| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-0001 | authenticated arbitrary file read vulnerability | | |
| CVE-2025-0014 | Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to... | | |
| CVE-2025-0015 | Mali GPU Kernel Driver allows improper GPU processing operations | S | |
| CVE-2025-0020 | Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejec... | R | |
| CVE-2025-0035 | Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate p... | | |
| CVE-2025-0036 | In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot... | | |
| CVE-2025-0037 | In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime servic... | | |
| CVE-2025-0049 | Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0 | S | |
| CVE-2025-0050 | Mali GPU Userspace Driver allows an Out-of-Bounds access | S | |
| CVE-2025-0051 | FlashArray DOS Vulnerability | S | |
| CVE-2025-0052 | FlashBlade DOS Vulnerability | S | |
| CVE-2025-0053 | Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | | |
| CVE-2025-0054 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java | | |
| CVE-2025-0055 | Information Disclosure vulnerability in SAP GUI for Windows | | |
| CVE-2025-0056 | Information Disclosure vulnerability in SAP GUI for Java | | |
| CVE-2025-0057 | Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application) | | |
| CVE-2025-0058 | Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow | | |
| CVE-2025-0059 | Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) | | |
| CVE-2025-0060 | Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2025-0061 | Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2025-0062 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | | |
| CVE-2025-0063 | SQL Injection vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | | |
| CVE-2025-0064 | Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console) | | |
| CVE-2025-0065 | Improper Neutralization of Argument Delimiters in TeamViewer Clients | S | |
| CVE-2025-0066 | Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) | | |
| CVE-2025-0067 | Missing Authorization check in SAP NetWeaver Application Server Java | | |
| CVE-2025-0068 | Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP | | |
| CVE-2025-0069 | DLL Hijacking vulnerability in SAPSetup | | |
| CVE-2025-0070 | Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform | | |
| CVE-2025-0071 | Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager | | |
| CVE-2025-0072 | Mali GPU Kernel Driver allows improper GPU memory processing operations | S | |
| CVE-2025-0073 | Mali GPU Kernel Driver allows improper GPU memory processing operations | S | |
| CVE-2025-0101 | WAGO: Year 2038 problem | | |
| CVE-2025-0103 | Expedition: SQL Injection Vulnerability | S | |
| CVE-2025-0104 | Expedition: Cross-Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-0105 | Expedition: Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-0106 | Expedition: Wildcard Expansion Vulnerability | S | |
| CVE-2025-0107 | Expedition: OS Command Injection Vulnerability | S | |
| CVE-2025-0108 | PAN-OS: Authentication Bypass in the Management Web Interface | KEV E S | |
| CVE-2025-0109 | PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface | S | |
| CVE-2025-0110 | PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin | S | |
| CVE-2025-0111 | PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface | KEV S | |
| CVE-2025-0112 | Cortex XDR Agent: Local Windows User Can Disable the Agent | S | |
| CVE-2025-0113 | Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers | S | |
| CVE-2025-0114 | PAN-OS: Denial of Service (DoS) in GlobalProtect | S | |
| CVE-2025-0115 | PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI | S | |
| CVE-2025-0116 | PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame | S | |
| CVE-2025-0117 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | S | |
| CVE-2025-0118 | GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability | S | |
| CVE-2025-0119 | Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM | S | |
| CVE-2025-0120 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | S | |
| CVE-2025-0121 | Cortex XDR Agent: Local Windows User Can Crash the Agent | S | |
| CVE-2025-0122 | Prisma SD-WAN: Denial of Service (DoS) Vulnerability Through Burst of Crafted Packets | S | |
| CVE-2025-0123 | PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures | S | |
| CVE-2025-0124 | PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface | S | |
| CVE-2025-0125 | PAN-OS: Improper Neutralization of Input in the Management Web Interface | S | |
| CVE-2025-0126 | PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login | S | |
| CVE-2025-0127 | PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series | S | |
| CVE-2025-0128 | PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet | S | |
| CVE-2025-0129 | Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser | S | |
| CVE-2025-0130 | PAN-OS: Firewall Denial-of-Service (DoS) in the Web-Proxy Feature via a Burst of Maliciously Crafted Packets | S | |
| CVE-2025-0131 | GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK | S | |
| CVE-2025-0132 | Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services | S | |
| CVE-2025-0133 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal | S | |
| CVE-2025-0134 | Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM | S | |
| CVE-2025-0135 | GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App | S | |
| CVE-2025-0136 | PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices | S | |
| CVE-2025-0137 | PAN-OS: Improper Neutralization of Input in the Management Web Interface | S | |
| CVE-2025-0138 | Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface | S | |
| CVE-2025-0139 | Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability | S | |
| CVE-2025-0140 | GlobalProtect App: Non Admin User Can Disable the GlobalProtect App | S | |
| CVE-2025-0141 | GlobalProtect App: Privilege Escalation (PE) Vulnerability | S | |
| CVE-2025-0142 | Zoom Jenkins Marketplace plugin - Cleartext Storage of Sensitive Information | | |
| CVE-2025-0143 | Zoom Workplace Apps for Linux - Out-of-bounds Write | | |
| CVE-2025-0144 | Zoom Workplace Apps - Out-of-bounds Write | | |
| CVE-2025-0145 | Zoom Workplace Apps for Windows - Untrusted Search Path | | |
| CVE-2025-0146 | Zoom Workplace app for macOS - Symlink Following | | |
| CVE-2025-0147 | Zoom Workplace App for Linux - Type Confusion | | |
| CVE-2025-0148 | Zoom Jenkins Marketplace plugin - Missing Password Field Masking | | |
| CVE-2025-0149 | Zoom Apps - Insufficient Verification of Data Authenticity | | |
| CVE-2025-0150 | Zoom Workplace Apps for iOS - Incorrect Behavior Order | | |
| CVE-2025-0151 | Zoom Apps - Use After Free | | |
| CVE-2025-0154 | IBM TXSeries for Multiplatforms information disclosure | | |
| CVE-2025-0158 | IBM EntireX denial of service | | |
| CVE-2025-0159 | IBM FlashSystem authentication bypass | | |
| CVE-2025-0160 | IBM FlashSystem code execution | | |
| CVE-2025-0161 | IBM Security Verify Access Appliance code injection | | |
| CVE-2025-0162 | IBM Aspera Shares XML external entity injection | | |
| CVE-2025-0163 | IBM Security Verify Access information disclosure | S | |
| CVE-2025-0167 | netrc and default credential leak | E | |
| CVE-2025-0168 | code-projects Job Recruitment _feedback_system.php sql injection | E | |
| CVE-2025-0169 | DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2025-0170 | DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting | | |
| CVE-2025-0171 | code-projects Chat System deleteuser.php sql injection | E | |
| CVE-2025-0172 | code-projects Chat System deleteroom.php sql injection | E | |
| CVE-2025-0173 | SourceCodester Online Eyewear Shop view_order.php sql injection | E | |
| CVE-2025-0174 | code-projects Point of Sales and Inventory Management System Parameter search_result2.php sql injection | E | |
