CVE-2025-1xxx

There are 853 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-1000 IBM Db2 denial of service
S
CVE-2025-1001 Medixant RadiAnt DICOM Viewer Improper Certificate Validation
S
CVE-2025-1002 MicroDicom DICOM Viewer Improper Certificate Validation
S
CVE-2025-1003 HP Anyware Agent for Linux – Potential Authentication Bypass
CVE-2025-1004 Certain HP LaserJet Pro Printers – Potential Denial of Service
CVE-2025-1005 ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget
S
CVE-2025-1006 Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to pote...
CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details
CVE-2025-1008 Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter
CVE-2025-1009 An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially explo...
CVE-2025-1010 An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentiall...
CVE-2025-1011 A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an at...
CVE-2025-1012 A race during concurrent delazification could have led to a use-after-free. This vulnerability affec...
CVE-2025-1013 A race condition could have led to private browsing tabs being opened in normal browsing windows. Th...
CVE-2025-1014 Certificate length was not properly checked when added to a certificate store. In practice only trus...
CVE-2025-1015 The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attack...
CVE-2025-1016 Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, T...
CVE-2025-1017 Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6...
CVE-2025-1018 The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the use...
CVE-2025-1019 The z-order of the browser windows could be manipulated to hide the fullscreen notification. This co...
CVE-2025-1020 Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of...
CVE-2025-1021 Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-4...
CVE-2025-1022 Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation ...
E
CVE-2025-1023 SQL Injection in ChurchCRM newCountName Parameter via EditEventTypes.php
E S
CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter
E S
CVE-2025-1025 Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload wher...
E
CVE-2025-1026 Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation ...
CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload
CVE-2025-1033 Badgearoo <= 1.0.14 - Admin+ Stored XSS
E
CVE-2025-1035 Path Traversal in Komtera Technolgies' KLog Server
CVE-2025-1039 Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field
E S
CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt
E S
CVE-2025-1041 Avaya Call Management System RCE vulnerability
CVE-2025-1042 Files or Directories Accessible to External Parties in GitLab
E S
CVE-2025-1043 Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode
CVE-2025-1044 Logsign Unified SecOps Platform Authentication Bypass Vulnerability
CVE-2025-1045 Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-1046 Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-1047 Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
CVE-2025-1048 Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability
CVE-2025-1049 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-1050 Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-1051 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-1052 Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-1053 Brocade SANnav encryption key is logged in the debug logs
CVE-2025-1054 UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2025-1055 K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User
CVE-2025-1056 Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a spe...
CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling
CVE-2025-1058 CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device ...
CVE-2025-1059 CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause ...
CVE-2025-1060 CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in t...
CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider
CVE-2025-1062 Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
E
CVE-2025-1063 Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure
S
CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode
S
CVE-2025-1065 Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File
CVE-2025-1066 CVE-2025-1066
CVE-2025-1067 There is a code injection vulnerability in ArcGIS Pro
CVE-2025-1068 There is a code injection vulnerability in Esri ArcGIS AllSource
CVE-2025-1070 CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the ...
CVE-2025-1071 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module
CVE-2025-1072 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-1073 Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical ...
CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery
E
CVE-2025-1075 LDAP credentials logged to Apache error log
CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded
S
CVE-2025-1077 Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)
S
CVE-2025-1078 AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization
E
CVE-2025-1079 RCE In Google Web Designer
CVE-2025-1080 Macro URL arbitrary script execution
CVE-2025-1081 Bharti Airtel Xstream Fiber WiFi Password weak credentials
E
CVE-2025-1082 Mindskip xzs-mysql 学之思开源考试系统 Exam Edit edit cross site scripting
E
CVE-2025-1083 Mindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policy
E
CVE-2025-1084 Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery
E
CVE-2025-1085 Animati PACS login cross site scripting
CVE-2025-1086 Safetytest Cloud-Master Server static path traversal
CVE-2025-1087 Arbitrary Code Execution in Kong Insomnia Desktop Application
CVE-2025-1088 Very long unicode dashboard title or panel name can hang the frontend
CVE-2025-1091 Broken Authorization Schema
S
CVE-2025-1093 AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image
CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
M
CVE-2025-1095 IBM Personal Communications command execution
CVE-2025-1096 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations
CVE-2025-1099 Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera
S
CVE-2025-1100 A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to ...
CVE-2025-1101 A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal t...
CVE-2025-1102 A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal t...
CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference
E
CVE-2025-1104 D-Link DHP-W310AV authentication spoofing
E
CVE-2025-1105 SiberianCMS HTTP GET Request flat cross site scripting
CVE-2025-1106 CmsEasy database_admin.php restore_action path traversal
E
CVE-2025-1107 Unverified password change vulnerability in Janto
S
CVE-2025-1108 Insufficient data authenticity vulnerability in Janto
S
CVE-2025-1110 Insufficient Granularity of Access Control in GitLab
E S
CVE-2025-1112 IBM OpenPages with Watson information disclosure
S
CVE-2025-1113 taisan tarzan-cms Add Theme admin#themes upload deserialization
E
CVE-2025-1114 newbee-mall Add Category Page save cross site scripting
E
CVE-2025-1115 RT-Thread lwp_syscall.c sys_timer_settime information disclosure
CVE-2025-1116 Dreamvention Live AJAX Search Free live_search.searchresults search sql injection
E
CVE-2025-1117 CoinRemitter sql injection
E S
CVE-2025-1118 Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled
CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-1121 Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 ...
E
CVE-2025-1122 Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards a...
CVE-2025-1123 Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email
CVE-2025-1125 Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write
M
CVE-2025-1126 Lexmark has identified a vulnerability in our Lexmark Print Management Client (LPMC).
