| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-5199 | LPE on Multipass for macOS | S | |
| CVE-2025-7460 | TOTOLINK T6 HTTP POST Request cstecgi.cgi setWiFiAclRules buffer overflow | E | |
| CVE-2025-53636 | Open OnDemand Shell App closed websocket DoS | | |
| CVE-2025-7459 | code-projects Mobile Shop EditMobile.php sql injection | E | |
| CVE-2025-7457 | Campcodes Online Movie Theater Seat Reservation System manage_movie.php sql injection | E | |
| CVE-2025-7456 | Campcodes Online Movie Theater Seat Reservation System reserve.php sql injection | E | |
| CVE-2025-7455 | Campcodes Online Movie Theater Seat Reservation System manage_reserve.php sql injection | E | |
| CVE-2025-7454 | Campcodes Online Movie Theater Seat Reservation System manage_theater.php sql injection | E | |
| CVE-2025-7503 | An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet ser... | | |
| CVE-2025-3631 | IBM MQ denial of service | S | |
| CVE-2025-7453 | saltbo zpan JSON Web Token token.go NewToken hard-coded password | E | |
| CVE-2025-30403 | A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a Q... | | |
| CVE-2025-30402 | A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to c... | | |
| CVE-2025-53642 | haxcms-nodejs and haxcms-php Improperly Terminate Sessions | | |
| CVE-2025-7452 | kone-net go-chat Endpoint file_controller.go GetFile path traversal | E | |
| CVE-2025-53641 | Postiz allows header mutation in middleware facilitates resulting in SSRF | | |
| CVE-2025-43856 | immich allows account hijacking through oauth2 | | |
| CVE-2025-7450 | letseeqiji gorobbs API user.go ResetUserAvatar path traversal | E | |
| CVE-2024-47065 | Traceroute_APP responses are not rate-limited. | | |
| CVE-2025-47963 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2025-47964 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2025-47182 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2025-7026 | SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0 | | |
| CVE-2025-7028 | SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer | | |
| CVE-2025-7027 | SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1 | | |
| CVE-2025-7029 | SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler | | |
| CVE-2025-52988 | Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout' | S | |
| CVE-2025-6549 | Junos OS: SRX Series: J-Web can be exposed on additional interfaces | S | |
| CVE-2025-52989 | Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration | S | |
| CVE-2025-52986 | Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks | S | |
| CVE-2025-52985 | Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching | S | |
| CVE-2025-52984 | Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes | S | |
| CVE-2025-52983 | Junos OS: After removing ssh public key authentication root can still log in | S | |
| CVE-2025-52982 | Junos OS: MX Series: When specific SIP packets are processed the MS-MPC will crash | S | |
| CVE-2025-52981 | Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash | S | |
| CVE-2025-52980 | Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message | S | |
| CVE-2025-52964 | Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured | S | |
| CVE-2025-52963 | Junos OS: A low-privileged user can disable an interface | S | |
| CVE-2025-52953 | Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset | S | |
| CVE-2025-52952 | Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash | S | |
| CVE-2025-48924 | Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs | | |
| CVE-2025-52958 | Junos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crash | S | |
| CVE-2025-52955 | Junos OS: When jflow/sflow is configured continuous logical interface flaps causes rpd crash and restart | S | |
| CVE-2025-52954 | Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system | S | |
| CVE-2025-52951 | Junos OS: IPv6 firewall filter fails to match payload-protocol | S | |
| CVE-2025-52950 | Juniper Security Director: Insufficient authorization for multiple endpoints in web interface | S | |
| CVE-2025-52949 | Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash | S | |
| CVE-2025-52948 | Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled | S | |
| CVE-2025-52947 | Junos OS: ACX Series: When 'hot-standby' mode is configured for an L2 circuit, interface flap causes the FEB to crash | S | |
| CVE-2025-52946 | Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash | S | |
| CVE-2025-30661 | Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation | S | |
| CVE-2025-53861 | Aap: sensitive cookie(s) set without security flags | M | |
| CVE-2025-53862 | Aap: aap-gateway: automation-hub: sensitive information disclosure | M | |
| CVE-2025-6788 | CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resourc... | | |
| CVE-2025-50124 | CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation wh... | | |
| CVE-2025-50125 | CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated re... | | |
| CVE-2025-50123 | CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could ca... | | |
| CVE-2025-3933 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers | | |
| CVE-2025-50122 | CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the... | | |
| CVE-2025-50121 | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') v... | | |
| CVE-2025-6438 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause... | | |
| CVE-2025-6838 | Broken Link Notifier <= 1.3.0 - Authenticated (Contributor+) CSV Injection | | |
| CVE-2025-6851 | Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery | | |
| CVE-2025-7442 | WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection | | |
| CVE-2025-6068 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | | |
| CVE-2025-5530 | WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-6745 | WoodMart <= 8.2.5 - Unauthenticated Post Disclosure | | |
| CVE-2025-4593 | WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure | | |
| CVE-2025-5992 | Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service | | |
| CVE-2025-5392 | GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution | | |
| CVE-2025-6716 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting | | |
| CVE-2025-5028 | Arbitrary file deletion vulnerability in ESET product installers | | |
| CVE-2025-30026 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally req... | | |
| CVE-2025-30025 | The communication protocol used between the server process and the service control had a flaw that c... | | |
| CVE-2025-30024 | The communication protocol used between client and server had a flaw that could be leveraged to exec... | | |
| CVE-2025-30023 | The communication protocol used between client and server had a flaw that could lead to an authentic... | | |
| CVE-2025-6200 | GeoDirectory < 2.8.120 - Contributor+ Stored XSS | E | |
| CVE-2025-2942 | Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure | E | |
| CVE-2025-7401 | Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php | | |
| CVE-2025-7436 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-7435 | LiveHelperChat lhc-php-resque Extension List list cross site scripting | E S | |
| CVE-2025-7434 | Tenda FH451 POST Request addressNat fromAddressNat stack-based overflow | E | |
| CVE-2025-7423 | Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow | E | |
| CVE-2025-7422 | Tenda O3V2 httpd setNetworkService setAutoReboot stack-based overflow | E | |
| CVE-2025-5241 | Denial-of-Service Vulnerability in MELSEC iQ-F Series | | |
| CVE-2025-7421 | Tenda O3V2 httpd operateMacFilter fromMacFilterModify stack-based overflow | E | |
| CVE-2025-53864 | Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via... | E | |
| CVE-2025-51591 | A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and com... | | |
| CVE-2025-52994 | gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a craft... | | |
| CVE-2025-52089 | A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.5... | | |
| CVE-2023-38329 | An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerab... | | |
| CVE-2025-45582 | GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c... | | |
| CVE-2023-38327 | An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under c... | | |
| CVE-2013-3307 | Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 ... | | |
| CVE-2025-53471 | Emerson ValveLink Products Improper Input Validation | S | |
| CVE-2025-48496 | Emerson ValveLink Products Uncontrolled Search Path Element | S | |
| CVE-2025-46358 | Emerson ValveLink Products Protection Mechanism Failure | S | |
| CVE-2025-50109 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory | S | |
| CVE-2025-52579 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory | S | |
| CVE-2025-7420 | Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow | E | |
| CVE-2025-53509 | Advantech iView Argument Injection | S | |
| CVE-2025-52459 | Advantech iView Argument Injection | S | |
| CVE-2025-53515 | Advantech iView SQL Injection | S | |
| CVE-2025-52577 | Advantech iView SQL Injection | S | |
| CVE-2025-53475 | Advantech iView SQL Injection | S | |
| CVE-2025-46704 | Advantech iView Path Traversal | S | |
| CVE-2025-48891 | Advantech iView SQL Injection | S | |
| CVE-2025-41442 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-53519 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-53397 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-7419 | Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow | E | |
| CVE-2025-1727 | End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication | M | |
| CVE-2025-7418 | Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow | E | |
| CVE-2025-31267 | An authentication issue was addressed with improved state management. This issue is fixed in App Sto... | | |
| CVE-2025-7417 | Tenda O3V2 httpd setPingInfo fromNetToolGet stack-based overflow | E | |
| CVE-2025-7416 | Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow | E | |
| CVE-2025-53637 | Meshtastic allows Command Injection in GitHub Action | | |
| CVE-2025-24798 | Meshtastic crashes via an unimplemented routing module reply | | |
| CVE-2025-6392 | Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392) | | |
| CVE-2025-6390 | Cleartext storage of sensitive information in Brocade SANnav server audit logs. | | |
| CVE-2025-7415 | Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection | E | |
| CVE-2025-4662 | Plaintext security passwords are logged in the audit logs while executing openssl cmd | | |
| CVE-2025-7414 | Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection | E | |
| CVE-2025-3947 | Integer underflow during processing of short network packets in CDA FTEB responder | | |
| CVE-2025-3946 | Incorrect response generation during FTEB protocol processing | | |
| CVE-2025-2523 | Lack of buffer clearing before reuse may result in incorrect system behavior. | | |
| CVE-2025-2522 | Lack of buffer clearing before reuse may result in incorrect system behavior. | | |
| CVE-2025-2521 | Lack of indexes’ validation against buffer borders leads to remote code execution. | | |
| CVE-2025-7413 | code-projects Library System profile.php unrestricted upload | E | |
| CVE-2025-2520 | Dereferencing of an uninitialized pointer leads to denial of service. | | |
| CVE-2025-53629 | cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability | E | |