| CVE-2025-0175 | code-projects Online Shop view.php cross site scripting | E | |
| CVE-2025-0176 | code-projects Point of Sales and Inventory Management System add_cart.php sql injection | E | |
| CVE-2025-0177 | Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup | | |
| CVE-2025-0178 | WatchGaurd Firebox Host Header Injection Vulnerability | | |
| CVE-2025-0180 | WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation | | |
| CVE-2025-0181 | WP Foodbakery <= 4.7 - Authentication Bypass in foodbakery_parse_request | | |
| CVE-2025-0182 | Denial of Service in danswer-ai/danswer | | |
| CVE-2025-0183 | Stored XSS in binary-husky/gpt_academic | | |
| CVE-2025-0184 | Server-Side Request Forgery (SSRF) in langgenius/dify | | |
| CVE-2025-0185 | Pandas Query Injection in langgenius/dify | E | |
| CVE-2025-0187 | Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio | | |
| CVE-2025-0188 | SSRF in gaizhenbiao/chuanhuchatgpt | E | |
| CVE-2025-0189 | Denial of Service in aimhubio/aim | E | |
| CVE-2025-0190 | Denial of Service in aimhubio/aim | E | |
| CVE-2025-0191 | Denial of Service in gaizhenbiao/chuanhuchatgpt | E | |
| CVE-2025-0192 | Stored Cross-site Scripting (XSS) in wandb/openui | | |
| CVE-2025-0193 | Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series | S | |
| CVE-2025-0194 | Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab | E S | |
| CVE-2025-0195 | code-projects Point of Sales and Inventory Management System del_product.php sql injection | E | |
| CVE-2025-0196 | code-projects Point of Sales and Inventory Management System plist.php sql injection | E | |
| CVE-2025-0197 | code-projects Point of Sales and Inventory Management System search.php sql injection | E | |
| CVE-2025-0198 | code-projects Point of Sales and Inventory Management System search_result.php sql injection | E | |
| CVE-2025-0199 | code-projects Point of Sales and Inventory Management System minus_cart.php sql injection | E | |
| CVE-2025-0200 | code-projects Point of Sales and Inventory Management System search_num.php sql injection | E | |
| CVE-2025-0201 | code-projects Point of Sales and Inventory Management System update_account.php sql injection | E | |
| CVE-2025-0202 | TCS BaNCS REPORTS_SHOW_FILE.jsp file inclusion | | |
| CVE-2025-0203 | code-projects Student Management System DbFunction.php showSubject1 sql injection | E | |
| CVE-2025-0204 | code-projects Online Shoe Store details.php sql injection | E | |
| CVE-2025-0205 | code-projects Online Shoe Store details2.php sql injection | E | |
| CVE-2025-0206 | code-projects Online Shoe Store index.php access control | E | |
| CVE-2025-0207 | code-projects Online Shoe Store login.php sql injection | E | |
| CVE-2025-0208 | code-projects Online Shoe Store summary.php sql injection | E | |
| CVE-2025-0210 | Campcodes School Faculty Scheduling System ajax.php sql injection | E | |
| CVE-2025-0211 | Campcodes School Faculty Scheduling System index.php file inclusion | E | |
| CVE-2025-0212 | Campcodes Student Grading System view_students.php sql injection | E | |
| CVE-2025-0213 | Campcodes Project Management System update_forms.php unrestricted upload | E | |
| CVE-2025-0214 | TMD Custom Header Menu index.php sql injection | E | |
| CVE-2025-0215 | UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting | | |
| CVE-2025-0217 | Privileged Remote Access Authentication Bypass | | |
| CVE-2025-0218 | pgAgent scheduled batch job scripts are created in a predictable temporary directory potentially allowing a denial of service | S | |
| CVE-2025-0219 | Trimble SPS851 Receiver Status Identity Tab cross site scripting | | |
| CVE-2025-0220 | Trimble SPS851 Ethernet Configuration Menu cross site scripting | | |
| CVE-2025-0221 | IOBit Protected Folder IOCTL pffilter.sys 0x22200c null pointer dereference | E | |
| CVE-2025-0222 | IObit Protected Folder IOCTL IUProcessFilter.sys 0x8001E004 null pointer dereference | E | |
| CVE-2025-0223 | IObit Protected Folder IOCTL IURegistryFilter.sys 0x8001E010 null pointer dereference | E | |
| CVE-2025-0224 | Provision-ISR SH-4050A-2 server.js information disclosure | E | |
| CVE-2025-0225 | Tsinghua Unigroup Electronic Archives System exampleDownload.html path traversal | E | |
| CVE-2025-0226 | Tsinghua Unigroup Electronic Archives System downLoad.html download information disclosure | E | |
| CVE-2025-0227 | Tsinghua Unigroup Electronic Archives System downLoad.html information disclosure | E | |
| CVE-2025-0228 | code-projects Local Storage Todo App index.html cross site scripting | | |
| CVE-2025-0229 | code-projects Travel Management System enquiry.php sql injection | E | |
| CVE-2025-0230 | code-projects Responsive Hotel Site print.php sql injection | E | |
| CVE-2025-0231 | Codezips Gym Management System submit_payments.php sql injection | E | |
| CVE-2025-0232 | Codezips Blood Bank Management System successadmin.php sql injection | E | |
| CVE-2025-0233 | Codezips Project Management System course.php sql injection | E | |
| CVE-2025-0234 | Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Gen... | | |
| CVE-2025-0235 | Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4... | | |
| CVE-2025-0236 | Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Dr... | | |
| CVE-2025-0237 | The WebChannel API, which is used to transport various information across processes, did not check t... | | |
| CVE-2025-0238 | Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, lead... | | |
| CVE-2025-0239 | When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirect... | | |
| CVE-2025-0240 | Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access,... | | |
| CVE-2025-0241 | When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially e... | | |
| CVE-2025-0242 | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, T... | | |
| CVE-2025-0243 | Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5... | | |
| CVE-2025-0244 | When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: Thi... | | |
| CVE-2025-0245 | Under certain circumstances, a user opt-in setting that Focus should require authentication before u... | | |
| CVE-2025-0246 | When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue o... | | |
| CVE-2025-0247 | Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of... | | |
| CVE-2025-0254 | HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. | | |
| CVE-2025-0255 | HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability | | |
| CVE-2025-0256 | HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure | | |
| CVE-2025-0257 | HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services | | |
| CVE-2025-0272 | HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability | | |
| CVE-2025-0273 | HCL DevOps Deploy / HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability | | |
| CVE-2025-0278 | An internal path disclosure vulnerability affects HCL Traveler | | |
| CVE-2025-0279 | HCL Traveler is affected by generation of error messages containing sensitive information | | |
| CVE-2025-0281 | Stored Cross-Site Scripting (XSS) in lunary-ai/lunary | E S | |
| CVE-2025-0282 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure... | KEV E | |
| CVE-2025-0283 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure... | | |
| CVE-2025-0285 | CVE-2025-0285 | | |
| CVE-2025-0286 | CVE-2025-0286 | | |
| CVE-2025-0287 | CVE-2025-0287 | | |
| CVE-2025-0288 | CVE-2025-0288 | | |
| CVE-2025-0289 | CVE-2025-0289 | | |
| CVE-2025-0290 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab | S | |
| CVE-2025-0291 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute a... | | |
| CVE-2025-0292 | SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1... | | |
| CVE-2025-0293 | CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before vers... | | |
| CVE-2025-0294 | SourceCodester Home Clean Services Management System process.php sql injection | E | |