M
CVE-2025-1127 Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server
S
CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
S
CVE-2025-1132 SQL Injection in ChurchCRM EN_tyid Parameter via EditEventAttendees.php
E S
CVE-2025-1133 SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php
E S
CVE-2025-1134 SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php
E S
CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php
E S
CVE-2025-1137 IBM Storage Scale command injection
S
CVE-2025-1138 IBM Information Server information disclosure
S
CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials
S
CVE-2025-1144 Quanxun School Affairs System - Exposure of Sensitive Information
S
CVE-2025-1145 NetVision Information ISOinsight - Reflected Cross-site Scripting
S
CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue
CVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflow
E
CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak
E
CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
E
CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak
E
CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
E
CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak
E
CVE-2025-1153 GNU Binutils format.c bfd_set_format memory corruption
E S
CVE-2025-1154 xxyopen Novel books sql injection
E
CVE-2025-1155 Webkul QloApps Your Location Search stores cross site scripting
E
CVE-2025-1156 Pix Software Vivaz servlet sql injection
E
CVE-2025-1157 Allims lab.online model_recuperar_senha.php sql injection
CVE-2025-1158 ESAFENET CDG addPolicyToSafetyGroup.jsp sql injection
E
CVE-2025-1159 CampCodes School Management Software academic-calendar cross site scripting
E M
CVE-2025-1160 SourceCodester Employee Management System index.php default credentials
E
CVE-2025-1162 code-projects Job Recruitment load\_user-profile.php sql injection
E
CVE-2025-1163 code-projects Vehicle Parking Management System Authentication login stack-based overflow
E
CVE-2025-1164 code-projects Police FIR Record Management System Add Record stack-based overflow
E
CVE-2025-1165 Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload
E
CVE-2025-1166 SourceCodester Food Menu Manager update.php unrestricted upload
E
CVE-2025-1167 Mayuri K Employee Management System Update_User.php sql injection
E
CVE-2025-1168 SourceCodester Contact Manager with Export to VCF delete-contact.php sql injection
E
CVE-2025-1169 SourceCodester Image Compressor Tool compressor.php cross site scripting
E
CVE-2025-1170 code-projects Real Estate Property Management System Category.php cross site scripting
E
CVE-2025-1171 code-projects Real Estate Property Management System CustomerReport.php cross site scripting
E
CVE-2025-1172 1000 Projects Bookstore Management System addtocart.php sql injection
E
CVE-2025-1173 1000 Projects Bookstore Management System process_users_del.php sql injection
E
CVE-2025-1174 1000 Projects Bookstore Management System Add Book Page process_book_add.php cross site scripting
E
CVE-2025-1175 Cross-Site Scripting (XSS) vulnerability in Kelio Visio
S
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
E S
CVE-2025-1177 dayrui XunRuiCMS Linkage.php import_add deserialization
E
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
E S
CVE-2025-1179 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
E S
CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
E
CVE-2025-1181 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption
E S
CVE-2025-1182 GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption
E S
CVE-2025-1183 CodeZips Gym Management System more-userprofile.php sql injection
E
CVE-2025-1184 pihome-shc PiHome ajax.php sql injection
E
CVE-2025-1185 pihome-shc PiHome ajax.php sql injection
E
CVE-2025-1186 dayrui XunRuiCMS Api.php deserialization
E
CVE-2025-1187 code-projects Police FIR Record Management System Delete Record stack-based overflow
E
CVE-2025-1188 Codezips Gym Management System updateroutine.php sql injection
E
CVE-2025-1189 1000 Projects Attendance Tracking Management System chart1.php sql injection
E
CVE-2025-1190 code-projects Job Recruitment load_user-profile.php cross site scripting
E
CVE-2025-1191 SourceCodester Multi Restaurant Table Reservation System approve-reject.php sql injection
E
CVE-2025-1192 SourceCodester Multi Restaurant Table Reservation System select-menu.php sql injection
E
CVE-2025-1193 Improper host validation in the certificate validation component in Devolutions Remote Desktop Manag...
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E
CVE-2025-1195 code-projects Real Estate Property Management System EditCategory cross site scripting
E
CVE-2025-1196 code-projects Real Estate Property Management System search.php cross site scripting
E
CVE-2025-1197 code-projects Real Estate Property Management System load_user-profile.php sql injection
E
CVE-2025-1198 Insufficient Session Expiration in GitLab
S
CVE-2025-1199 SourceCodester Best Church Management Software role_crud.php sql injection
E
CVE-2025-1200 SourceCodester Best Church Management Software slider_crud.php sql injection
E
CVE-2025-1201 SourceCodester Best Church Management Software profile_crud.php sql injection
E
CVE-2025-1202 SourceCodester Best Church Management Software edit_slider.php sql injection
E
CVE-2025-1203 Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
E
CVE-2025-1204 The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded,...
M
CVE-2025-1206 Codezips Gym Management System viewdetailroutine.php sql injection
E
CVE-2025-1207 phjounin TFTPD64 DNS denial of service
E
CVE-2025-1208 code-projects Wazifa System Profile.php cross site scripting
E
CVE-2025-1209 code-projects Wazifa System search_resualts.php searchuser cross site scripting
E
CVE-2025-1210 code-projects Wazifa System control.php sql injection
E
CVE-2025-1211 Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) d...
