| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-9651 | shafhasan chatbox chat.php sql injection | E | |
| CVE-2025-9650 | yeqifu carRental AppFileUtils.java removeFileByPath path traversal | E | |
| CVE-2025-9649 | appneta tcpreplay send_packets.c calc_sleep_time divide by zero | E | |
| CVE-2025-9605 | Tenda AC21/AC23 GetParentControlInfo stack-based overflow | E | |
| CVE-2025-55582 | D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog... | | |
| CVE-2025-48979 | An Improper Input Validation in UISP Application could allow a Command Injection by a malicious acto... | | |
| CVE-2025-43284 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono... | | |
| CVE-2025-43268 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43255 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono... | | |
| CVE-2025-43187 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7... | | |
| CVE-2025-40927 | CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw | S | |
| CVE-2025-39247 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow ... | | |
| CVE-2025-39246 | There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allo... | | |
| CVE-2025-39245 | There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an ... | | |
| CVE-2024-54568 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Pa... | | |
| CVE-2024-54554 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15... | | |
| CVE-2024-44271 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may ... | | |
| CVE-2025-9603 | Telesquare TLR-2005KSH internet.cgi command injection | E | |
| CVE-2025-7383 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library | S | |
| CVE-2025-9647 | mtons mblog list cross site scripting | E | |
| CVE-2025-9071 | Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto | | |
| CVE-2025-9646 | O2OA calendarConfig cross site scripting | E | |
| CVE-2025-40708 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2020-27792 | Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c | M | |
| CVE-2025-9645 | itsourcecode Apartment Management System r_all_info.php sql injection | E | |
| CVE-2025-9644 | itsourcecode Apartment Management System bill_setup.php sql injection | E | |
| CVE-2024-0408 | Xorg-x11-server: selinux unlabeled glx pbuffer | M | |
| CVE-2017-12177 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function al... | S | |
| CVE-2017-13723 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X... | | |
| CVE-2014-8097 | The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and ... | S | |
| CVE-2023-6816 | Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer | M | |
| CVE-2017-12181 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malici... | S | |
| CVE-2014-8099 | The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Serve... | S | |
| CVE-2020-14347 | A flaw was found in the way xserver memory was not properly initialized. This could leak parts of se... | S | |
| CVE-2017-12182 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malici... | S | |
| CVE-2014-8095 | The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and... | S | |
| CVE-2014-8098 | The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (ak... | S | |
| CVE-2017-12185 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing m... | S | |
| CVE-2017-2624 | It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT co... | E S | |
| CVE-2017-13721 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X serve... | | |
| CVE-2014-8102 | The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X... | S | |
| CVE-2014-8100 | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Serve... | S | |
| CVE-2020-14362 | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap... | S | |
| CVE-2017-10972 | Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017... | S | |
| CVE-2014-8096 | The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) ... | S | |
| CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left... | | |
| CVE-2014-8091 | X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.... | S | |
| CVE-2017-12178 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowin... | S | |
| CVE-2024-0409 | Xorg-x11-server: selinux context corruption | M | |
| CVE-2022-2319 | A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGe... | S | |
| CVE-2014-8101 | The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server... | S | |
| CVE-2014-8103 | X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authent... | S | |
| CVE-2017-12179 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer f... | S | |
| CVE-2017-12186 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicio... | E S | |
| CVE-2017-12187 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X... | S | |
| CVE-2015-3164 | The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authen... | | |
| CVE-2014-8092 | Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserv... | S | |
| CVE-2020-14361 | A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap... | S | |
| CVE-2017-12184 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious... | S | |
| CVE-2017-12180 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing mal... | S | |
| CVE-2014-8094 | Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserv... | S | |
| CVE-2017-12183 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X... | S | |
| CVE-2018-14665 | A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and... | E S | |
| CVE-2015-0255 | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote atta... | S | |