| CVE-2025-0295 | code-projects Online Book Shop booklist.php cross site scripting | E | |
| CVE-2025-0296 | code-projects Online Book Shop booklist.php sql injection | E | |
| CVE-2025-0297 | code-projects Online Book Shop detail.php sql injection | E | |
| CVE-2025-0298 | code-projects Online Book Shop process_login.php sql injection | E | |
| CVE-2025-0299 | code-projects Online Book Shop search_result.php sql injection | E | |
| CVE-2025-0300 | code-projects Online Book Shop subcat.php sql injection | E | |
| CVE-2025-0301 | code-projects Online Book Shop subcat.php cross site scripting | E | |
| CVE-2025-0302 | Liteos_a has an integer overflow read vulnerability | | |
| CVE-2025-0303 | Liteos_a has a buffer overflow vulnerability | | |
| CVE-2025-0304 | Liteos_a has an use after free vulnerability | | |
| CVE-2025-0305 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0306 | Ruby: openssl: ruby marvin attack | M | |
| CVE-2025-0307 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0308 | Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection | | |
| CVE-2025-0311 | Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget | S | |
| CVE-2025-0312 | NULL Pointer Dereference in ollama/ollama | E | |
| CVE-2025-0313 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ... | R | |
| CVE-2025-0314 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | E S | |
| CVE-2025-0315 | Allocation of Resources Without Limits or Throttling in ollama/ollama | E | |
| CVE-2025-0316 | WP Directorybox Manager <= 2.5 - Authentication Bypass | | |
| CVE-2025-0317 | Divide By Zero in ollama/ollama | E | |
| CVE-2025-0318 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure | | |
| CVE-2025-0320 | Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges | | |
| CVE-2025-0321 | ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter | | |
| CVE-2025-0324 | The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged... | | |
| CVE-2025-0325 | A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, ... | | |
| CVE-2025-0327 | CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing ... | | |
| CVE-2025-0328 | KaiYuanTong ECT Platform HTTP POST Request runCode.php command injection | E | |
| CVE-2025-0329 | AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS | E | |
| CVE-2025-0330 | Exposure of Sensitive Information in berriai/litellm | | |
| CVE-2025-0331 | YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery | E | |
| CVE-2025-0332 | Progress UI for WinForms decompression path traversal vulnerability | | |
| CVE-2025-0333 | leiyuxi cy-fast listData sql injection | E | |
| CVE-2025-0334 | leiyuxi cy-fast listData sql injection | E | |
| CVE-2025-0335 | code-projects Online Bike Rental System Change Image unrestricted upload | E | |
| CVE-2025-0336 | Codezips Project Management System teacher.php sql injection | E M | |
| CVE-2025-0337 | Authorization bypass in Now Platform | | |
| CVE-2025-0339 | code-projects Online Bike Rental HTTP GET Request vehical-details.php cross site scripting | E | |
| CVE-2025-0340 | code-projects Cinema Seat Reservation System deleteBooking.php sql injection | | |
| CVE-2025-0341 | CampCodes Computer Laboratory Management System edit unrestricted upload | E | |
| CVE-2025-0342 | CampCodes Computer Laboratory Management System edit cross site scripting | E | |
| CVE-2025-0343 | Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused ... | | |
| CVE-2025-0344 | leiyuxi cy-fast listData sql injection | E | |
| CVE-2025-0345 | leiyuxi cy-fast listData sql injection | E | |
| CVE-2025-0346 | code-projects Content Management System Publish News Page publishnews.php unrestricted upload | E | |
| CVE-2025-0347 | code-projects Admission Management System Login index.php sql injection | E | |
| CVE-2025-0348 | CampCodes DepEd Equipment Inventory System add_employee.php cross site scripting | E | |
| CVE-2025-0349 | Tenda AC6 GetParentControlInfo stack-based overflow | E | |
| CVE-2025-0350 | Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets | S | |
| CVE-2025-0352 | Rapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-0353 | Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | | |
| CVE-2025-0354 | Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP... | | |
| CVE-2025-0355 | Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7... | | |
| CVE-2025-0356 | NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a att... | | |
| CVE-2025-0357 | WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload | | |
| CVE-2025-0358 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a fl... | | |
| CVE-2025-0359 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a fl... | | |
| CVE-2025-0360 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a fl... | | |
| CVE-2025-0361 | During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a f... | | |
| CVE-2025-0362 | Improper Restriction of Rendered UI Layers or Frames in GitLab | E S | |
| CVE-2025-0364 | BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE | E | |
| CVE-2025-0365 | Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read | S | |
| CVE-2025-0366 | Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) | S | |
| CVE-2025-0367 | Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch) | | |
| CVE-2025-0368 | Banner Garden Plugin for WordPress <= 0.1.3 - Reflected XSS | E | |
| CVE-2025-0369 | Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter | | |
| CVE-2025-0370 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter | S | |
| CVE-2025-0371 | Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | | |
| CVE-2025-0372 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerab... | | |
| CVE-2025-0373 | Buffer overflow in some filesystems via NFS | | |
| CVE-2025-0374 | Unprivileged access to system files | | |
| CVE-2025-0376 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | E S | |
| CVE-2025-0377 | HashiCorp go-slug Vulnerable to Zip Slip Attack | | |
| CVE-2025-0390 | Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal | E | |
| CVE-2025-0391 | Guangzhou Huayi Intelligent Technology Jeewms CgFormBuildController. java saveOrUpdate sql injection | E | |
| CVE-2025-0392 | Guangzhou Huayi Intelligent Technology Jeewms graphReportController.do datagridGraph sql injection | E | |
| CVE-2025-0393 | Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Stored Cross-Site Scripting | S | |
| CVE-2025-0394 | Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function | | |
| CVE-2025-0395 | When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate en... | | |
| CVE-2025-0396 | exelban stats XPC Service shouldAcceptNewConnection command injection | S | |
| CVE-2025-0397 | reckcn SPPanAdmin edit cross site scripting | E | |
| CVE-2025-0398 | longpi1 warehouse Backend updateInport cross site scripting | E | |
| CVE-2025-0399 | StarSea99 starsea-mall uploadController.java UploadController unrestricted upload | E | |
| CVE-2025-0400 | StarSea99 starsea-mall update cross site scripting | E | |
| CVE-2025-0401 | 1902756969 reggie CommonController.java download path traversal | E | |
| CVE-2025-0402 | 1902756969 reggie CommonController.java upload unrestricted upload | E | |
| CVE-2025-0403 | 1902756969 reggie Phone Number Validation sendMsg information disclosure | E | |
| CVE-2025-0404 | liujianview gymxmjpa CoachController.java CoachController sql injection | E | |
| CVE-2025-0405 | liujianview gymxmjpa GoodsController.java GoodsDaoImpl sql injection | E | |
| CVE-2025-0406 | liujianview gymxmjpa SubjectController.java SubjectDaoImpl sql injection | E | |
| CVE-2025-0407 | liujianview gymxmjpa EquipmentController.java EquipmentDaoImpl sql injection | E | |
| CVE-2025-0408 | liujianview gymxmjpa LoosController.java LoosDaoImpl sql injection | E | |
| CVE-2025-0409 | liujianview gymxmjpa MembertypeController.java MembertypeDaoImpl sql injection | E | |