E
CVE-2025-1212 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
S
CVE-2025-1213 pihome-shc PiHome index.php cross site scripting
E
CVE-2025-1214 pihome-shc PiHome Role-Based Access Control user_accounts.php authorization
E
CVE-2025-1215 vim main.c memory corruption
E S
CVE-2025-1216 ywoa OaNoticeMapper.xml selectNoticeList sql injection
E
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers
E
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
E
CVE-2025-1222 An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data
CVE-2025-1223 An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data
CVE-2025-1224 ywoa UserMapper.xml listNameBySql sql injection
E
CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference
E
CVE-2025-1226 ywoa setup.jsp improper authorization
E
CVE-2025-1227 ywoa AddressDao.xml selectList sql injection
E
CVE-2025-1228 olajowon Loggrove Logfile Update page path traversal
E
CVE-2025-1229 olajowon Loggrove page os command injection
E
CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop
S
CVE-2025-1231 Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authen...
CVE-2025-1232 Site Reviews < 7.2.5 - Unauthenticated Stored XSS
E
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
CVE-2025-1234 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1235 WAGO: Switches affected by year 2k38 problem
CVE-2025-1239 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List
CVE-2025-1240 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
S
CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
M
CVE-2025-1245 Bypass Connection Restriction Vulnerability in Hitachi Ops Center Analyzer
CVE-2025-1246 Mali GPU Userspace Driver allows an Out-of-Bounds access
S
CVE-2025-1247 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance
M
CVE-2025-1249 WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability
S
CVE-2025-1252 Potential buffer write overflow in Connext applications while parsing malicious license file
CVE-2025-1253 Potential stack buffer write overflow in license-managed Core Libraries when setting RTI_LICENSE_FILE environment variable
CVE-2025-1254 Potential out-of-bounds read and write in Recording Service while using file rollover
CVE-2025-1257 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-1258 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1259 On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.
S
CVE-2025-1260 On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.
S
CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget
S
CVE-2025-1262 Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass
S
CVE-2025-1264 Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection
CVE-2025-1265 Elseta Vinci Protocol Analyzer OS Command Injection
S
CVE-2025-1266 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1267 Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter
CVE-2025-1268 Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic P...
CVE-2025-1269 Open Redirect in HAVELSAN's Open Source Project Liman MYS
CVE-2025-1270 Insecure direct object reference (IDOR) vulnerability in H6Web
S
CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
S
CVE-2025-1273 PDF File Parsing Heap-Based Overflow Vulnerability
CVE-2025-1274 RCS File Parsing Out-of-Bounds Write Vulnerability
CVE-2025-1275 JPG File Parsing Heap-Based Overflow Vulnerability
CVE-2025-1276 DWG File Parsing Out-of-Bounds Write Vulnerability
CVE-2025-1277 PDF File Parsing Memory Corruption Vulnerability
CVE-2025-1278 Insufficient Granularity of Access Control in GitLab
E S
CVE-2025-1279 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-1282 Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read
CVE-2025-1283 Dingtian DT-R0 Series Authentication Bypass Using an Alternate Path or Channel
M
CVE-2025-1284 Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure
CVE-2025-1285 Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update
CVE-2025-1286 Download HTML TinyMCE Button <= 1.2 - Reflected XSS
E
CVE-2025-1287 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2025-1288 wooexim <= 5.0.0 - CSRF to Reflected XSS
E
CVE-2025-1289 Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Admin+ Stored XSS
E
CVE-2025-1290 A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function w...
E
CVE-2025-1291 Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon'
CVE-2025-1292 TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS
CVE-2025-1293 HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass
CVE-2025-1294 eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-1295 Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs
CVE-2025-1297 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1298 Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of accou...
CVE-2025-1300 Open redirect in CodeChecker web server
CVE-2025-1301 Reflected XSS in Yordam Informatics' Library Automation System
CVE-2025-1302 Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) du...
CVE-2025-1303 Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Unauthenticated Reflected XSS
E
CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation
S
CVE-2025-1306 Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload
S
CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2025-1308 PX Backup Improper Sanitization Vulnerability
S
CVE-2025-1309 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-1310 Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read
CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection
CVE-2025-1312 Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function
CVE-2025-1315 InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection
KEV M
CVE-2025-1317 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1318 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1319 Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2025-1320 teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete
CVE-2025-1321 teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection
S
CVE-2025-1322 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure
S
CVE-2025-1323 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection
S
CVE-2025-1324 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2025-1325 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction
S
CVE-2025-1326 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion
CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion
CVE-2025-1328 Typed JS: A typewriter style animation <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via typespeed Parameter
CVE-2025-1329 IBM CICS TX code execution
S
CVE-2025-1330 IBM CICS TX code execution
S
CVE-2025-1331 IBM CICS TX code execution
S
CVE-2025-1332 FastCMS Template Menu menu cross site scripting
E
CVE-2025-1333 IBM MQ Operator information disclosure
S
CVE-2025-1334 IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure
S
CVE-2025-1335 CmsEasy file_admin.php deleteimg_action path traversal
E
CVE-2025-1336 CmsEasy image_admin.php deleteimg_action path traversal
E
CVE-2025-1337 Eastnets PaymentSafe BIC Search cross site scripting
CVE-2025-1338 NUUO Camera handle_config.php print_file command injection
E
CVE-2025-1339 TOTOLINK X18 cstecgi.cgi setL2tpdConfig os command injection
E
CVE-2025-1340 TOTOLINK X18 cstecgi.cgi setPasswordCfg stack-based overflow
E
CVE-2025-1341 PMWeb Setting weak password
E
CVE-2025-1348 IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
S
CVE-2025-1349 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
S
CVE-2025-1351 IBM Storage Virtualize privilege escalation
S
CVE-2025-1352 GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption
E S
CVE-2025-1353 Kong Insomnia profapi.dll untrusted search path
CVE-2025-1354 A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerab...
