| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-5167 | Open Asset Import Library Assimp LWOLoader.h GetS0 out-of-bounds | E | |
| CVE-2025-5165 | Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds | E | |
| CVE-2025-5164 | PerfreeBlog JWT JwtUtil hard-coded key | E | |
| CVE-2025-5166 | Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds | E | |
| CVE-2025-1926 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification | | |
| CVE-2024-13228 | Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content | S | |
| CVE-2025-2206 | aitangbao springboot-manager permission cross site scripting | E | |
| CVE-2024-13703 | CRM and Lead Management by vcita <= 2.7.1 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle | | |
| CVE-2025-5163 | yangshare 技术杨工 warehouseManager 仓库管理系统 access control | E | |
| CVE-2025-1561 | AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting | S | |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication | S | |
| CVE-2025-2382 | PHPGurukul Online Banquet Booking System booking-search.php sql injection | E | |
| CVE-2025-1848 | zj1983 zz import_data_check server-side request forgery | E | |
| CVE-2025-1849 | zj1983 zz import_data_todb server-side request forgery | E | |
| CVE-2025-1847 | zj1983 zz improper authorization | E | |
| CVE-2024-13350 | SearchIQ – The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-11731 | Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode | | |
| CVE-2024-13757 | Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode | | |
| CVE-2024-13777 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection | | |
| CVE-2025-1821 | zj1983 zz ZorgAction.java getUserOrgForUserId sql injection | E | |
| CVE-2024-13358 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update | S | |
| CVE-2025-1780 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update | S | |
| CVE-2024-13568 | Fluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | | |
| CVE-2024-13901 | Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting | S | |
| CVE-2024-13611 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | | |
| CVE-2024-13697 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links | | |
| CVE-2025-1818 | zj1983 zz ZfileAction.upload unrestricted upload | E | |
| CVE-2025-5162 | H3C SecCenter SMP-E1114P02 importFile unrestricted upload | E | |
| CVE-2025-5161 | H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal | E | |
| CVE-2025-1820 | zj1983 zz ZworkflowAction.java getOaWid sql injection | E | |
| CVE-2025-0692 | Simple Video Management System <= 1.0.4 - Admin+ Stored XSS | E | |
| CVE-2025-1167 | Mayuri K Employee Management System Update_User.php sql injection | E | |
| CVE-2024-13332 | TransFinanz <= 1.0.0 - Reflected XSS | E | |
| CVE-2024-50500 | WordPress Phlox Core Elements plugin <= 2.17.2 - Broken Access Control vulnerability | | |
| CVE-2025-1830 | zj1983 zz Customer Information cross site scripting | E | |
| CVE-2025-1831 | zj1983 zz ZorgAction.java GetDBUser sql injection | E | |
| CVE-2025-1832 | zj1983 zz ZroleAction.java getUserList sql injection | E | |
| CVE-2025-1833 | zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery | E | |
| CVE-2025-1834 | zj1983 zz resolve unrestricted upload | E | |
| CVE-2025-5160 | H3C SecCenter SMP-E1114P02 download path traversal | E | |
| CVE-2025-5159 | H3C SecCenter SMP-E1114P02 download path traversal | E | |
| CVE-2025-2146 | Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and L... | | |
| CVE-2025-5158 | H3C SecCenter SMP-E1114P02 downloadSoftware path traversal | E | |
| CVE-2025-5157 | H3C SecCenter SMP-E1114P02 fileContent path traversal | | |
| CVE-2025-5156 | H3C GR-5400AX aspForm EditWlanMacList buffer overflow | E | |
| CVE-2025-5155 | qianfox FoxCMS Article.php batchCope sql injection | E | |
| CVE-2025-5154 | PhonePe App SQLite Database databases cleartext storage in a file or on disk | E S | |
| CVE-2025-5153 | CMS Made Simple Design Manager Module cross site scripting | E | |
| CVE-2025-5152 | Chanjet CRM newActivityedit.php sql injection | E | |
| CVE-2025-5151 | defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection | E S | |
| CVE-2025-5150 | docarray Web API torch_dataset.py __getitem__ prototype pollution | E | |
| CVE-2025-5149 | WCMS Login getallcon getMemberByUid improper authentication | E | |
| CVE-2025-5148 | FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization | S | |
| CVE-2025-5147 | Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection | E | |
| CVE-2025-5146 | Netcore NBR200V2 HTTP Header routerd passwd_set command injection | E | |
| CVE-2025-5145 | Netcore POWER13 Query String cgi-bin command injection | E | |
| CVE-2025-5140 | Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery | E | |
| CVE-2025-5139 | Qualitor testaConexaoOffice365.php command injection | E | |
| CVE-2025-5138 | Bitwarden PDF File cross site scripting | E | |
| CVE-2025-5137 | DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection | E | |
| CVE-2025-5136 | Tmall Demo Payment Identifier pay random values | E | |
| CVE-2025-5135 | Tmall Demo Product Details Page admin cross site scripting | E | |
| CVE-2025-5134 | Tmall Demo Buy Item Page cross site scripting | E | |
| CVE-2025-5133 | Tmall Demo Search Box cross site scripting | E | |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery | E | |
| CVE-2025-5131 | Tmall Demo uploadCategoryImage unrestricted upload | E | |
| CVE-2025-5130 | Tmall Demo uploadProductImage unrestricted upload | E | |
