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.

CVSS: 8.5 CWE: CWE-89

Critical

CVE-2025-54473

An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.

CVSS: 9.2 CWE: CWE-434

High

CVE-2025-1929

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazı…

CVSS: 7.2 CWE: CWE-89

High

CVE-2025-9047

A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid l…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9046

A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceLi…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9028

A vulnerability was found in code-projects Online Medicine Guide 1.0. This issue affects some unknown processing of the file /adphar.php. The manipulation of the argument phuname…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-26709

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information…

CVSS: 5.7 CWE: CWE-200

High

CVE-2025-9027

A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument de…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. Th…

CVSS: 7.3 CWE: CWE-77

Medium

CVE-2025-9025

A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-9024

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The man…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9023

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argum…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2025-8905

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is…

CVSS: 6.3 CWE: CWE-94

Medium

CVE-2025-8720

The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insuffici…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due…

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2025-8080

The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient inpu…

CVSS: 4.4 CWE: CWE-79

Critical

CVE-2025-7778

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function i…

CVSS: 9.8 CWE: CWE-285

Medium

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validatio…

CVSS: 6.1 CWE: CWE-352

Medium

CVE-2025-7662

The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient e…

CVSS: 6.5 CWE: CWE-89

High

CVE-2025-7650

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.50 via the 'bizcalv' shortcode. This makes it possible f…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-7641

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0…

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2025-7507

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that…

CVSS: 6.4 CWE: CWE-20

Medium

CVE-2025-5844

The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insuff…

CVSS: 6.4 CWE: CWE-79

High

CVE-2025-9022

A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipula…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9021

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-9020

A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink…

CVSS: 4.5 CWE: CWE-119

Medium

CVE-2025-8604

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and includin…

CVSS: 6.4 CWE: CWE-79

Low

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-b…

CVSS: 3.1 CWE: CWE-119

Medium

CVE-2025-9017

A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of th…

CVSS: 4.3 CWE: CWE-79

High

CVE-2025-9016

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\C…

CVSS: 7.0 CWE: CWE-426

Medium

CVE-2025-8451

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’…

CVSS: 6.4 CWE: CWE-79

Low

CVE-2025-8013

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function…

CVSS: 3.8 CWE: CWE-918

Critical

CVE-2025-6679

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it p…

CVSS: 9.8 CWE: CWE-434

High

CVE-2025-9013

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulat…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9012

A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9011

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipul…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9010

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_repor…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9009

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation o…

CVSS: 7.3 CWE: CWE-74

Low

CVE-2025-31961

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

CVSS: 3.7 CWE: CWE-1220

High

CVE-2025-9008

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The man…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-9007

A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer ov…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-9006

A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buf…

CVSS: 8.8 CWE: CWE-119

Low

CVE-2025-9005

A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error mess…

CVSS: 3.7 CWE: CWE-200

Low

CVE-2025-9004

A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of…

CVSS: 3.7 CWE: CWE-307

Low

CVE-2025-9003

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manip…

CVSS: 3.5 CWE: CWE-79

High

CVE-2025-9002

A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql i…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the compo…

CVSS: 5.3 CWE: CWE-119

Medium

CVE-2025-8867

The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2025-8680

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request funct…

CVSS: 4.3 CWE: CWE-918

Medium

CVE-2025-8676

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugi…

CVSS: 4.3 CWE: CWE-200

High

CVE-2025-8342

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_…

CVSS: 8.1 CWE: CWE-862

High

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of s…

CVSS: 7.5 CWE: CWE-602

High

CVE-2025-9000

A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulati…

CVSS: 7.0 CWE: CWE-426

High

CVE-2025-8993

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8992

A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack m…

CVSS: 4.3 CWE: CWE-352

High

CVE-2025-8990

A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search lea…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8989

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation…

CVSS: 7.3 CWE: CWE-74

2025-08-14

High

CVE-2025-8988

A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8987

A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. This affects an unknown part of the file /test-details.php. The manipulation of the argume…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-31987

HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.