| CVE-2025-53628 | cpp-httplib does not limit the length of a line | E | |
| CVE-2025-53634 | Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks | | |
| CVE-2025-53633 | Chall-Manager's scenario decoding process does not check for zip bombs | | |
| CVE-2025-53632 | Chall-Manager's scenario decoding process does not check for zip slips | | |
| CVE-2025-53630 | Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf | | |
| CVE-2025-7412 | code-projects Library System profile.php unrestricted upload | E | |
| CVE-2025-34100 | BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload | E | |
| CVE-2025-34102 | CryptoLog Unauthenticated RCE via SQL Injection and Command Injection | E | |
| CVE-2025-34096 | Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp | E | |
| CVE-2025-34095 | Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp | E | |
| CVE-2025-53506 | Apache Tomcat: DoS via excessive h2 streams at connection start | | |
| CVE-2025-34093 | Polycom HDX Series Telnet Command Injection via lan traceroute | E S | |
| CVE-2025-34097 | ProcessMaker < 3.5.4 Authenticated Plugin Upload RCE | E | |
| CVE-2025-34098 | Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection | E | |
| CVE-2025-34101 | Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter | E | |
| CVE-2025-34099 | VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password | E | |
| CVE-2025-7021 | OpenAI Operator - API Spoofing through Locking Operator on FullScreen | | |
| CVE-2025-52520 | Apache Tomcat: DoS via integer overflow in multipart file upload | | |
| CVE-2025-52434 | Apache Tomcat: APR/Native Connector crash leading to DoS | | |
| CVE-2025-7411 | code-projects LifeStyle Store success.php sql injection | E | |
| CVE-2025-53503 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a... | | |
| CVE-2025-53378 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) ... | | |
| CVE-2025-52837 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Followi... | | |
| CVE-2025-52521 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vu... | | |
| CVE-2025-53626 | pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation | E | |
| CVE-2025-52473 | liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 | | |
| CVE-2025-53709 | Access control issues impacting secure-upload service | | |
| CVE-2025-53625 | DynamicPageList3 exposes hidden/suppressed usernames | E | |
| CVE-2025-53549 | Matrix Rust SDK allows SQL injection in the EventCache implementation | | |
| CVE-2025-53542 | Kubernetes Headlamp Allows Arbitrary Command Injection in macOS Process headlamp@codeSign | | |
| CVE-2025-53371 | DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs | | |
| CVE-2025-7410 | code-projects LifeStyle Store cart_remove.php sql injection | E | |
| CVE-2025-53020 | Apache HTTP Server: HTTP/2 DoS by Memory Increase | | |
| CVE-2025-49812 | Apache HTTP Server: mod_ssl TLS upgrade attack | | |
| CVE-2025-49630 | Apache HTTP Server: mod_proxy_http2 denial of service | | |
| CVE-2025-23048 | Apache HTTP Server: mod_ssl access control bypass with session resumption | | |
| CVE-2024-43394 | Apache HTTP Server: SSRF on Windows due to UNC paths | | |
| CVE-2024-47252 | Apache HTTP Server: mod_ssl error log variable escaping | | |
| CVE-2024-43204 | Apache HTTP Server: SSRF with mod_headers setting Content-Type header | | |
| CVE-2024-42516 | Apache HTTP Server: HTTP response splitting | | |
| CVE-2025-49464 | Zoom Clients for Windows- Classic Buffer Overflow | | |
| CVE-2025-7409 | code-projects Mobile Shop LoginAsAdmin.php sql injection | E | |
| CVE-2025-49463 | Zoom Clients for iOS - Insufficient Control Flow Management | | |
| CVE-2025-49462 | Zoom Clients - Cross-site Scripting | | |
| CVE-2025-46789 | Zoom Clients for Windows - Classic Buffer Overflow | | |
| CVE-2025-46788 | Zoom Workplace for Linux - Improper Certificate Validation | | |
| CVE-2025-6395 | Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite() | M | |
| CVE-2025-53364 | Parse Server exposes the data schema via GraphQL API | | |
| CVE-2025-46835 | Git GUI can create and overwrite files for which the user has write permission | | |
| CVE-2025-46334 | Git GUI malicious command injection on Windows | | |
| CVE-2025-27614 | Gitk allows arbitrary command execution | | |
| CVE-2025-27613 | Gitk can create and truncate files in the user's home directory | | |
| CVE-2025-7408 | SourceCodester Zoo Management System animal_form_template.php cross site scripting | E | |
| CVE-2025-7365 | Keycloak: phishing attack via email verification step in first login flow | M | |
| CVE-2024-39752 | IBM Analytics Content Hub file upload | S | |
| CVE-2024-38327 | IBM Analytics Content Hub information disclosure | S | |
| CVE-2025-36090 | IBM Analytics Content Hub information disclosure | S | |
| CVE-2024-37524 | IBM Analytics Content Hub information disclosure | S | |
| CVE-2025-7370 | Libsoup: libsoup null pointer dereference | M | |
| CVE-2025-7424 | Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes | M | |
| CVE-2025-7425 | Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | E M | |
| CVE-2025-7407 | Netgear D6400 diag.cgi os command injection | E | |
| CVE-2025-6211 | MD5 Hash Collision in run-llama/llama_index | E | |
| CVE-2025-5040 | RTE File Parsing Heap-Based Overflow Vulnerability | | |
| CVE-2025-5037 | RFA File Parsing Memory Corruption Vulnerability | | |
| CVE-2024-7650 | Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4 | S | |
| CVE-2025-32990 | Gnutls: vulnerability in gnutls certtool template parsing | M | |
| CVE-2025-5023 | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system m... | | |
| CVE-2025-5022 | Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system moni... | |