CVE-2025-1355 needyamin Library Card System Add Picture signup.php unrestricted upload
E
CVE-2025-1356 needyamin Library Card System card.php sql injection
E
CVE-2025-1357 Seventh D-Guard HTTP GET Request path traversal
CVE-2025-1358 Pix Software Vivaz cross-site request forgery
CVE-2025-1359 SIAM Industria de Automação e Monitoramento qrcode.jsp cross site scripting
CVE-2025-1360 Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting
CVE-2025-1361 IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function
S
CVE-2025-1362 easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF
E
CVE-2025-1363 easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS
E
CVE-2025-1364 MicroWord eScan Antivirus USB Protection Service passPrompt stack-based overflow
E
CVE-2025-1365 GNU elfutils eu-readelf readelf.c process_symtab buffer overflow
E S
CVE-2025-1366 MicroWord eScan Antivirus VirusPopUp strcpy stack-based overflow
E
CVE-2025-1367 MicroWord eScan Antivirus USB Password sprintf buffer overflow
E
CVE-2025-1368 MicroWord eScan Antivirus mwav.conf ReadConfiguration buffer overflow
E
CVE-2025-1369 MicroWord eScan Antivirus USB Password os command injection
E
CVE-2025-1370 MicroWorld eScan Antivirus Autoscan USB epsdaemon sprintf os command injection
E
CVE-2025-1371 GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference
E S
CVE-2025-1372 GNU elfutils eu-readelf readelf.c print_string_section buffer overflow
E S
CVE-2025-1373 FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference
E S
CVE-2025-1374 code-projects Real Estate Property Management System search.php sql injection
E
CVE-2025-1376 GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service
E S
CVE-2025-1377 GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service
E S
CVE-2025-1378 radare2 rasm2 rasm2.c memory corruption
E S
CVE-2025-1379 code-projects Real Estate Property Management System CustomerReport.php sql injection
E
CVE-2025-1380 Codezips Gym Management System del_plan.php sql injection
E
CVE-2025-1381 code-projects Real Estate Property Management System ajax_city.php sql injection
E
CVE-2025-1382 Contact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRF
E
CVE-2025-1383 Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function
S
CVE-2025-1385 Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration
CVE-2025-1386 Query smuggling in ch-go library
CVE-2025-1387 Learning Digital Orca HCM - Improper Authentication
S
CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload
S
CVE-2025-1389 Learning Digital Orca HCM - SQL Injection
S
CVE-2025-1390 pam_cap: Fix potential configuration parsing error
S
CVE-2025-1391 Keycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims
CVE-2025-1392 D-Link DIR-816 index.html cross site scripting
CVE-2025-1393 Weidmueller: Authentication Vulnerability due to Hard-coded Credentials
CVE-2025-1398 macOS TCC Bypass via Code Injection
S
CVE-2025-1399 Out-of-bounds Read in libplctag library
S
CVE-2025-1400 Out-of-bounds Read in libplctag library
S
CVE-2025-1401 WP Click Info <= 2.7.4 - Reflected XSS
E
CVE-2025-1402 Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion
CVE-2025-1403 Qiskit SDK denial of service
CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function
CVE-2025-1405 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode
S
CVE-2025-1406 Newpost Catch <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode
CVE-2025-1407 AMO Team Showcase <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via amoteam_skills Shortcode
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management
CVE-2025-1410 Events Calendar Made Simple – Pie Calendar <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piecal Shortcode
S
CVE-2025-1411 IBM Security Verify Directory Container command execution
S
CVE-2025-1412 Session Persistence After User-to-Bot Conversion
S
CVE-2025-1413 Dylib Hijacking in DaVinci Resolve
CVE-2025-1414 Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption a...
CVE-2025-1415 Information disclosure in Proget MDM
CVE-2025-1416 Password disclosure in Proget MDM
CVE-2025-1417 Information disclosure in Proget MDM
CVE-2025-1418 Information disclosure in Proget MDM
CVE-2025-1419 XSS in Proget MDM
CVE-2025-1420 XSS in Proget MDM
CVE-2025-1421 Formula injection in a CSV file in Proget MDM
CVE-2025-1424 Privilege Escalation Through SUID Binary and Developer Mode
E
CVE-2025-1425 File Read Through Improper Sudo Privilege Management
CVE-2025-1426 Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote att...
CVE-2025-1427 CATPRODUCT File Parsing Uninitialized Variable Vulnerability
CVE-2025-1428 CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability
CVE-2025-1429 MODEL File Parsing Heap-Based Buffer Overflow Vulnerability
CVE-2025-1430 SLDPRT File Parsing Memory Corruption Vulnerability
CVE-2025-1431 SLDPRT File Parsing Out-of-Bounds Read Vulnerability
CVE-2025-1432 3DM File Parsing Use-After-Free Vulnerability
CVE-2025-1433 MODEL File Parsing Out-of-Bounds Read Vulnerability
CVE-2025-1434 XSS in AREAL SAS Topkapi Vision Webserv2
CVE-2025-1435 bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation
CVE-2025-1436 Limit Bio <= 1.0 - Stored XSS via CSRF
E
CVE-2025-1437 Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1439 Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header
CVE-2025-1440 Advanced iFrame <= 2024.5 - Unauthenticated Settings Update
CVE-2025-1441 Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVE-2025-1445 A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availa...