CVSS: 4.8 CWE: CWE-405

High

CVE-2025-8986

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8985

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8984

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. Th…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8983

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8982

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. Th…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8981

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8980

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation lea…

CVSS: 6.6 CWE: CWE-345

Medium

CVE-2025-8979

A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Han…

CVSS: 6.6 CWE: CWE-345

Medium

CVE-2025-51965

OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed a…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-50861

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or maliciou…

CVSS: 6.5 CWE: CWE-284

Medium

CVE-2025-8978

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of d…

CVSS: 6.6 CWE: CWE-345

Low

CVE-2025-8976

A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2025-8975

A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads t…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2025-55716

Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-55714

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects Je…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-55713

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-55712

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-55711

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Ta…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-55710

Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.…

CVSS: 4.3 CWE: CWE-201

Medium

CVE-2025-55709

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-55708

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue a…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-54749

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS. This issue affects JetProduct…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54747

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS. This issue affects Templatera: from…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54746

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode R…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54740

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My B…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54739

Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a t…

CVSS: 5.3 CWE: CWE-862

Medium

CVE-2025-54736

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: fro…

CVSS: 5.3 CWE: CWE-497

Medium

CVE-2025-54732

Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54730

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for…

CVSS: 5.3 CWE: CWE-862

Medium

CVE-2025-54729

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54728

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54727

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. Thi…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54717

Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a…

CVSS: 5.4 CWE: CWE-862

Medium

CVE-2025-54715

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager al…

CVSS: 4.9 CWE: CWE-22

Medium

CVE-2025-54712

Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-54708

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54054

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-53587

Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2025-53582

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a th…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53581

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro:…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-53575

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-53347

Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-53343

Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53342

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS. This issue affects Modernize: from n/…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53341

Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53330

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-53249

Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2025-53241

Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9.

CVSS: 5.5 CWE: CWE-918

Medium

CVE-2025-53221

Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-53219

Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a th…

CVSS: 5.4 CWE: CWE-352

High

CVE-2025-52797

Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1.

CVSS: 8.2 CWE: CWE-352

Medium

CVE-2025-52771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander:…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-52769

Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery allows Cross Site Request Forgery. This issue affects flexo-social-gallery: from n/a through 1.…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-52767

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics I…

CVSS: 4.3 CWE: CWE-352

High

CVE-2025-52765

Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Pl…

CVSS: 7.1 CWE: CWE-352

Low

CVE-2025-8974

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/li…

CVSS: 3.7 CWE: CWE-259

High

CVE-2025-8973

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username le…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8972

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The mani…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.

CVSS: 6.1 CWE: CWE-79

High

CVE-2025-51986

An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a pac…

CVSS: 7.5 CWE: CWE-835

Medium

CVE-2025-21110

Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exp…

CVSS: 6.7 CWE: CWE-250

Medium

CVE-2024-37945

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-43687

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of…

CVSS: 6.5 CWE: CWE-421

Medium

CVE-2025-9043

The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CW…

CVSS: 6.7 CWE: CWE-428

Medium

CVE-2025-9039

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the…

CVSS: 4.3 CWE: CWE-277

High

CVE-2025-8971

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8970

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8969

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.p…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8968

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disappro…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-55195

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus a…

CVSS: 7.3 CWE: CWE-1321

High

CVE-2025-55192

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions wo…

CVSS: 8.6 CWE: CWE-94

Medium

CVE-2025-50817

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automaticall…

CVSS: 5.4 CWE: CWE-77

Medium

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.

CVSS: 6.5 CWE: CWE-77

Medium

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-le…

CVSS: 4.9 CWE: CWE-77

Medium

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report fro…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-20268

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to b…

CVSS: 5.8 CWE: CWE-229

Critical

CVE-2025-20265

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrar…

CVSS: 10.0 CWE: CWE-74

High

CVE-2025-20263

A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could all…

CVSS: 8.6 CWE: CWE-680

Medium

CVE-2025-20254

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD)…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20253

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker…

CVSS: 8.6 CWE: CWE-835

Medium

CVE-2025-20252

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD)…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20251