| CVE-2025-0410 | liujianview gymxmjpa MenberConntroller.java MenberDaoInpl sql injection | E | |
| CVE-2025-0411 | 7-Zip Mark-of-the-Web Bypass Vulnerability | KEV M | |
| CVE-2025-0412 | Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2025-0413 | Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability | | |
| CVE-2025-0415 | Command Injection in NTP Setting | S | |
| CVE-2025-0416 | Valmet DNA Local privilege escalation through insecure DCOM configuration | S | |
| CVE-2025-0417 | Valmet DNA Lack of protection against brute force attacks | S | |
| CVE-2025-0418 | Valmet DNA user passwords in plain text | S | |
| CVE-2025-0422 | Authenticated Remote Code Execution via ScriptVar | | |
| CVE-2025-0423 | Multiple Unauthenticated Stored Cross-Site Scripting | | |
| CVE-2025-0424 | Multiple Authenticated Stored Cross-Site Scripting | | |
| CVE-2025-0425 | Local Privilege Escalation via Config Manipulation | | |
| CVE-2025-0426 | A security issue was discovered in Kubernetes where a large number of container checkpoint requests ... | | |
| CVE-2025-0427 | Mali GPU Kernel Driver allows access to already freed memory | S | |
| CVE-2025-0428 | AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts | S | |
| CVE-2025-0429 | AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms | S | |
| CVE-2025-0430 | Belledonne Communications Linphone-Desktop NULL Pointer Dereference | S | |
| CVE-2025-0431 | Enterprise Protection Backslash URL Rewrite Bypass | | |
| CVE-2025-0432 | HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information | M | |
| CVE-2025-0433 | Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | S | |
| CVE-2025-0434 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker ... | E | |
| CVE-2025-0435 | Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowe... | E | |
| CVE-2025-0436 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potent... | E | |
| CVE-2025-0437 | Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to p... | | |
| CVE-2025-0438 | Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker t... | | |
| CVE-2025-0439 | Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a use... | E | |
| CVE-2025-0440 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowe... | E | |
| CVE-2025-0441 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remo... | E | |
| CVE-2025-0442 | Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote at... | E | |
| CVE-2025-0443 | Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote ... | E | |
| CVE-2025-0444 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentia... | | |
| CVE-2025-0445 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentiall... | | |
| CVE-2025-0446 | Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote ... | | |
| CVE-2025-0447 | Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote ... | E | |
| CVE-2025-0448 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote... | E | |
| CVE-2025-0450 | Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS | | |
| CVE-2025-0451 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a rem... | | |
| CVE-2025-0452 | Arbitrary File Deletion in eosphoros-ai/DB-GPT | | |
| CVE-2025-0453 | Denial of Service through Batched Queries in GraphQL in mlflow/mlflow | E | |
| CVE-2025-0454 | SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt | | |
| CVE-2025-0455 | NetVision Information airPASS - SQL injection | S | |
| CVE-2025-0456 | NetVision Information airPASS - Missing Authentication | S | |
| CVE-2025-0457 | NetVision Information airPASS - OS Command Injection | S | |
| CVE-2025-0458 | Virtual Computer Vysual RH Solution Login Panel index.php cross site scripting | | |
| CVE-2025-0459 | libretro RetroArch Startup profapi.dll untrusted search path | | |
| CVE-2025-0460 | Blog Botz for Journal Theme blog_add unrestricted upload | E | |
| CVE-2025-0461 | Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal | E | |
| CVE-2025-0462 | Shanghai Lingdang Information Technology Lingdang CRM index.php sql injection | E | |
| CVE-2025-0463 | Shanghai Lingdang Information Technology Lingdang CRM index.php unrestricted upload | E | |
| CVE-2025-0464 | SourceCodester Task Reminder System Maintenance Section cross site scripting | E | |
| CVE-2025-0465 | AquilaCMS categories deserialization | E | |
| CVE-2025-0466 | Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure | E | |
| CVE-2025-0467 | GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write | | |
| CVE-2025-0468 | GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA) | | |
| CVE-2025-0469 | Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-0470 | Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter | S | |
| CVE-2025-0471 | Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform | | |
| CVE-2025-0472 | Information exposure vulnerability in PMB platform | | |
| CVE-2025-0473 | Incomplete Cleanup vulnerability in PMB platform | | |
| CVE-2025-0474 | Invoice Ninja PDF Rendering Server Side Request Forgery | S | |
| CVE-2025-0475 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | E S | |
| CVE-2025-0476 | Mobile crash via file with specially crafted filename | S | |
| CVE-2025-0477 | Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability | S | |
| CVE-2025-0478 | GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object | | |
| CVE-2025-0479 | Security Misconfiguration Vulnerability in CP Plus Router | S | |
| CVE-2025-0480 | wuzhicms config.php test server-side request forgery | E | |
| CVE-2025-0481 | D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure | E | |
| CVE-2025-0482 | Fanli2012 native-php-cms user_recoverpwd.php default credentials | E | |
| CVE-2025-0483 | Fanli2012 native-php-cms jump.php cross site scripting | E | |
| CVE-2025-0484 | Fanli2012 native-php-cms Backend sysconfig_doedit.php improper authorization | E | |
| CVE-2025-0485 | Fanli2012 native-php-cms sysconfig_doedit.php cross site scripting | E | |
| CVE-2025-0486 | Fanli2012 native-php-cms login.php sql injection | E | |
| CVE-2025-0487 | Fanli2012 native-php-cms cat_edit.php sql injection | E | |
| CVE-2025-0488 | Fanli2012 native-php-cms product_list.php sql injection | E | |
| CVE-2025-0489 | Fanli2012 native-php-cms friendlink_dodel.php sql injection | E | |
| CVE-2025-0490 | Fanli2012 native-php-cms article_dodel.php sql injection | E | |
| CVE-2025-0491 | Fanli2012 native-php-cms cat_dodel.php sql injection | E | |
| CVE-2025-0492 | D-Link DIR-823X FUN_00412244 null pointer dereference | E | |
| CVE-2025-0493 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion | | |
| CVE-2025-0495 | Secrets leakage to telemetry endpoint via cache backend configuration via buildx | | |
| CVE-2025-0497 | Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability | S | |
| CVE-2025-0498 | Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability | S | |
| CVE-2025-0499 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0500 | Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients | | |
| CVE-2025-0501 | Issue affecting Amazon WorkSpaces Clients (when running PCoIP protocol) | | |
| CVE-2025-0502 | Transmission of Private Resources into a New Sphere in Crafter Engine | M | |
| CVE-2025-0503 | Leaked User IDs and Metadata of Deleted DMs | S | |
| CVE-2025-0505 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state | S | |
| CVE-2025-0506 | Rise Blocks – A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleTag Parameter | | |
| CVE-2025-0507 | Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2025-0508 | MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk | | |
| CVE-2025-0509 | Signing Checks Bypass | | |
| CVE-2025-0510 | Thunderbird displayed an incorrect sender address if the From field of an email used the invalid gro... | | |
| CVE-2025-0511 | Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter | S | |