CVE-2025-1446 Pods < 3.2.8.2 - Admin+ SQL Injection
E
CVE-2025-1447 kasuganosoras Pigeon index.php server-side request forgery
S
CVE-2025-1448 Synway SMG Gateway Management Software 9-12ping.php command injection
E
CVE-2025-1449 Admin Shell Access Vulnerability in Rockwell Automation Verve Asset Manager
S
CVE-2025-1450 Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui
E
CVE-2025-1452 Favorites < 2.3.5 - Admin+ Stored XSS
E
CVE-2025-1453 Category Posts Widget < 4.9.20 - Admin+ Stored XSS
E
CVE-2025-1454 Ninja Pages <= 1.4.2 - Admin+ Stored XSS
E
CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1459 Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1460 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1461 Vuetify XSS through 'eventMoreText' prop of VCalendar
E
CVE-2025-1463 Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish
CVE-2025-1464 Baiyi Cloud Asset Management System admin.house.collect.php sql injection
E
CVE-2025-1465 lmxcms Maintenance db.inc.php code injection
E
CVE-2025-1467 Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) v...
CVE-2025-1468 CODESYS Control V3 - OPC UA Server Authentication bypass
CVE-2025-1470 Eclipse OMR: Null pointer dereference vulnerability
S
CVE-2025-1471 Eclipse OMR: Buffer overflow vulnerability
S
CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics
S
CVE-2025-1473 CSRF in mlflow/mlflow
CVE-2025-1474 Weak Password Requirements in mlflow/mlflow
E S
CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'
CVE-2025-1478 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-1479 An open debug interface was reported in the Legion Space software included on certain Legion devices...
S
CVE-2025-1481 Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export
CVE-2025-1483 LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update
S
CVE-2025-1484 A vulnerability exists in the media upload component of the Asset Suite versions listed below. If s...
CVE-2025-1485 Real Cookie Banner < 5.1.6 - Admin+ Stored XSS
E
CVE-2025-1486 WoWPth <= 2.0 - Reflected XSS
E
CVE-2025-1487 WoWPth <= 2.0 - Reflected XSS
E
CVE-2025-1488 WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter
S
CVE-2025-1489 WP-Appbox <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via appbox Shortcode
S
CVE-2025-1490 Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter
CVE-2025-1491 WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter
CVE-2025-1492 Uncontrolled Recursion in Wireshark
S
CVE-2025-1493 IBM Db2 denial of service
S
CVE-2025-1495 IBM Business Automation Workflow missing authentication
S
CVE-2025-1496 Improper Authentication in BG-TEK's Coslat Hotspot
CVE-2025-1497 Remote Code Execution in PlotAI
S
CVE-2025-1499 IBM InfoSphere Information Server information disclosure
S
CVE-2025-1500 IBM Maximo Application Suite file upload
CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export
CVE-2025-1503 WP Recipe Maker <= 9.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1504 Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure
CVE-2025-1505 Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting
S
CVE-2025-1506 Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update
S
CVE-2025-1507 ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation
S
CVE-2025-1508 WP Crowdfunding <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Post Content Download
CVE-2025-1509 Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution
CVE-2025-1511 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting
S
CVE-2025-1512 PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1513 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2025-1514 Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call
CVE-2025-1515 WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover
CVE-2025-1516 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-1517 Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes
S
CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
CVE-2025-1523 Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
E
CVE-2025-1524 Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
E
CVE-2025-1525 Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS
E
CVE-2025-1526 DethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1527 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module
S
CVE-2025-1528 Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure
CVE-2025-1529 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File
CVE-2025-1530 Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion
S
CVE-2025-1531 Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF
CVE-2025-1532 Code Injection Vulnerability in Phoneservice
CVE-2025-1533 A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be trigg...
CVE-2025-1534 Cross-site Scripting (Stored)
CVE-2025-1535 Baiyi Cloud Asset Management System admin.ticket.close.php sql injection
E
CVE-2025-1536 Raisecom Multi-Service Intelligent Gateway Request Parameter vpn_template_style.php os command injection
E
CVE-2025-1537 Harpia DiagSystem atualatendimento_jpeg.php sql injection
E
CVE-2025-1538 D-Link DAP-1320 api set_ws_action heap-based overflow
E
CVE-2025-1539 D-Link DAP-1320 storagein.pd-XXXXXX replace_special_char stack-based overflow
E
CVE-2025-1540 Incorrect Authorization in GitLab
S
CVE-2025-1542 Improper permission control in OXARI ServiceDesk
CVE-2025-1543 iteachyou Dreamer CMS ueditor-1.4.3.3 path traversal
E
CVE-2025-1544 dingfanzu CMS loadShopInfo.php sql injection
E
CVE-2025-1546 BDCOM Behavior Management and Auditing System operate.mds log_operate_clear os command injection
E
CVE-2025-1548 iteachyou Dreamer CMS edit cross site scripting
E
CVE-2025-1550 Arbitrary Code Execution via Crafted Keras Config for Model Loading
CVE-2025-1551 IBM Operational Decision Manager cross-site scripting
CVE-2025-1553 pankajindevops scale project cross site scripting
E
CVE-2025-1555 hzmanyun Education and Training System saveImage unrestricted upload
E
CVE-2025-1556 westboy CicadasCMS Template Management system deserialization
E
CVE-2025-1557 OFCMS cross-site request forgery
E
CVE-2025-1558 Denial of Service Via Malicious GIF
S
CVE-2025-1559 CC-IMG-Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1560 WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1561 AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation
S
CVE-2025-1564 SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover
CVE-2025-1565 Mayosis Core <= 5.4.1 - Unauthenticated Arbitrary File Read
CVE-2025-1566 DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network o...
CVE-2025-1568 Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87....