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software c…

CVSS: 8.5 CWE: CWE-1287

High

CVE-2025-20244

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software c…

CVSS: 7.7 CWE: CWE-1287

High

CVE-2025-20243

A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the de…

CVSS: 8.6 CWE: CWE-835

High

CVE-2025-20239

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secu…

CVSS: 8.6 CWE: CWE-401

Medium

CVE-2025-20238

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local att…

CVSS: 6.0 CWE: CWE-1244

Medium

CVE-2025-20237

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local att…

CVSS: 6.0 CWE: CWE-146

Medium

CVE-2025-20235

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-20225

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secu…

CVSS: 5.8 CWE: CWE-401

Medium

CVE-2025-20224

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD)…

CVSS: 5.8 CWE: CWE-401

High

CVE-2025-20222

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense…

CVSS: 8.6 CWE: CWE-120

Medium

CVE-2025-20220

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local at…

CVSS: 6.0 CWE: CWE-78

Medium

CVE-2025-20219

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall…

CVSS: 5.3 CWE: CWE-284

Medium

CVE-2025-20218

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive…

CVSS: 4.9 CWE: CWE-643

High

CVE-2025-20217

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remot…

CVSS: 8.6 CWE: CWE-835

High

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary H…

CVSS: 8.5 CWE: CWE-20

High

CVE-2025-20136

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software a…

CVSS: 8.6 CWE: CWE-835

Medium

CVE-2025-20135

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could…

CVSS: 4.3 CWE: CWE-401

High

CVE-2025-20134

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could all…

CVSS: 8.6 CWE: CWE-415

High

CVE-2025-20133

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthentic…

CVSS: 8.6 CWE: CWE-401

High

CVE-2025-20127

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (…

CVSS: 7.7 CWE: CWE-404

High

CVE-2023-43692

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system…

CVSS: 7.5 CWE: CWE-125

Medium

CVE-2023-43683

An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underfl…

CVSS: 6.5 CWE: CWE-121

High

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8966

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manip…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8965

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litem…

CVSS: 6.3 CWE: CWE-284

High

CVE-2025-54867

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the h…

CVSS: 7.0 CWE: CWE-61

Medium

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program dur…

CVSS: 6.2 CWE: CWE-476

Medium

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious…

CVSS: 6.2 CWE: CWE-117

Medium

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScr…

CVSS: 5.3 CWE: CWE-79

Critical

CVE-2025-50518

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the…

CVSS: 9.8 CWE: CWE-416

Medium

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exp…

CVSS: 5.3 CWE: CWE-770

Medium

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVSS: 5.3 CWE: CWE-295

Medium

CVE-2023-43694

An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities…

CVSS: 5.2 CWE: CWE-125

High

CVE-2025-9042

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the…

CVSS: 8.7 CWE: CWE-1287

High

CVE-2025-9041

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the…

CVSS: 8.7 CWE: CWE-1287

Medium

CVE-2025-8964

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation l…

CVSS: 5.3 CWE: CWE-287

Medium

CVE-2025-8962

A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component…

CVSS: 5.3 CWE: CWE-119

High

CVE-2025-8876

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

CVSS: 8.8 CWE: CWE-20

High

CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

CVSS: 7.8 CWE: CWE-502

High

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This b…

CVSS: 8.4 CWE: CWE-286

High

CVE-2025-7971

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; Howev…

CVSS: 7.3 CWE: CWE-20

Critical

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. T…

CVSS: 9.1 CWE: CWE-306

High

CVE-2025-40758

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (M…

CVSS: 8.7 CWE: CWE-347

Medium

CVE-2025-38745

Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privilege…

CVSS: 4.8 CWE: CWE-532

Medium

CVE-2025-38738

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker w…

CVSS: 6.7 CWE: CWE-266

Low

CVE-2025-36613

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low…

CVSS: 2.8 CWE: CWE-266

Medium

CVE-2025-36612

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potential…

CVSS: 6.7 CWE: CWE-266

Medium

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.

CVSS: 4.3 CWE: CWE-269

Medium

CVE-2025-27846

In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.

CVSS: 4.3 CWE: CWE-269

Critical

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions…

CVSS: 9.8 CWE: CWE-200

Medium

CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could po…

CVSS: 5.5 CWE: CWE-611

High

CVE-2025-9036

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted…

CVSS: 8.5 CWE: CWE-200

High

CVE-2025-7973

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe con…

CVSS: 8.5 CWE: CWE-268

High

CVE-2025-7774

A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unaut…

CVSS: 8.8 CWE: CWE-306

High

CVE-2025-7773

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two co…

CVSS: 8.8 CWE: CWE-863

Critical

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB a…

CVSS: 9.3 CWE: CWE-1188

Medium

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about d…

CVSS: 5.3 CWE: CWE-285

Medium

CVE-2025-55674

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circu…

CVSS: 5.3 CWE: CWE-89

Medium

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying que…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2025-55672

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious pay…

CVSS: 5.3 CWE: CWE-80

Critical

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/g…

CVSS: 9.8 CWE: CWE-78

Low

CVE-2025-36581

Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local…

CVSS: 3.8 CWE: CWE-788

High

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenti…

CVSS: 8.8 CWE: CWE-352

High

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can exec…

CVSS: 8.8 CWE: CWE-77

Medium

CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the…

CVSS: 6.3 CWE: CWE-20

Low

CVE-2025-8961

A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption.…

CVSS: 3.3 CWE: CWE-119

High

CVE-2025-8715

Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system…

CVSS: 8.8 CWE: CWE-93

High

CVE-2025-8714

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating sys…

CVSS: 8.8 CWE: CWE-829

Low

CVE-2025-8713

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row s…

CVSS: 3.1 CWE: CWE-1230

Medium

CVE-2023-5342

The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.