| CVE-2025-0512 | Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode | S | |
| CVE-2025-0513 | In affected versions of Octopus Server error messages were handled unsafely on the error page. If an... | | |
| CVE-2025-0514 | Executable hyperlink Windows path targets executed unconditionally on activation | | |
| CVE-2025-0515 | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update | | |
| CVE-2025-0516 | Incorrect Authorization in GitLab | E S | |
| CVE-2025-0517 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0518 | Unchecked sscanf return value which leads to memory data leak | | |
| CVE-2025-0520 | ShowDoc Unauthenticated File Upload Remote Code Execution | E S | |
| CVE-2025-0521 | Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting | S | |
| CVE-2025-0522 | LikeBot – Decentralized like-system <= 0.85 - Admin+ Stored XSS via CSRF | E | |
| CVE-2025-0524 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0525 | In affected versions of Octopus Server the preview import feature could be leveraged to identify the... | | |
| CVE-2025-0526 | In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on th... | | |
| CVE-2025-0527 | code-projects Admission Management System signupconfirm.php sql injection | E | |
| CVE-2025-0528 | Tenda AC8/AC10/AC18 HTTP Request telnet command injection | E | |
| CVE-2025-0529 | code-projects Train Ticket Reservation System Login Form stack-based overflow | E | |
| CVE-2025-0530 | code-projects Job Recruitment _feedback_system.php cross site scripting | E | |
| CVE-2025-0531 | code-projects Chat System leaveroom.php sql injection | E | |
| CVE-2025-0532 | Codezips Gym Management System new_submit.php sql injection | E | |
| CVE-2025-0533 | 1000 Projects Campaign Management System Platform for Women sc_login.php sql injection | E | |
| CVE-2025-0534 | 1000 Projects Campaign Management System Platform for Women loginnew.php sql injection | E | |
| CVE-2025-0535 | Codezips Gym Management System edit_mem_submit.php sql injection | E | |
| CVE-2025-0536 | 1000 Projects Attendance Tracking Management System edit_action.php sql injection | E | |
| CVE-2025-0537 | code-projects Car Rental Management System manage-pages.php cross site scripting | E | |
| CVE-2025-0538 | code-projects Tourism Management System manage-pages.php cross site scripting | E | |
| CVE-2025-0539 | In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending ser... | | |
| CVE-2025-0540 | itsourcecode Tailoring Management System expadd.php sql injection | E | |
| CVE-2025-0541 | Codezips Gym Management System edit_member.php sql injection | E | |
| CVE-2025-0542 | G DATA Management Server Local privilege escalation | | |
| CVE-2025-0543 | G DATA Security Client Local privilege escalation | | |
| CVE-2025-0545 | XSS in Tekrom Technology's T-Soft E-Commerce | | |
| CVE-2025-0549 | Authentication Bypass Using an Alternate Path or Channel in GitLab | E S | |
| CVE-2025-0554 | Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name | S | |
| CVE-2025-0555 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | E S | |
| CVE-2025-0556 | Telerik Report Server Clear Text Transmission of Agent Commands | | |
| CVE-2025-0557 | Hyland Alfresco Community Edition URL s cross site scripting | | |
| CVE-2025-0558 | TDuckCloud tduck-platform QueryProThemeRequest.java QueryProThemeRequest sql injection | E | |
| CVE-2025-0559 | Campcodes School Management Software Create Id Card Page create-id-card cross site scripting | E | |
| CVE-2025-0560 | CampCodes School Management Software Photo Gallery Page photo-gallery cross site scripting | E | |
| CVE-2025-0561 | itsourcecode Farm Management System add-pig.php sql injection | E | |
| CVE-2025-0562 | Codezips Gym Management System health_status_entry.php sql injection | E | |
| CVE-2025-0563 | code-projects Fantasy-Cricket update.php sql injection | E | |
| CVE-2025-0564 | code-projects Fantasy-Cricket authenticate.php sql injection | E | |
| CVE-2025-0565 | ZZCMS index.php sql injection | E | |
| CVE-2025-0566 | Tenda AC15 SetDevNetName formSetDevNetName stack-based overflow | E | |
| CVE-2025-0567 | Epic Games Launcher Installer profapi.dll untrusted search path | | |
| CVE-2025-0568 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability | | |
| CVE-2025-0569 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability | | |
| CVE-2025-0570 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability | | |
| CVE-2025-0571 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability | | |
| CVE-2025-0572 | Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability | | |
| CVE-2025-0573 | Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability | | |
| CVE-2025-0574 | Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability | | |
| CVE-2025-0575 | Union Bank of India Vyom Rooting Detection protection mechanism | E | |
| CVE-2025-0576 | Mobotix M15 player cross site scripting | | |
| CVE-2025-0578 | Facile Sistemas Cloud Apps Password Reset forgotpassword cross site scripting | | |
| CVE-2025-0579 | Shiprocket Module REST API Module restapi sql injection | E | |
| CVE-2025-0580 | Shiprocket Module REST API Module rest_api authorization | E | |
| CVE-2025-0581 | CampCodes School Management Software Chat History send cross site scripting | E | |
| CVE-2025-0582 | itsourcecode Farm Management System add-pig.php unrestricted upload | E | |
| CVE-2025-0583 | aEnrich Technology a+HRD - Reflected Cross-site Scripting(XSS) | S | |
| CVE-2025-0584 | aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF) | S | |
| CVE-2025-0585 | aEnrich Technology a+HRD - SQL Injection | S | |
| CVE-2025-0586 | aEnrich Technology a+HRD - Insecure Deserialization | S | |
| CVE-2025-0587 | Arkcompiler Ets Runtime has an integer overflow vulnerability | | |
| CVE-2025-0588 | In affected versions of Octopus Server it was possible for a user with sufficient access to set cust... | | |
| CVE-2025-0589 | In affected versions of Octopus Deploy where customers are using Active Directory for authentication... | | |
| CVE-2025-0590 | Improper permission settings for mobile applications (com.transsion.carlcare) may lead to informat... | | |
| CVE-2025-0591 | Out-of-bounds Read vulnerability in CX-Programmer | S | |
| CVE-2025-0592 | SICK Lector8xx and InspectorP8xx vulnerable for code execution | S | |
| CVE-2025-0593 | SICK Lector8xx and InspectorP8xx vulnerable for code execution | S | |
| CVE-2025-0595 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0596 | Stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0598 | Stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0599 | Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0600 | Stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0601 | Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0602 | Stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x | | |
| CVE-2025-0604 | Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak | | |
| CVE-2025-0605 | Weak Authentication in GitLab | E S | |
| CVE-2025-0611 | Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potent... | | |
| CVE-2025-0612 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker... | | |
| CVE-2025-0613 | Photo Gallery < 1.8.34 - Unauthenticated Stored XSS | E | |
| CVE-2025-0614 | Input validation vulnerability in Qualifio's Wheel of Fortune | S | |
| CVE-2025-0615 | Input validation vulnerability in Qualifio's Wheel of Fortune | S | |
| CVE-2025-0617 | An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to t... | | |
| CVE-2025-0618 | A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR age... | | |
| CVE-2025-0619 | Unsafe stored password recovery | | |
| CVE-2025-0620 | Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session | | |
| CVE-2025-0622 | Grub2: command/gpg: use-after-free due to hooks not being removed on module unload | M | |