| CVE-2025-37899 | ksmbd: fix use-after-free in session logoff | | |
| CVE-2025-5129 | Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path | E | |
| CVE-2025-5128 | ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection | E | |
| CVE-2025-5127 | FLIR AX8 prod.php cross site scripting | E | |
| CVE-2025-5126 | FLIR AX8 settingsregional.php setDataTime command injection | E | |
| CVE-2023-38951 | ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to cre... | | |
| CVE-2025-5124 | Sony SNC-M1 Administrative Interface default credentials | E | |
| CVE-2023-42926 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed... | | |
| CVE-2023-49584 | Client-Side Desynchronization vulnerability in SAP Fiori Launchpad | | |
| CVE-2023-45316 | Reflected client side path traversal leading to CSRF in Playbooks | S | |
| CVE-2023-6727 | Leak Inaccessible Playbook Information via Channel Action IDOR | S | |
| CVE-2023-46285 | A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcente... | S | |
| CVE-2023-49923 | Enterprise Search Insertion of Sensitive Information into Log File | M | |
| CVE-2025-48751 | The process_lock crate 0.1.0 for Rust allows data races in unlock.... | | |
| CVE-2025-48752 | In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mu... | | |
| CVE-2025-48753 | In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.... | | |
| CVE-2025-48754 | In the memory_pages crate 0.1.0 for Rust, division by zero can occur.... | | |
| CVE-2025-48755 | In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).... | | |
| CVE-2025-48756 | In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware devic... | | |
| CVE-2024-13427 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link | | |
| CVE-2025-3869 | 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2025-5055 | Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting | | |
| CVE-2025-4602 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read | | |
| CVE-2025-4603 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion | | |
| CVE-2025-4336 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() | | |
| CVE-2025-5058 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image() | | |
| CVE-2025-4223 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter | | |
| CVE-2025-2704 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to tr... | | |
| CVE-2024-13591 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2024-13592 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Local File Inclusion | | |
| CVE-2024-13402 | BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title' | | |
| CVE-2024-12723 | Infility Global <= 2.9.8 - Reflected XSS | E | |
| CVE-2024-57587 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem... | E | |
| CVE-2024-55062 | Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauth... | E | |
| CVE-2024-53357 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem... | E | |
| CVE-2025-48708 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argume... | | |
| CVE-2024-54852 | When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the l... | E | |
| CVE-2025-4810 | Tenda AC7 SetRebootTimer formSetRebootTimer stack-based overflow | E | |
| CVE-2025-4809 | Tenda AC7 setMacFilterCfg fromSafeSetMacFilter stack-based overflow | E | |
| CVE-2025-4851 | TOTOLINK N300RH cstecgi.cgi setUploadUserData command injection | E | |
| CVE-2025-4850 | TOTOLINK N300RH cstecgi.cgi setUnloadUserData command injection | E | |
| CVE-2025-4849 | TOTOLINK N300RH cstecgi.cgi CloudACMunualUpdateUserdata command injection | E | |
| CVE-2025-45862 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacen... | E | |
| CVE-2025-45513 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.... | E | |
| CVE-2025-5119 | Emlog Pro api_controller.php sql injection | E | |
| CVE-2025-48738 | An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4... | | |
| CVE-2025-48739 | A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 ... | | |
| CVE-2025-48741 | A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11... | | |
| CVE-2025-48740 | A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 b... | | |
| CVE-2025-48735 | A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 be... | | |
| CVE-2024-26952 | ksmbd: fix potencial out-of-bounds when buffer offset is invalid | S | |
| CVE-2023-44466 | An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an int... | E S | |
| CVE-2024-27018 | netfilter: br_netfilter: skip conntrack input hook for promisc packets | S | |
| CVE-2022-48735 | ALSA: hda: Fix UAF of leds class devs at unbinding | S | |
| CVE-2024-36477 | tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer | S | |
| CVE-2022-3233 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | E S | |
| CVE-2022-3256 | Use After Free in vim/vim | E S | |
| CVE-2022-3268 | Weak Password Requirements in ikus060/minarca | E S | |
| CVE-2022-3267 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | E S | |
| CVE-2025-22149 | JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh | | |
| CVE-2021-34661 | WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion | S | |
| CVE-2021-34660 | WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting | S | |
| CVE-2021-34640 | Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting | E S | |
| CVE-2021-34655 | WP Songbook <= 2.0.11 Reflected Cross-Site Scripting | E S | |
| CVE-2021-34658 | Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting | E S | |