CVSS: 4.1 CWE: CWE-324

High

CVE-2025-8960

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8958

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The mani…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-8957

A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

Critical

CVE-2025-54707

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a throu…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magi…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54705

Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a thr…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-54704

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Eas…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54703

Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54702

Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013.

CVSS: 4.3 CWE: CWE-352

High

CVE-2025-54701

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This is…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-54700

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This…

CVSS: 8.1 CWE: CWE-98

Medium

CVE-2025-54699

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - L…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54698

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified…

CVSS: 5.4 CWE: CWE-80

High

CVE-2025-54697

Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Emai…

CVSS: 7.2 CWE: CWE-266

Medium

CVE-2025-54696

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54695

Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.

CVSS: 5.4 CWE: CWE-862

Medium

CVE-2025-54694

Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.

CVSS: 4.3 CWE: CWE-352

Critical

CVE-2025-54693

Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.…

CVSS: 9.0 CWE: CWE-434

High

CVE-2025-54692

Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooC…

CVSS: 7.5 CWE: CWE-862

Medium

CVE-2025-54691

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motor…

CVSS: 5.3 CWE: CWE-639

High

CVE-2025-54690

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This i…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-54689

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue a…

CVSS: 8.1 CWE: CWE-98

Medium

CVE-2025-54688

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54687

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a…

CVSS: 6.5 CWE: CWE-79

Critical

CVE-2025-54686

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.

CVSS: 9.8 CWE: CWE-502

Medium

CVE-2025-54685

Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through…

CVSS: 6.5 CWE: CWE-201

Medium

CVE-2025-54684

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored X…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54683

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-54682

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Grav…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2025-54681

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Grav…

CVSS: 4.7 CWE: CWE-601

Medium

CVE-2025-54680

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buz…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-54679

Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon…

CVSS: 7.5 CWE: CWE-862

Critical

CVE-2025-54678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affec…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2025-54676

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stor…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54675

Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54674

Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for Wo…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2025-54673

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54672

Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-54671

Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.

CVSS: 4.3 CWE: CWE-352

Critical

CVE-2025-54669

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a th…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2025-54668

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a thro…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-54667

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects m…

CVSS: 5.3 CWE: CWE-367

High

CVE-2025-52823

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfol…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-52820

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This iss…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-52806

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This iss…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-52801

Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.…

CVSS: 7.3 CWE: CWE-862

High

CVE-2025-52800

Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The…

CVSS: 7.3 CWE: CWE-862

High

CVE-2025-52788

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionP…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-52785

Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0…

CVSS: 7.1 CWE: CWE-862

High

CVE-2025-52775

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Projec…

CVSS: 7.1 CWE: CWE-862

High

CVE-2025-52732

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Incl…

CVSS: 8.8 CWE: CWE-98

High

CVE-2025-52731

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Le…

CVSS: 7.5 CWE: CWE-862

Medium

CVE-2025-52730

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allo…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-52728

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin…

CVSS: 7.5 CWE: CWE-98

Medium

CVE-2025-52721

Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a th…

CVSS: 6.5 CWE: CWE-862

Critical

CVE-2025-52720

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super…

CVSS: 9.3 CWE: CWE-89

High

CVE-2025-52716

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This…

CVSS: 7.5 CWE: CWE-98

Medium

CVE-2025-52712

Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGri…

CVSS: 4.2 CWE: CWE-35

Medium

CVE-2025-50040

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Stored XSS. This issue affects CF7 Spreadsh…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-50031

Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DB Backup: from n/a…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2025-50029

Missing Authorization vulnerability in Ashish AI Tools allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Tools: from n/a through 4.0.7.

CVSS: 6.5 CWE: CWE-862

Critical

CVE-2025-49887

Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Prod…

CVSS: 9.9 CWE: CWE-94

High

CVE-2025-49869

Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection. This issue affects Eventin: from n/a through 4.0.31.