| CVE-2014-8093 | Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X)... | S | |
| CVE-2020-14346 | A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension pro... | S | |
| CVE-2023-1393 | A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escala... | S | |
| CVE-2017-10971 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute... | | |
| CVE-2017-12176 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection functio... | S | |
| CVE-2015-3418 | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.1... | | |
| CVE-2022-2320 | A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetD... | S | |
| CVE-2025-9643 | itsourcecode Apartment Management System utility_bill_setup.php sql injection | E | |
| CVE-2025-9610 | code-projects Online Event Judging System create_account.php sql injection | E | |
| CVE-2025-9609 | Portabilis i-Educar consulta improper authorization | E | |
| CVE-2025-9608 | Portabilis i-Educar Formula de Cálculo de Média view sql injection | E | |
| CVE-2025-9607 | Portabilis i-Educar Tabelas de Arredondamento view sql injection | E | |
| CVE-2025-9596 | itsourcecode Sports Management System login.php sql injection | E | |
| CVE-2025-6203 | Vault unauthenticated denial of service through complex json payload | | |
| CVE-2025-9604 | coze-studio aes.go hard-coded key | S | |
| CVE-2025-9595 | code-projects Student Information Management System login.php cross site scripting | E | |
| CVE-2025-9594 | itsourcecode Apartment Management System complain_info.php sql injection | E | |
| CVE-2025-9593 | itsourcecode Apartment Management System unit_status_info.php sql injection | E | |
| CVE-2025-9591 | ZrLog Theme Configuration Form config cross site scripting | E | |
| CVE-2025-9590 | Weaver E-Mobile Mobile Management Platform cross site scripting | E | |
| CVE-2025-9586 | Comfast CF-N1 webmgnt wireless_device_dissoc command injection | E | |
| CVE-2025-9585 | Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection | E | |
| CVE-2025-8857 | Changing|Clinic Image System - Use of Hard-coded Credentials | S | |
| CVE-2025-8861 | Changing|TSA - Missing Authentication | S | |
| CVE-2025-58062 | LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow | | |
| CVE-2025-58061 | OpenEBS Local PV RawFile persistent volume data is world readable | | |
| CVE-2025-58058 | github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives | | |
| CVE-2025-9606 | Portabilis i-Educar agenda_preferencias.php sql injection | E | |
| CVE-2020-17144 | Microsoft Exchange Remote Code Execution Vulnerability | KEV S | |
| CVE-2025-57819 | FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE | | |
| CVE-2025-40709 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40707 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40706 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40705 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40704 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40703 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40702 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2020-25720 | Samba: check attribute access rights for ldap adds of computers | M | |
| CVE-2025-7071 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library | S | |
| CVE-2025-53507 | Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulne... | | |
| CVE-2025-53508 | Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploite... | | |
| CVE-2025-8147 | LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function | | |
| CVE-2025-9374 | Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery | | |
| CVE-2025-8619 | OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL | | |
| CVE-2025-8290 | List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter | | |
| CVE-2025-9441 | iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter | | |
| CVE-2025-54777 | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is import... | | |
| CVE-2025-4643 | Lack of JWT Expiration after Log Out in PayloadCMS | | |
| CVE-2025-4644 | User Session Fixation after Account Removal in PayloadCMS | | |
| CVE-2024-13342 | Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload | | |
| CVE-2025-9217 | Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' | | |
| CVE-2025-9236 | Portabilis i-Educar Tipos de usuàrio educar_tipo_usuario_lst.php sql injection | E | |
| CVE-2025-8150 | Events Addon for Elementor <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets | | |
| CVE-2024-13987 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2025-3931 | Yggdrasil: local privilege escalation in yggdrasil | M | |
| CVE-2025-9639 | Ai3|QbiCRMGateway - Arbitrary File Reading through Path Traversal | S | |
| CVE-2025-9619 | E4 Sistemas Mercatus ERP id resource injection | | |
| CVE-2025-8858 | Changing|Clinic Image System - SQL Injection | S | |
| CVE-2025-58334 | In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions... | | |
| CVE-2024-13986 | Nagios XI Authenticated Arbitrary File Upload Path Traversal RCE | E S | |
| CVE-2025-25010 | Kibana privilege escalation via reporting_user role | | |
| CVE-2025-9578 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2025-48963 | Local privilege escalation due to improper soft link handling. The following products are affected: ... | | |
| CVE-2025-34520 | Arcserve UDP < 10.2 Authentication Bypass | S | |
| CVE-2025-34522 | Arcserve UDP < 10.2 Pre-Authentication Heap Overflow | S | |