| CVE-2025-0623 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0624 | Grub2: net: out-of-bounds write in grub_net_search_config_file() | M | |
| CVE-2025-0625 | CampCodes School Management Software Attachment resource injection | E | |
| CVE-2025-0626 | Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor | M | |
| CVE-2025-0627 | AI Autotagger < 3.30.0 - Admin+ Stored XSS | E | |
| CVE-2025-0628 | Improper Authorization in BerriAI/litellm | | |
| CVE-2025-0629 | Coronavirus (COVID-19) Notice Message <= 1.1.2 - Admin+ Stored XSS | E | |
| CVE-2025-0630 | Western Telematic Inc NPS Series, DSM Series, CPM Series External Control of File Name or Path | S | |
| CVE-2025-0631 | PowerFlex® 755 Credential Exposure Vulnerability | S | |
| CVE-2025-0632 | Local File Inclusion (LFI) leading to sensitive data exposure | S | |
| CVE-2025-0633 | Heap Overflow in iniparser.c | S | |
| CVE-2025-0634 | Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue ... | | |
| CVE-2025-0635 | Denial of Service condition in M-Files Server | | |
| CVE-2025-0637 | Inadequate access control in Beta10 | S | |
| CVE-2025-0638 | Routinator crashes when illegal characters are present in manifest file names | S | |
| CVE-2025-0639 | Allocation of Resources Without Limits or Throttling in GitLab | E S | |
| CVE-2025-0646 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0648 | M-Files Server crash via EOT database driver configuration | | |
| CVE-2025-0649 | Stack Exhaustion In Tensorflow Serving | | |
| CVE-2025-0650 | Ovn: egress acls may be bypassed via specially crafted udp packet | M | |
| CVE-2025-0651 | File symlink abuse might lead to deleting files belonging to SYSTEM user | | |
| CVE-2025-0652 | Incorrect Authorization in GitLab | E S | |
| CVE-2025-0654 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0655 | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate ... | R | |
| CVE-2025-0659 | Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud | S | |
| CVE-2025-0660 | Stored XSS in Folder Function by Rogue Admin | S | |
| CVE-2025-0661 | DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure | S | |
| CVE-2025-0662 | Uninitialized kernel memory disclosure via ktrace(2) | | |
| CVE-2025-0665 | eventfd double close | | |
| CVE-2025-0666 | BOINC Server Stored XSS Injection in host_venue_action.php | E | |
| CVE-2025-0667 | BOINC Server Stored XSS Injection in pm.php | E | |
| CVE-2025-0668 | BOINC Server Multiple SQL Injections | E | |
| CVE-2025-0669 | BOINC Server Cross-Site Request Forgery | E | |
| CVE-2025-0671 | Email Subscribers < 5.7.50 - Admin+ Stored XSS in Template | E | |
| CVE-2025-0673 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab | E S | |
| CVE-2025-0674 | Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel | M | |
| CVE-2025-0675 | Elber Communications Equipment Hidden Functionality | M | |
| CVE-2025-0676 | Commend Injection Leading to Privilege Escalation | S | |
| CVE-2025-0677 | Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks | M | |
| CVE-2025-0678 | Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data | M | |
| CVE-2025-0679 | Exposure of Private Personal Information to an Unauthorized Actor in GitLab | E S | |
| CVE-2025-0680 | New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. | M | |
| CVE-2025-0681 | New Rock Technologies Cloud Connected Devices Improper Neutralization of Wildcards or Matching Symbols | M | |
| CVE-2025-0682 | ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode | | |
| CVE-2025-0683 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor | S | |
| CVE-2025-0684 | Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data | M | |
| CVE-2025-0685 | Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data | M | |
| CVE-2025-0686 | Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat | M | |
| CVE-2025-0687 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS | E | |
| CVE-2025-0688 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS | E | |
| CVE-2025-0689 | Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution | M | |
| CVE-2025-0690 | Grub2: read: integer overflow may lead to out-of-bounds write | M | |
| CVE-2025-0691 | Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allow... | | |
| CVE-2025-0692 | Simple Video Management System <= 1.0.4 - Admin+ Stored XSS | E | |
| CVE-2025-0693 | Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration | | |
| CVE-2025-0694 | CODESYS Control V3 removable media path traversal | | |
| CVE-2025-0695 | An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions les... | | |
| CVE-2025-0696 | A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker... | | |
| CVE-2025-0697 | Telstra Smart Modem Gen 2 HTTP Header injection | | |
| CVE-2025-0698 | JoeyBling bootplus list sql injection | E | |
| CVE-2025-0699 | JoeyBling bootplus list sql injection | E | |
| CVE-2025-0700 | JoeyBling bootplus list sql injection | E | |
| CVE-2025-0701 | JoeyBling bootplus list sql injection | E | |
| CVE-2025-0702 | JoeyBling bootplus SysFileController.java unrestricted upload | E | |
| CVE-2025-0703 | JoeyBling bootplus SysFileController.java path traversal | E | |
| CVE-2025-0704 | JoeyBling bootplus QrCodeController.java qrCode resource consumption | E | |
| CVE-2025-0705 | JoeyBling bootplus QrCodeController.java qrCode redirect | E | |
| CVE-2025-0706 | JoeyBling bootplus admin.html cross site scripting | E | |
| CVE-2025-0707 | Rise Group Rise Mode Temp CPU Startup CRYPTBASE.dll untrusted search path | | |
| CVE-2025-0708 | fumiao opencms Add Model Management Page addOrUpdate cross site scripting | E | |
| CVE-2025-0709 | Dcat-Admin Roles Page roles cross site scripting | E | |
| CVE-2025-0710 | CampCodes School Management Software Notice Board Page notice-list cross site scripting | E | |
| CVE-2025-0714 | Insecure storage of sensitive information in MobaXTerm <25.0. | S | |
| CVE-2025-0716 | AngularJS improper sanitization in SVG ' | E | |
| CVE-2025-0717 | Social Slider Feed < 2.2.9 - Admin+ Stored XSS | E | |
| CVE-2025-0718 | Nested Pages < 3.2.13 - Contributor+ Stored XSS | E | |
| CVE-2025-0719 | IBM Cloud Pak for Data cross-site scripting | | |
| CVE-2025-0720 | Microword eScan Antivirus Folder Watch List rtscanner removeExtraSlashes stack-based overflow | | |
| CVE-2025-0721 | needyamin image_gallery view.php cross site scripting | E | |
| CVE-2025-0722 | needyamin image_gallery Cover Image gallery.php unrestricted upload | E | |
| CVE-2025-0723 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection | | |
| CVE-2025-0724 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection | | |
| CVE-2025-0725 | gzip integer overflow | E S | |
| CVE-2025-0726 | Eclipse ThreadX NetX Duo HTTP server denial of service | | |
| CVE-2025-0727 | Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow | S | |
| CVE-2025-0728 | Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow | S | |
| CVE-2025-0729 | TP-Link TL-SG108E clickjacking | S | |
| CVE-2025-0730 | TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings | E S | |
| CVE-2025-0731 | SMA: Sunny Portal Remote Code Execution | | |
| CVE-2025-0732 | Discord profapi.dll untrusted search path | | |
| CVE-2025-0733 | Postman profapi.dll untrusted search path | | |
| CVE-2025-0734 | y_project RuoYi Whitelist getBeanName deserialization | E | |
| CVE-2025-0736 | Org.infinispan-infinispan-parent: exposure of sensitive information in application logs | | |
| CVE-2025-0739 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0740 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0741 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0742 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0743 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0744 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0745 | Improper Access Control vulnerability in EmbedAI | S | |
| CVE-2025-0746 | Reflected Cross-Site Scripting vulnerability in EmbedAI | S | |