CVSS: 8.8 CWE: CWE-502

Medium

CVE-2025-49437

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation allows Stored XSS. This issue affects WP LOL Rotatio…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-49433

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink allows DOM-Based XSS. This issue affects Supermalink: from…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-49271

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags allows PHP Local File Inc…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-49267

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This i…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-49264

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-49065

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Cou…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49064

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User La…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49063

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduX…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49062

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPa…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-49061

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos E…

CVSS: 6.5 CWE: CWE-79

Critical

CVE-2025-49059

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injection. This issue affects CleverR…

CVSS: 9.3 CWE: CWE-89

High

CVE-2025-49058

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS. This issue affects…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49057

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS. This issue affects WP Voting: from n/a…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49056

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS. This issue affects 多说社会化评论框: from n/a th…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49054

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: fro…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-49053

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdr…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-49052

Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a t…

CVSS: 4.3 CWE: CWE-862

Medium

CVE-2025-49051

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode allows Stored XSS. This issue affects Hide Text S…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2025-49048

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps allows Stor…

CVSS: 5.9 CWE: CWE-79

Medium

CVE-2025-49047

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync allows Stored XSS. This issue affects Digita…

CVSS: 5.9 CWE: CWE-79

High

CVE-2025-49044

Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1.

CVSS: 7.1 CWE: CWE-352

High

CVE-2025-49038

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic L…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49037

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer allows Reflected XSS. This…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-49036

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer allows PH…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-49033

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects Profile…

CVSS: 8.5 CWE: CWE-89

High

CVE-2025-48332

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks allows PHP Local File Inclus…

CVSS: 7.5 CWE: CWE-98

Critical

CVE-2025-48293

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. Th…

CVSS: 9.8 CWE: CWE-98

High

CVE-2025-47689

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Bl…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-47610

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-47536

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection. This issue affects Content Egg: from n/a through 7.0.0.

CVSS: 7.2 CWE: CWE-502

High

CVE-2025-3703

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local Fil…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-39510

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. This issue affects P…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-39483

Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer allows Code Injection. This issue affects Eventer: from n/a through 3.9.6.

CVSS: 6.5 CWE: CWE-94

High

CVE-2025-32288

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions allows PHP Local File Incl…

CVSS: 7.5 CWE: CWE-98

High

CVE-2025-31425

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Cap…

CVSS: 7.5 CWE: CWE-862

High

CVE-2025-31007

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affe…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-30998

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links P…

CVSS: 8.5 CWE: CWE-89

Medium

CVE-2025-30993

Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security…

CVSS: 6.5 CWE: CWE-862

High

CVE-2025-30639

Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a thr…

CVSS: 7.5 CWE: CWE-862

High

CVE-2025-30635

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. T…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-30626

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allow…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-29014

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a t…

CVSS: 7.1 CWE: CWE-79

High

CVE-2025-28999

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-28987

Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1.

CVSS: 6.4 CWE: CWE-918

High

CVE-2025-28979

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This i…

CVSS: 8.1 CWE: CWE-98

High

CVE-2025-28975

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2025-28962

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ad…

CVSS: 6.5 CWE: CWE-862

Critical

CVE-2025-25174

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inc…

CVSS: 10.0 CWE: CWE-98

High

CVE-2025-25172

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This is…

CVSS: 8.1 CWE: CWE-98

Critical

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms: from n/a through 2.9.0.

CVSS: 9.9 CWE: CWE-434

High

CVE-2025-24766

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Incl…

CVSS: 7.5 CWE: CWE-98

Medium

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to c…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-8955

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the ar…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-7761

Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed o…

CVSS: 5.1 CWE: CWE-79

Critical

CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the ho…

CVSS: 9.8 CWE: CWE-94

High

CVE-2025-8954

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argu…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8953

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php.…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8952

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=l…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-54472

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In t…

CVSS: 7.5 CWE: CWE-190

High

CVE-2025-48862

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the p…

CVSS: 7.1 CWE: CWE-311

Medium

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including pote…

CVSS: 5.3 CWE: CWE-284

High

CVE-2025-48860

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a…

CVSS: 8.0 CWE: CWE-284

High

CVE-2025-8951

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8950

A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacan…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.