CVE-2025-1569 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP
CVE-2025-1571 Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets
S
CVE-2025-1572 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter
S
CVE-2025-1573 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1575 Harpia DiagSystem atualatendimento_jpeg.php resource injection
E
CVE-2025-1576 code-projects Real Estate Property Management System ajax_state.php sql injection
E
CVE-2025-1577 code-projects Blood Bank System prostatus.php cross site scripting
E
CVE-2025-1578 PHPGurukul/Campcodes Online Shopping Portal search-result.php sql injection
E
CVE-2025-1579 code-projects Blood Bank System user.php cross site scripting
E
CVE-2025-1580 PHPGurukul Nipah Virus Testing Management System search-report-result.php sql injection
E
CVE-2025-1581 PHPGurukul Online Nurse Hiring System book-nurse.php sql injection
E
CVE-2025-1582 PHPGurukul Online Nurse Hiring System all-request.php sql injection
E
CVE-2025-1583 PHPGurukul Online Nurse Hiring System search-report-details.php sql injection
E
CVE-2025-1584 opensolon Solon StaticMappings.java path traversal
E S
CVE-2025-1585 otale header.html OptionsService cross site scripting
E
CVE-2025-1586 code-projects Blood Bank System A-.php cross site scripting
E
CVE-2025-1587 SourceCodester Telecom Billing Management System Add New Record main.cpp addrecords buffer overflow
E
CVE-2025-1588 PHPGurukul Online Nurse Hiring System manage-nurse.php path traversal
E
CVE-2025-1589 SourceCodester E-Learning System User Registration register.php cross site scripting
CVE-2025-1590 SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload
CVE-2025-1591 SourceCodester Employee Management System Department Page department.php cross site scripting
CVE-2025-1592 SourceCodester Best Employee Management System Add Role Page Role.php cross site scripting
CVE-2025-1593 SourceCodester Best Employee Management System Profile Picture unrestricted upload
CVE-2025-1594 FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow
E
CVE-2025-1595 Anhui Xufan Information Technology EasyCVR getbaseconfig information disclosure
E
CVE-2025-1596 SourceCodester Best Church Management Software fpassword.php sql injection
E
CVE-2025-1597 SourceCodester Best Church Management Software redirect.php cross site scripting
E
CVE-2025-1598 SourceCodester Best Church Management Software asset_crud.php unrestricted upload
E
CVE-2025-1599 SourceCodester Best Church Management Software profile_crud.php path traversal
E
CVE-2025-1606 SourceCodester Best Employee Management System backups.php information disclosure
E
CVE-2025-1607 SourceCodester Best Employee Management System salary_slip.php authorization
E
CVE-2025-1608 LB-LINK AC1900 Router set_manpwd websGetVar os command injection
E
CVE-2025-1609 LB-LINK AC1900 Router set_cmd websGetVar os command injection
E
CVE-2025-1610 LB-LINK AC1900 Router set_blacklist websGetVar os command injection
E
CVE-2025-1611 ShopXO Template ThemeAdminService.php injection
E
CVE-2025-1612 Edimax BR-6288ACL wireless5g_basic.asp cross site scripting
CVE-2025-1613 FiberHome AN5506-01A ONU GPON URL Filtering Submenu URL_filterCfg cross site scripting
CVE-2025-1614 FiberHome AN5506-01A ONU GPON Port Forwarding Submenu portForwardingCfg cross site scripting
CVE-2025-1615 FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting
CVE-2025-1616 FiberHome AN5506-01A ONU GPON Diagnosis os command injection
CVE-2025-1617 Netis WF2780 Wireless 2.4G Menu cross site scripting
CVE-2025-1618 vTiger CRM index.php cross site scripting
CVE-2025-1619 GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
E
CVE-2025-1620 GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
E
CVE-2025-1621 GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
E
CVE-2025-1622 GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
E
CVE-2025-1623 GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
E
CVE-2025-1624 GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
E
CVE-2025-1625 Qi Blocks < 1.4 - Contributor+ Stored XSS via Counter Block
E
CVE-2025-1626 Qi Blocks < 1.4 - Contributor+ Stored XSS vi Countdown Block
E
CVE-2025-1627 Qi Blocks < 1.4 - Contributor+ Stored XSS via ToC Block
E
CVE-2025-1628 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1629 Excitel Broadband Private my Excitel App One-Time Password excessive authentication
CVE-2025-1631 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1632 libarchive bsdunzip.c list null pointer dereference
E
CVE-2025-1634 Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout
M
CVE-2025-1635 Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Ma...
CVE-2025-1636 Exposure of sensitive information in My Personal Credentials password history component in Devolutio...