| CVE-2025-34523 | Arcserve UDP < 10.2 Pre-Authentication Heap Overflow | S | |
| CVE-2025-58323 | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to ... | | |
| CVE-2025-58322 | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to ... | | |
| CVE-2025-24000 | WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability | S | |
| CVE-2025-9602 | Xinhu RockOA index.php publicsaveAjax improper authorization | E | |
| CVE-2025-9601 | itsourcecode Apartment Management System employee_salary_setup.php sql injection | E | |
| CVE-2025-9600 | itsourcecode Apartment Management System member_type_setup.php sql injection | E | |
| CVE-2025-9599 | itsourcecode Apartment Management System month_setup.php sql injection | E | |
| CVE-2025-54142 | Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an enti... | | |
| CVE-2025-9598 | itsourcecode Apartment Management System year_setup.php sql injection | E | |
| CVE-2025-9597 | itsourcecode Apartment Management System rented_all_info.php sql injection | E | |
| CVE-2025-53419 | COMMGR Code Injection Vulnerability | S | |
| CVE-2020-17159 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | S | |
| CVE-2020-17158 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | S | |
| CVE-2020-17156 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2020-17153 | Microsoft Edge for Android Spoofing Vulnerability | S | |
| CVE-2020-17152 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | S | |
| CVE-2020-17150 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2020-17148 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | S | |
| CVE-2020-17147 | Dynamics CRM Webclient Cross-site Scripting Vulnerability | S | |
| CVE-2020-17145 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | S | |
| CVE-2020-17143 | Microsoft Exchange Server Information Disclosure Vulnerability | S | |
| CVE-2020-17142 | Microsoft Exchange Remote Code Execution Vulnerability | S | |
| CVE-2020-17141 | Microsoft Exchange Remote Code Execution Vulnerability | S | |
| CVE-2020-17140 | Windows SMB Information Disclosure Vulnerability | S | |
| CVE-2020-17139 | Windows Overlay Filter Security Feature Bypass Vulnerability | S | |
| CVE-2020-17138 | Windows Error Reporting Information Disclosure Vulnerability | S | |
| CVE-2020-17137 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2020-17136 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2020-17135 | Azure DevOps Server Spoofing Vulnerability | S | |
| CVE-2020-17134 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2020-17133 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | S | |
| CVE-2020-17132 | Microsoft Exchange Remote Code Execution Vulnerability | S | |
| CVE-2020-17131 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2020-17130 | Microsoft Excel Security Feature Bypass Vulnerability | S | |
| CVE-2020-17129 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2020-17128 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2020-17127 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2020-17126 | Microsoft Excel Information Disclosure Vulnerability | S | |
| CVE-2020-17125 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2020-17124 | Microsoft PowerPoint Remote Code Execution Vulnerability | S | |
| CVE-2020-17123 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2020-17122 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2020-17121 | Microsoft SharePoint Remote Code Execution Vulnerability | S | |
| CVE-2020-17120 | Microsoft SharePoint Information Disclosure Vulnerability | S | |
| CVE-2020-17119 | Microsoft Outlook Information Disclosure Vulnerability | S | |
| CVE-2020-17118 | Microsoft SharePoint Remote Code Execution Vulnerability | S | |
| CVE-2020-17117 | Microsoft Exchange Remote Code Execution Vulnerability | S | |
| CVE-2020-17115 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2020-17103 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2020-17099 | Windows Lock Screen Security Feature Bypass Vulnerability | S | |
| CVE-2020-17098 | Windows GDI+ Information Disclosure Vulnerability | S | |
| CVE-2020-17097 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | S | |
| CVE-2020-17096 | Windows NTFS Remote Code Execution Vulnerability | S | |
| CVE-2020-17095 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2020-17094 | Windows Error Reporting Information Disclosure Vulnerability | S | |
| CVE-2020-17092 | Windows Network Connections Service Elevation of Privilege Vulnerability | S | |
| CVE-2020-17089 | Microsoft SharePoint Elevation of Privilege Vulnerability | S | |
| CVE-2020-17002 | Azure SDK for C Security Feature Bypass Vulnerability | S | |
| CVE-2020-16996 | Kerberos Security Feature Bypass Vulnerability | S | |
| CVE-2020-16964 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16963 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16962 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16961 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16960 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16959 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16958 | Windows Backup Engine Elevation of Privilege Vulnerability | S | |
| CVE-2020-16971 | Azure SDK for Java Security Feature Bypass Vulnerability | | |
| CVE-2025-9592 | itsourcecode Apartment Management System bill_info.php sql injection | E | |
| CVE-2025-9589 | Cudy WR1200EA shadow default password | E | |
| CVE-2025-57220 | An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 t... | |