CVSS: 8.3 CWE: CWE-20

High

CVE-2025-8949

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The m…

CVSS: 7.2 CWE: CWE-119

High

CVE-2025-8948

A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads t…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8947

A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8946

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8940

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation o…

CVSS: 8.8 CWE: CWE-119

High

CVE-2025-8939

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2025-8938

A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipul…

CVSS: 6.3 CWE: CWE-912

Medium

CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injecti…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-5942

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow i…

CVSS: 5.7 CWE: CWE-122

Low

CVE-2025-5941

Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successf…

CVSS: 2.0 CWE: CWE-125

Medium

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope…

CVSS: 6.0 CWE: CWE-295

High

CVE-2024-7402

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Ma…

CVSS: 7.0 CWE: CWE-354

High

CVE-2025-8935

A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipul…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8934

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 le…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2025-8933

A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation o…

CVSS: 4.3 CWE: CWE-79

High

CVE-2025-8932

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of t…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argum…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2025-8930

A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update C…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2025-55199

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available me…

CVSS: 6.5 CWE: CWE-770

Medium

CVE-2025-55198

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a pani…

CVSS: 6.5 CWE: CWE-908

2025-08-13

High

CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the…

CVSS: 7.5 CWE: CWE-400

High

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where t…

CVSS: 7.1 CWE: CWE-284

Medium

CVE-2025-55194

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading fil…

CVSS: 5.7 CWE: CWE-248

Low

CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escap…

CVSS: 2.7 CWE: CWE-150

Medium

CVE-2025-8929

A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the ar…

CVSS: 6.3 CWE: CWE-74

Medium

CVE-2025-8928

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicine…

CVSS: 6.3 CWE: CWE-74

Critical

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which…

CVSS: 9.2 CWE: CWE-22

Critical

CVE-2012-10060

Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication,…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2012-10059

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sani…

CVSS: 9.4 CWE: CWE-78

Critical

CVE-2012-10058

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this…

CVSS: 10.0 CWE: CWE-121

High

CVE-2012-10057

Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag…

CVSS: 8.4 CWE: CWE-121

High

CVE-2012-10056

PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/docum…

CVSS: 8.7 CWE: CWE-434

Critical

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format speci…

CVSS: 9.3 CWE: CWE-134

Critical

CVE-2012-10054

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that…

CVSS: 9.3 CWE: CWE-22

Critical

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via t…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10018

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payl…

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2011-10017

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed…

CVSS: 10.0 CWE: CWE-78

Critical

CVE-2011-10016

Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the…

CVSS: 9.3 CWE: CWE-121

Critical

CVE-2011-10015

Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copie…

CVSS: 9.3 CWE: CWE-121

High

CVE-2011-10014

GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulne…

CVSS: 8.7 CWE: CWE-121

Critical

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed…

CVSS: 10.0 CWE: CWE-94

High

CVE-2011-10012

NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a s…

CVSS: 8.4 CWE: CWE-121

Critical

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into incl…

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit thi…

CVSS: 9.4 CWE: CWE-22

High

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and…

CVSS: 8.7 CWE: CWE-22

Low

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Han…

CVSS: 3.7 CWE: CWE-307

High

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipula…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-43988

KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin cr…

CVSS: 7.5 CWE: CWE-200

Critical

CVE-2025-43986

An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.

CVSS: 9.8 CWE: CWE-200

Critical

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.

CVSS: 9.8 CWE: CWE-798

High

CVE-2025-8925

A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code le…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8924

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8923

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to…

CVSS: 7.3 CWE: CWE-74

High

CVE-2025-8922

A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It…

CVSS: 7.3 CWE: CWE-74

Medium

CVE-2025-45313

A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a c…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter…

CVSS: 6.5 CWE: CWE-78

High

CVE-2025-8921

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument j…

CVSS: 7.3 CWE: CWE-74

Low

CVE-2025-8920

A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicio…

CVSS: 2.4 CWE: CWE-79

Low

CVE-2025-8919

A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page…

CVSS: 2.4 CWE: CWE-79

Critical

CVE-2025-8904

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account…

CVSS: 9.0 CWE: CWE-257

Medium

CVE-2025-8770

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated us…

CVSS: 6.5 CWE: CWE-639

High

CVE-2025-8754

Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.

CVSS: 7.5 CWE: CWE-306

High

CVE-2025-7739

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve store…

CVSS: 8.7 CWE: CWE-79

High

CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have a…

CVSS: 8.7 CWE: CWE-79

High

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account…

CVSS: 8.7 CWE: CWE-79

Medium

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated user…

CVSS: 5.0 CWE: CWE-732

Medium

CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.