CVE-2025-1638 Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover
CVE-2025-1639 Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
CVE-2025-1640 Benner ModernaNet JS_CarregaCombo sql injection
E
CVE-2025-1641 Benner ModernaNet GetHorariosDoDia sql injection
E
CVE-2025-1642 Benner ModernaNet GetImageMedico resource injection
E
CVE-2025-1643 Benner ModernaNet SG_AlterarSenha cross-site request forgery
E
CVE-2025-1644 Benner ModernaNet SG_Gravar cross-site request forgery
E
CVE-2025-1645 Benner Connecta EditarLogado resource injection
CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload
E
CVE-2025-1647 XSS in Bootstrap title attribute for Tooltip and Popover
CVE-2025-1648 Yawave <= 2.9.1 - Unauthenticated SQL Injection
E
CVE-2025-1649 CATPRODUCT File Parsing Uninitialized Variable Vulnerability
CVE-2025-1650 CATPRODUCT File Parsing Uninitialized Variable Vulnerability
CVE-2025-1651 MODEL File Parsing Heap-Based Buffer Overflow Vulnerability
CVE-2025-1652 MODEL File Parsing Out-of-Bounds Read Vulnerability
CVE-2025-1653 Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation
M
CVE-2025-1656 PDF File Parsing Heap-based Overflow Vulnerability
CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
CVE-2025-1658 DWFX File Parsing Out-of-Bounds Read Vulnerability
CVE-2025-1659 DWFX File Parsing Out-of-Bounds Read Vulnerability
CVE-2025-1660 DWFX File Parsing Memory Corruption Vulnerability
CVE-2025-1661 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
S
CVE-2025-1662 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding
CVE-2025-1663 Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1664 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1665 Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission
CVE-2025-1667 School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover
CVE-2025-1668 School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion
CVE-2025-1669 School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Teacher+) SQL Injection
CVE-2025-1670 School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection
CVE-2025-1671 Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover
CVE-2025-1672 Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2025-1673 Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg
M
CVE-2025-1674 Out of bounds read when unpacking DNS answers
M
CVE-2025-1675 Out of bounds read in dns_copy_qname
S
CVE-2025-1676 hzmanyun Education and Training System pdf2swf os command injection
E
CVE-2025-1677 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-1681 Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files
CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation
CVE-2025-1683 Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion
CVE-2025-1686 All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Nam...
E
CVE-2025-1687 Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile
CVE-2025-1688 System configuration password reset
S
CVE-2025-1689 ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2025-1690 ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete
CVE-2025-1692 MongoDB Shell may be susceptible to control character injection via pasting
CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output
CVE-2025-1695 NGINX Unit Java Vulnerability
CVE-2025-1696 Exposure of Proxy Credentials in Docker Desktop Logs
CVE-2025-1697 HP Touchpoint Analytics Service – Potential Escalation of Privilege
CVE-2025-1698 Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could al...
S
CVE-2025-1699 An incorrect default permissions vulnerability was reported in the MotoSignature application that co...
S
CVE-2025-1701 Local Privilege Escalation in MIM Admin Service
S
CVE-2025-1702 Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter
CVE-2025-1703 Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter
CVE-2025-1704 ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks a...
E
CVE-2025-1705 tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object
CVE-2025-1707 Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta
CVE-2025-1708 CVE-2025-1708
S
CVE-2025-1709 CVE-2025-1709
S
CVE-2025-1710 CVE-2025-1710
S
CVE-2025-1711 CVE-2025-1711
S
CVE-2025-1712 Arbitrary file write with vcrtrace
CVE-2025-1714 Username Enumeration in Gliffy
CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'
S
CVE-2025-1717 Login Me Now <= 1.7.2 - Authentication Bypass
CVE-2025-1718 An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM...
CVE-2025-1723 Account takeover
CVE-2025-1724 Account Takeover
CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads
CVE-2025-1726 [#BUG-000172669 ArcGIS Monitor has a security vulnerability]
CVE-2025-1727 End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication
M
CVE-2025-1728 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read
CVE-2025-1731 An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H ...
CVE-2025-1732 An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H seri...
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header
CVE-2025-1737 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1738 Multiple vulnerabilities in Trivision Camera NC227WF
S
CVE-2025-1739 Multiple vulnerabilities in Trivision Camera NC227WF
S
CVE-2025-1741 b1gMail Admin Page users.php deserialization
S
CVE-2025-1742 pihome-shc PiHome home.php cross site scripting
E
CVE-2025-1743 zyx0814 Pichome index.php path traversal
E
CVE-2025-1744 Out-of-bounds Write in radare2
S
CVE-2025-1745 LinZhaoguan pb-cms Logout cross-site request forgery
E
CVE-2025-1746 Cross-Site Scripting vulnerability in OpenCart
S
CVE-2025-1747 HTML injection vulnerability in OpenCart
S
CVE-2025-1748 HTML injection vulnerability in OpenCart
S
CVE-2025-1749 HTML injection vulnerability in OpenCart
S
CVE-2025-1750 SQL Injection in run-llama/llama_index
CVE-2025-1751 SQL Injection CIGES
S
CVE-2025-1752 Denial of Service in run-llama/llama_index
E
CVE-2025-1753 Command Injection in LLama-Index CLI in run-llama/llama_index
CVE-2025-1754 Missing Authentication for Critical Function in GitLab
E S
CVE-2025-1755 MongoDB Compass may be susceptible to local privilege escalation in Windows
CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows
CVE-2025-1757 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-1758 Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue af...
CVE-2025-1762 Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF
E
CVE-2025-1763 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update
CVE-2025-1766 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update
CVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repos...
CVE-2025-1768 SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter
S
CVE-2025-1769 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function
S
CVE-2025-1770 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion
CVE-2025-1771 Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post
CVE-2025-1772 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1773 Traveler <= 3.1.8 - Reflected Cross-Site Scripting
CVE-2025-1774 Logs manipulation in BotSense
CVE-2025-1776 Cross-Site Scripting (XSS) vulnerability in Soteshop
S
CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save
CVE-2025-1778 Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete
CVE-2025-1780 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update
S
CVE-2025-1781 There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use spe...
CVE-2025-1782 Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed....