| CVE-2025-0747 | Stored Cross-Site vulnerability in EmbedAI | S | |
| CVE-2025-0748 | Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification | | |
| CVE-2025-0749 | Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check | | |
| CVE-2025-0750 | Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting | | |
| CVE-2025-0751 | Axiomatic Bento4 mp42aac ReadBits heap-based overflow | E | |
| CVE-2025-0752 | Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access | | |
| CVE-2025-0753 | Axiomatic Bento4 mp42aac ReadPartial heap-based overflow | E | |
| CVE-2025-0754 | Envoyproxy: openshift service mesh 2.6.3 and 2.5.6 envoy header handling allows log injection and potential spoofing | | |
| CVE-2025-0755 | MongoDB C Driver bson library may be susceptible to buffer overflow | | |
| CVE-2025-0756 | Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection') | | |
| CVE-2025-0757 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | | |
| CVE-2025-0758 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource | | |
| CVE-2025-0759 | IBM EntireX race condition | | |
| CVE-2025-0760 | Stored Credential Disclosure Vulnerability | S | |
| CVE-2025-0762 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to pot... | | |
| CVE-2025-0764 | wpForo Forum <= 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read in update | S | |
| CVE-2025-0767 | WP Activity Log 5.3.2 - Insecure deserialization | | |
| CVE-2025-0769 | PixelYourSite 10.1.1.1 - Insecure deserialization | | |
| CVE-2025-0781 | Incorrect Authorization in SimGear | S | |
| CVE-2025-0782 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-0783 | pankajindevops scale API Endpoint access control | E | |
| CVE-2025-0784 | Intelbras InControl Registered User usuario cleartext transmission | E | |
| CVE-2025-0785 | ESAFENET CDG SysConfig.jsp cross site scripting | E | |
| CVE-2025-0786 | ESAFENET CDG appDetail.jsp sql injection | E | |
| CVE-2025-0787 | ESAFENET CDG appDetail.jsp cross site scripting | E | |
| CVE-2025-0788 | ESAFENET CDG content_top.jsp sql injection | E | |
| CVE-2025-0789 | ESAFENET CDG doneDetail.jsp sql injection | E | |
| CVE-2025-0790 | ESAFENET CDG doneDetail.jsp cross site scripting | E | |
| CVE-2025-0791 | ESAFENET CDG sdDoneDetail.jsp sql injection | E | |
| CVE-2025-0792 | ESAFENET CDG sdTodoDetail.jsp sql injection | E | |
| CVE-2025-0793 | ESAFENET CDG todoDetail.jsp sql injection | E | |
| CVE-2025-0794 | ESAFENET CDG todoDetail.jsp cross site scripting | E | |
| CVE-2025-0795 | ESAFENET CDG todolistjump.jsp cross site scripting | E | |
| CVE-2025-0796 | Mortgage Lead Capture System <= 8.2.10 - Cross-Site Request Forgery to Settings Reset | | |
| CVE-2025-0797 | MicroWorld eScan Antivirus Quarantine Microworld default permission | E | |
| CVE-2025-0798 | MicroWorld eScan Antivirus Quarantine rtscanner os command injection | E | |
| CVE-2025-0799 | IBM App Connect Enterprise Arbitrary File Write | | |
| CVE-2025-0800 | SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting | E | |
| CVE-2025-0801 | RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update | S | |
| CVE-2025-0802 | SourceCodester Best Employee Management System Administrative Endpoint View_user.php access control | E | |
| CVE-2025-0803 | Codezips Gym Management System submit_plan_new.php sql injection | E | |
| CVE-2025-0804 | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2025-0805 | Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-0806 | code-projects Job Recruitment _call_job_search_ajax.php cross site scripting | E | |
| CVE-2025-0807 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update | | |
| CVE-2025-0808 | Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion | S | |
| CVE-2025-0809 | Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting | | |
| CVE-2025-0810 | Read More & Accordion <= 3.4.5 - Cross-Site Request Forgery to Local File Inclusion | | |
| CVE-2025-0811 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | E S | |
| CVE-2025-0813 | CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when... | | |
| CVE-2025-0814 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the net... | | |
| CVE-2025-0815 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the pro... | | |
| CVE-2025-0816 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the pro... | | |
| CVE-2025-0817 | FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload | | |
| CVE-2025-0819 | Mali GPU Kernel Driver allows access to already freed memory | S | |
| CVE-2025-0820 | Clicface Trombi <= 2.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via nom Parameter | | |
| CVE-2025-0821 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter | S | |
| CVE-2025-0822 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | S | |
| CVE-2025-0823 | IBM MQ path traversal | S | |
| CVE-2025-0825 | CRLF injection in Cpp-httplib | S | |
| CVE-2025-0826 | Stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0827 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0828 | Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0829 | Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0830 | Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0832 | Stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0833 | Stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x | | |
| CVE-2025-0834 | Wondershare Dr.Fone Privilege Scalation Vulnerability | | |
| CVE-2025-0835 | GPU DDK - _WrapExtMemReleasePages called twice if _FlushUMVirtualRange fails | | |
| CVE-2025-0837 | Puzzles <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2025-0838 | Heap Buffer overflow in Abseil | | |
| CVE-2025-0839 | ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2025-0840 | GNU Binutils objdump.c disassemble_bytes stack-based overflow | E S | |
| CVE-2025-0841 | Aridius XYZ News loadMore deserialization | E | |
| CVE-2025-0842 | needyamin Library Card System Login admin.php sql injection | E | |
| CVE-2025-0843 | needyamin Library Card System Admin Panel admindashboard.php sql injection | E | |
| CVE-2025-0844 | needyamin Library Card System Registration Page signup.php cross site scripting | E | |
| CVE-2025-0845 | DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2025-0846 | 1000 Projects Employee Task Management System AdminLogin.php sql injection | E | |
| CVE-2025-0847 | 1000 Projects Employee Task Management System Login index.php sql injection | E | |
| CVE-2025-0848 | Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow | E | |
| CVE-2025-0849 | CampCodes School Management Software Staff edit-staff improper authorization | E S | |
| CVE-2025-0851 | Path traversal issue in Deep Java Library | | |
| CVE-2025-0853 | PGS Core <= 5.8.0 - Unauthenticated SQL Injection | | |
| CVE-2025-0855 | PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection | | |
| CVE-2025-0856 | PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions | | |
| CVE-2025-0858 | Certain Poly Devices – Path Traversal Vulnerability - Arbitrary File Access by Unauthorized User | | |
| CVE-2025-0859 | Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function | S | |
| CVE-2025-0860 | VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting | S | |
| CVE-2025-0861 | VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection | S | |
| CVE-2025-0862 | SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter | | |
| CVE-2025-0863 | Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-0864 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting | S | |
| CVE-2025-0865 | WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update | S | |
| CVE-2025-0866 | Legoeso PDF Manager <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter | | |
| CVE-2025-0867 | Privilege Escalation in MEAC300 | S | |
| CVE-2025-0868 | Remote Code Execution in DocsGPT | | |
| CVE-2025-0869 | Cianet ONU GW24AC Login cross site scripting | | |