CVSS: 6.5 CWE: CWE-78

High

CVE-2025-50617

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-122

High

CVE-2025-50616

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50615

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-400

Medium

CVE-2025-45317

A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.

CVSS: 6.5 CWE: CWE-77

Medium

CVE-2025-45316

A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a cra…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-45315

A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2025-45314

A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-2937

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users…

CVSS: 6.5 CWE: CWE-1333

Medium

CVE-2025-2614

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated us…

CVSS: 6.5 CWE: CWE-770

Low

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have a…

CVSS: 3.1 CWE: CWE-1220

High

CVE-2025-23306

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23305

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerabil…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously…

CVSS: 7.8 CWE: CWE-22

High

CVE-2025-23303

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of thi…

CVSS: 7.8 CWE: CWE-502

High

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of thi…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23296

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerabilit…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful explo…

CVSS: 7.8 CWE: CWE-94

High

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability m…

CVSS: 7.8 CWE: CWE-78

Medium

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated…

CVSS: 6.5 CWE: CWE-770

High

CVE-2024-5477

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of serv…

CVSS: 7.3 CWE: CWE-1256

Medium

CVE-2024-12303

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have al…

CVSS: 6.7 CWE: CWE-266

Medium

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have al…

CVSS: 6.5 CWE: CWE-863

Critical

CVE-2025-52385

An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVSS: 9.8 CWE: CWE-287

Critical

CVE-2025-50594

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to re…

CVSS: 9.8 CWE: CWE-640

Critical

CVE-2025-34153

Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remotin…

CVSS: 10.0 CWE: CWE-502

Medium

CVE-2025-2184

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users know…

CVSS: 5.3 CWE: CWE-1392

Medium

CVE-2025-2183

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable…

CVSS: 5.3 CWE: CWE-295

Medium

CVE-2025-2182

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is o…

CVSS: 5.6 CWE: CWE-312

Medium

CVE-2025-2181

A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's outpu…

CVSS: 5.9 CWE: CWE-312

Medium

CVE-2025-2180

An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scann…

CVSS: 4.8 CWE: CWE-502

Low

CVE-2025-8918

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Pa…

CVSS: 2.4 CWE: CWE-79

Critical

CVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVSS: 9.8 CWE: CWE-288

High

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability b…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50613

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50612

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability b…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50611

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50610

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50609

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by contro…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-50608

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by co…

CVSS: 7.5 CWE: CWE-120

High

CVE-2025-8941

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate…

CVSS: 7.8 CWE: CWE-22

High

CVE-2025-55163

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical…

CVSS: 8.2 CWE: CWE-770

High

CVE-2025-54809

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support…

CVSS: 7.4 CWE: CWE-295

Medium

CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset At…

CVSS: 5.3 CWE: CWE-770

Low

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memor…

CVSS: 3.7 CWE: CWE-125

High

CVE-2025-52585

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can…

CVSS: 7.5 CWE: CWE-476

Medium

CVE-2025-51691

Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a craft…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-50690

A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb49…

CVSS: 6.1 CWE: CWE-79

High

CVE-2025-50635

A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can tr…

CVSS: 7.5 CWE: CWE-476

Critical

CVE-2025-50251

Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.