| CVE-2021-34663 | jQuery Tagline Rotator <= 0.1.5 Reflected Cross-Site Scripting | E S | |
| CVE-2021-34659 | Plugmatter Pricing Table Lite <= 1.0.32 Reflected Cross-Site Scripting | E S | |
| CVE-2021-34664 | Moova for WooCommerce <= 3.5 Reflected Cross-Site Scripting | E S | |
| CVE-2021-34665 | WP SEO Tags <= 2.2.7 Reflected Cross-Site Scripting | E S | |
| CVE-2025-46176 | Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow ... | | |
| CVE-2025-44998 | A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileM... | | |
| CVE-2025-32813 | An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection ca... | | |
| CVE-2024-54188 | Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitra... | | |
| CVE-2024-51102 | PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL i... | | |
| CVE-2025-44176 | Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.... | E | |
| CVE-2025-47658 | WordPress ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.7 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-45858 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2025-3757 | Authentication Bypass in OpenPubKey | | |
| CVE-2025-45863 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr par... | E | |
| CVE-2024-13382 | Calculated Fields Form < 5.2.64 - Admin+ Stored XSS | E | |
| CVE-2024-13729 | Podlove Podcast Publisher < 4.1.24 - Admin+ Stored XSS | E | |
| CVE-2024-13730 | Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS | E | |
| CVE-2025-46400 | Xfig: fig2dev segmentation fault in read_arcobject | | |
| CVE-2025-46399 | Xfig: fig2dev segmentation fault in genge_itp_spline | | |
| CVE-2022-3559 | Exim Regex use after free | S | |
| CVE-2022-3620 | Exim DMARC dmarc.c dmarc_dns_lookup use after free | S | |
| CVE-2025-46398 | Xfig: fig2dev stack-overflow via read_objects | | |
| CVE-2025-46397 | Xfig: fig2dev stack-overflow | | |
| CVE-2012-4691 | Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attacke... | | |
| CVE-2012-3040 | Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x throu... | | |
| CVE-2012-3037 | The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROL... | | |
| CVE-2023-34873 | On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature d... | | |
| CVE-2025-4540 | MTSoftware C-Lodop CLodopPrintService unquoted search path | E | |
| CVE-2025-24917 | Improper Access Control leads to Local Privilege Escalation | S | |
| CVE-2024-12586 | Chalet Montagne Com Tools <= 2.7.8 - Reflected XSS | E | |
| CVE-2025-25523 | Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of... | | |
| CVE-2017-7957 | XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to creat... | | |
| CVE-2016-3674 | Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDr... | | |
| CVE-2025-24607 | WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability | S | |
| CVE-2025-22284 | WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-22289 | WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability | S | |
| CVE-2025-26767 | WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2021-21350 | XStream is vulnerable to an Arbitrary Code Execution attack | E S | |
| CVE-2021-21349 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | E S | |
| CVE-2021-21348 | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) | S | |
| CVE-2021-21347 | XStream is vulnerable to an Arbitrary Code Execution attack | E S | |
| CVE-2025-0924 | WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting | S | |
| CVE-2021-21346 | XStream is vulnerable to an Arbitrary Code Execution attack | E S | |
| CVE-2021-21345 | XStream is vulnerable to a Remote Command Execution attack | E S | |
| CVE-2021-21344 | XStream is vulnerable to an Arbitrary Code Execution attack | E S | |
| CVE-2024-13626 | VR Frases <= 3.0.1 - Reflected XSS | E | |
| CVE-2021-21343 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights | E S | |
| CVE-2021-21342 | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | E S | |
| CVE-2021-21341 | XStream can cause a Denial of Service | E S | |
| CVE-2024-13627 | WP Touch Slider <= 2.2 - Reflected XSS | E | |
| CVE-2021-21351 | XStream is vulnerable to an Arbitrary Code Execution attack | E S | |
| CVE-2025-47678 | WordPress FunnelCockpit plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-13356 | DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion | S | |
| CVE-2024-13733 | SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2025-24804 | Partial Denial of Service (DoS) in MobSF | E S | |
| CVE-2025-32794 | OpenEMR Stored XSS via Patient Name Field in Procedure Orders | E | |
| CVE-2025-47673 | WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-47646 | WordPress PSW Front-end Login & Registration <= 1.13 - Broken Authentication Vulnerability | | |
| CVE-2025-47642 | WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-47641 | WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-47640 | WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - SQL Injection Vulnerability | | |
| CVE-2025-24805 | Local Privilege Escalation in MobSF | E S | |
| CVE-2022-31807 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass inte... | | |
| CVE-2022-31812 | A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected serve... | | |
| CVE-2025-47672 | WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability | | |
| CVE-2013-7285 | Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initiali... | E | |
| CVE-2020-26217 | Remote Code Execution in XStream | E S | |
| CVE-2020-26259 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling | E M |