| CVE-2025-0870 | Axiomatic Bento4 Ap4DataBuffer.h GetData heap-based overflow | E | |
| CVE-2025-0871 | Maybecms Add Article index.php cross site scripting | E S | |
| CVE-2025-0872 | itsourcecode Tailoring Management System addpayment.php sql injection | E | |
| CVE-2025-0873 | itsourcecode Tailoring Management System customeredit.php sql injection | E | |
| CVE-2025-0874 | code-projects Simple Plugins Car Rental Management approve.php sql injection | E | |
| CVE-2025-0877 | XSS in AtaksAPP's Reservation Management System | | |
| CVE-2025-0880 | Codezips Gym Management System updateplan.php sql injection | E | |
| CVE-2025-0881 | Codezips Gym Management System saveroutine.php sql injection | E | |
| CVE-2025-0882 | code-projects Chat System addnewmember.php sql injection | E | |
| CVE-2025-0883 | vulnerability has been discovered in OpenText™ Service Manager. | S | |
| CVE-2025-0884 | Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager. | S | |
| CVE-2025-0885 | Incorrect Authorization vulnerability affects OpenText™ GroupWise | S | |
| CVE-2025-0889 | Privilege Management for Windows – Elevation of Privilege | | |
| CVE-2025-0890 | **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL... | | |
| CVE-2025-0893 | Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vu... | | |
| CVE-2025-0895 | IBM Cognos Mobile information disclosure | | |
| CVE-2025-0896 | Orthanc Server Missing Authentication for Critical Function | S | |
| CVE-2025-0897 | Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode | S | |
| CVE-2025-0899 | PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2025-0900 | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0901 | PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2025-0902 | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0903 | PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-0904 | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0905 | PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0906 | PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0907 | PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0908 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0909 | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0910 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2025-0911 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-0912 | GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection | S | |
| CVE-2025-0913 | Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall | | |
| CVE-2025-0914 | Velociraptor Shell Plugin Prevent_execve Bypass | | |
| CVE-2025-0915 | IBM Db2 denial of service | S | |
| CVE-2025-0916 | YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting | S | |
| CVE-2025-0917 | IBM Cognos Analytics cross-site scripting | S | |
| CVE-2025-0918 | SMTP for SendGrid – YaySMTP <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via Email Logs | S | |
| CVE-2025-0919 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: T... | R | |
| CVE-2025-0921 | Information Tampering Vulnerability in Multi-agent Notification Feature of GENESIS64 and MC Works64 | | |
| CVE-2025-0923 | IBM Cognos Analytics information disclosure | S | |
| CVE-2025-0924 | WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting | S | |
| CVE-2025-0925 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: T... | R | |
| CVE-2025-0926 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for ... | | |
| CVE-2025-0927 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesyst... | R | |
| CVE-2025-0928 | Arbitrary executable upload via authenticated endpoint | | |
| CVE-2025-0929 | SQL injection vulnerability in TeamCal Neo | | |
| CVE-2025-0930 | Reflected Cross-Site Scripting (XSS) vulnerability in TeamCal Neo | | |
| CVE-2025-0934 | code-projects Job Recruitment _call_job_search_ajax.php sql injection | E | |
| CVE-2025-0935 | Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change | S | |
| CVE-2025-0936 | On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly | E S | |
| CVE-2025-0937 | Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace | | |
| CVE-2025-0938 | URL parser allowed square brackets in domain names | S | |
| CVE-2025-0939 | MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization | S | |
| CVE-2025-0941 | MET ONE 3400+ Potential Credential Exposure | S | |
| CVE-2025-0942 | Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection | S | |
| CVE-2025-0943 | itsourcecode Tailoring Management System deldoc.php sql injection | E | |
| CVE-2025-0944 | itsourcecode Tailoring Management System customerview.php sql injection | E | |
| CVE-2025-0945 | itsourcecode Tailoring Management System typedelete.php sql injection | E | |
| CVE-2025-0946 | itsourcecode Tailoring Management System templatedelete.php sql injection | E | |
| CVE-2025-0947 | itsourcecode Tailoring Management System expview.php sql injection | E | |
| CVE-2025-0948 | itsourcecode Tailoring Management System incview.php sql injection | E | |
| CVE-2025-0949 | itsourcecode Tailoring Management System partview.php sql injection | E | |
| CVE-2025-0950 | itsourcecode Tailoring Management System staffview.php sql injection | E | |
| CVE-2025-0952 | Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | | |
| CVE-2025-0953 | SMTP for Sendinblue – YaySMTP <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email Logs | S | |
| CVE-2025-0954 | WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import | | |
| CVE-2025-0955 | VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import | | |
| CVE-2025-0956 | WooCommerce Recover Abandoned Cart <= 24.3.0 - Unauthenticated PHP Object Injection | | |
| CVE-2025-0957 | Vulnerability: SMTP for Amazon SES <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting via Email Logs | | |
| CVE-2025-0958 | Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion | S | |
| CVE-2025-0959 | Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id | | |
| CVE-2025-0960 | AutomationDirect C-more EA9 HMI Classic Buffer Overflow | S | |
| CVE-2025-0961 | code-projects Job Recruitment load_job-details.php cross site scripting | E | |
| CVE-2025-0966 | IBM InfoSphere Information Server SQL injection | S | |
| CVE-2025-0967 | code-projects Chat System add_chatroom.php sql injection | E | |
| CVE-2025-0968 | ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function | S | |
| CVE-2025-0970 | Zenvia Movidesk Login redirect | | |
| CVE-2025-0971 | Zenvia Movidesk Profile Editing EditProfile cross site scripting | | |
| CVE-2025-0972 | Zenvia Movidesk New Ticket cross site scripting | E | |
| CVE-2025-0973 | CmsEasy index.php backAll_action path traversal | E | |
| CVE-2025-0974 | MaxD Lightning Module deserialization | E | |
| CVE-2025-0975 | IBM MQ code execution | | |
| CVE-2025-0981 | Session Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description Field | E S | |
| CVE-2025-0982 | Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine) | | |
| CVE-2025-0984 | Arbitrary File Upload in Netoloji Software's E-Flow | | |
| CVE-2025-0985 | IBM MQ information disclosure | | |
| CVE-2025-0986 | IBM PowerVM Hypervisor data manipulation | | |
| CVE-2025-0989 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-12315. Reason: ... | R | |
| CVE-2025-0990 | I Am Gloria <= 1.1.4 - Cross-Site Request Forgery | | |
| CVE-2025-0993 | Allocation of Resources Without Limits or Throttling in GitLab | E S | |
| CVE-2025-0994 | Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.... | KEV S | |
| CVE-2025-0995 | Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentiall... | | |
| CVE-2025-0996 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowe... | | |
| CVE-2025-0997 | Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to po... | | |
| CVE-2025-0998 | Rejected reason: Not exploitable... | R | |
| CVE-2025-0999 | Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to pot... | |