CVSS: 9.1 CWE: CWE-918

High

CVE-2025-48500

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to…

CVSS: 7.3 CWE: CWE-353

High

CVE-2025-46405

When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions…

CVSS: 7.5 CWE: CWE-121

Medium

CVE-2025-55668

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1…

CVSS: 6.5 CWE: CWE-384

Medium

CVE-2025-55160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-…

CVSS: 6.1 CWE: CWE-758

High

CVE-2025-55154

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneM…

CVSS: 8.8 CWE: CWE-190

Medium

CVE-2025-55005

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces,…

CVSS: 5.5 CWE: CWE-122

High

CVE-2025-55004

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read aro…

CVSS: 7.6 CWE: CWE-122

Medium

CVE-2025-54791

OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in…

CVSS: 5.3 CWE: CWE-209

Critical

CVE-2025-54382

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when…

CVSS: 9.6 CWE: CWE-78

High

CVE-2025-54074

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection w…

CVSS: 7.7 CWE: CWE-78

Medium

CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts…

CVSS: 5.4 CWE: CWE-307

Medium

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file

CVSS: 5.4 CWE: CWE-1236

High

CVE-2025-32451

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF docu…

CVSS: 8.8 CWE: CWE-824

Medium

CVE-2025-8908

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinA…

CVSS: 6.3 CWE: CWE-74

High

CVE-2025-8907

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to ex…

CVSS: 7.0 CWE: CWE-250

High

CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive…

CVSS: 7.5 CWE: CWE-404

High

CVE-2025-48989

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through…

CVSS: 7.5 CWE: CWE-404

Medium

CVE-2025-55280

This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical…

CVSS: 5.2 CWE: CWE-312

Medium

CVE-2025-55279

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerab…

CVSS: 6.9 CWE: CWE-798

Medium

CVE-2025-54465

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could ex…

CVSS: 6.8 CWE: CWE-798

High

CVE-2025-54464

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit thi…

CVSS: 7.0 CWE: CWE-312

Medium

CVE-2025-8916

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allo…

CVSS: 6.3 CWE: CWE-770

Medium

CVE-2025-8914

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database c…

CVSS: 6.5 CWE: CWE-89

Critical

CVE-2025-8913

Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.

CVSS: 9.8 CWE: CWE-98

High

CVE-2025-8912

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to dow…

CVSS: 7.5 CWE: CWE-36

Medium

CVE-2025-8911

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript co…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-8910

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript co…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2025-8909

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversa…

CVSS: 6.5 CWE: CWE-36

High

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symli…

CVSS: 8.8 CWE: CWE-61

Medium

CVE-2025-8762

A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper ph…

CVSS: 6.8 CWE: CWE-284

High

CVE-2025-8761

A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denia…

CVSS: 7.5 CWE: CWE-404

Critical

CVE-2025-8760

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Autho…

CVSS: 9.8 CWE: CWE-119

High

CVE-2025-6184

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignm…

CVSS: 8.8 CWE: CWE-89

Critical

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserializatio…

CVSS: 9.8 CWE: CWE-502

Medium

CVE-2025-8891

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-8491

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2025-0818

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers…

CVSS: 6.5 CWE: CWE-22

High

CVE-2025-8901

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security…

CVSS: 8.8 CWE: CWE-787

High

CVE-2025-8882

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corrup…

CVSS: 8.8 CWE: CWE-416

Medium

CVE-2025-8881

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross…

CVSS: 6.5 CWE: CWE-303

High

CVE-2025-8880

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-362

High

CVE-2025-8879

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium s…

CVSS: 8.8 CWE: CWE-122

High

CVE-2025-4410

A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.

CVSS: 7.5 CWE: CWE-20

High

CVE-2025-4277

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

CVSS: 7.5 CWE: CWE-20

High

CVE-2025-4276

UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

CVSS: 7.5 CWE: CWE-20

2025-08-12

Medium

CVE-2025-54238

Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires use…

CVSS: 5.5 CWE: CWE-125

Medium

CVE-2025-54233

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this is…

CVSS: 5.5 CWE: CWE-125

High

CVE-2025-54232

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54231

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54230

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54229

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-416

Critical

CVE-2025-49457

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

CVSS: 9.6 CWE: CWE-426

Medium

CVE-2025-49456

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.

CVSS: 6.2 CWE: CWE-426

High

CVE-2025-54222

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current us…

CVSS: 7.8 CWE: CWE-787

High

CVE-2025-55171

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at e…

CVSS: 7.5 CWE: CWE-287

Medium

CVE-2025-55170

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerabili…

CVSS: 6.5 CWE: CWE-79

High

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by…

CVSS: 8.2 CWE: CWE-200

Medium

CVE-2025-54235

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue…

CVSS: 5.5 CWE: CWE-125

Medium

CVE-2025-54228

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issu…

CVSS: 5.5 CWE: CWE-125

Medium

CVE-2025-54227

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issu…

CVSS: 5.5 CWE: CWE-125

High

CVE-2025-54226

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54225

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54224

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54223

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…

CVSS: 7.8 CWE: CWE-416

High

CVE-2025-54221

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exp…

CVSS: 7.8 CWE: CWE-787

High

CVE-2025-54220

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-122

High

CVE-2025-54219

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-122

High

CVE-2025-54218

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exp…

CVSS: 7.8 CWE: CWE-787

High

CVE-2025-54217

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.8 CWE: CWE-122

High

CVE-2025-54216

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exp…

CVSS: 7.8 CWE: CWE-787

High

CVE-2025-54215

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exp…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2025-54214

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issu…

CVSS: 5.5 CWE: CWE-125