R
CVE-2025-1783 Gallery Styles <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-1784 Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-1785 Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite
S
CVE-2025-1786 rizinorg rizin pdb.c msf_stream_directory_free buffer overflow
E S
CVE-2025-1788 rizinorg rizin utf8.c rz_utf8_encode heap-based overflow
E S
CVE-2025-1791 Zorlan SkyCaiji Tool.php fileAction unrestricted upload
E
CVE-2025-1792 Improper Access Control in Mattermost Channel Member API
S
CVE-2025-1793 SQL Injection in run-llama/llama_index
E
CVE-2025-1795 Mishandling of comma during folding and unicode-encoding of email headers
S
CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify
CVE-2025-1797 Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System anyUserBoundHouse.php sql injection
E
CVE-2025-1798 Design Comuni Italia < 1.1.2 - Unauthenticated Stored XSS
E
CVE-2025-1799 Zorlan SkyCaiji Tool.php previewAction server-side request forgery
E
CVE-2025-1800 D-Link DAR-7000 HTTP POST Request sxh_vpnlic.php get_ip_addr_details command injection
E
CVE-2025-1801 Aap-gateway: aap-gateway privilege escalation
M
CVE-2025-1802 HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
S
CVE-2025-1803 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-1804 Blizzard Battle.Net profapi.dll uncontrolled search path
CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes
CVE-2025-1806 Eastnets PaymentSafe URL Default.aspx improper authorization
E
CVE-2025-1807 Eastnets PaymentSafe Edit Manual Reply directRouter.rfc cross site scripting
E
CVE-2025-1808 Pixsoft E-Saphira Login Endpoint servlet sql injection
E
CVE-2025-1809 Pixsoft Sol Login Endpoint servlet sql injection
E
CVE-2025-1810 Pixsoft Vivaz Login Endpoint servlet cross site scripting
E
CVE-2025-1811 AT Software Solutions ATSVD Login Endpoint login.aspx sql injection
E
CVE-2025-1812 zj1983 zz SuperZ.java GetUserOrg sql injection
E
CVE-2025-1813 zj1983 zz cross-site request forgery
E
CVE-2025-1814 Tenda AC6 WifiExtraSet stack-based overflow
E
CVE-2025-1815 pbrong hrms resource.go HrmsDB improper authorization
E
CVE-2025-1816 FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak
E S
CVE-2025-1817 Mini-Tmall Admin Name admin cross site scripting
E
CVE-2025-1818 zj1983 zz ZfileAction.upload unrestricted upload
E
CVE-2025-1819 Tenda AC7 1200M telnet TendaTelnet os command injection
E
CVE-2025-1820 zj1983 zz ZworkflowAction.java getOaWid sql injection
E
CVE-2025-1821 zj1983 zz ZorgAction.java getUserOrgForUserId sql injection
E
CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
S
CVE-2025-1829 TOTOLINK X18 cstecgi.cgi setMtknatCfg os command injection
E
CVE-2025-1830 zj1983 zz Customer Information cross site scripting
E
CVE-2025-1831 zj1983 zz ZorgAction.java GetDBUser sql injection
E
CVE-2025-1832 zj1983 zz ZroleAction.java getUserList sql injection
E
CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery
E
CVE-2025-1834 zj1983 zz resolve unrestricted upload
E
CVE-2025-1835 osuuu LightPicture Api.php upload unrestricted upload
E
CVE-2025-1836 Incorta Edit Insight csv injection
CVE-2025-1838 IBM Cloud Pak for Business Automation denial of service
S
CVE-2025-1840 ESAFENET CDG updateorg.jsp sql injection
E
CVE-2025-1841 ESAFENET CDG ClientSortLog.jsp sql injection
E
CVE-2025-1842 FITSTATS Technologies AthleteMonitoring login.php cross site scripting
CVE-2025-1843 Mini-Tmall ProductMapper.java select sql injection
E
CVE-2025-1844 ESAFENET CDG backupLogDetail.jsp sql injection
E
CVE-2025-1845 ESAFENET DSM examExportPDF command injection
E
CVE-2025-1846 zj1983 zz File ZfileAction.java deleteLocalFile denial of service
E
CVE-2025-1847 zj1983 zz improper authorization
E
CVE-2025-1848 zj1983 zz import_data_check server-side request forgery
E
CVE-2025-1849 zj1983 zz import_data_todb server-side request forgery
E
CVE-2025-1850 Codezips College Management System university.php sql injection
E
CVE-2025-1851 Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow
E
CVE-2025-1852 Totolink EX1800T cstecgi.cgi loginAuth buffer overflow
E
CVE-2025-1853 Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow
E
CVE-2025-1854 Codezips Gym Management System del_member.php sql injection
E
CVE-2025-1855 PHPGurukul Online Shopping Portal product-details.php sql injection
E
CVE-2025-1856 Codezips Gym Management System gen_invoice.php sql injection
E
CVE-2025-1857 PHPGurukul Nipah Virus Testing Management System check_availability.php sql injection
E
CVE-2025-1858 Codezips Online Shopping Website success.php sql injection
E
CVE-2025-1859 PHPGurukul News Portal login.php sql injection
E
CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions
S
CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes
CVE-2025-1863 Insecure default settings for recorder products
CVE-2025-1864 Buffer Overflow and Potential Code Execution in Radare2
CVE-2025-1865 Local Privilege Escalation in Virtual CloneDrive Kernel Driver
CVE-2025-1866 Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic in libwebsockets
S
CVE-2025-1867 HTTP Response Smuggling Vulnerability in libhv
S
CVE-2025-1868 Information display on multiple products from Famatech Corp
S
CVE-2025-1869 SQL injection vulnerability in 101news
CVE-2025-1870 SQL injection vulnerability in 101news
CVE-2025-1871 SQL injection vulnerability in 101news
CVE-2025-1872 SQL injection vulnerability in 101news
CVE-2025-1873 SQL injection vulnerability in 101news
CVE-2025-1874 SQL injection vulnerability in 101news
CVE-2025-1875 SQL injection vulnerability in 101news
CVE-2025-1876 D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow
E
CVE-2025-1877 D-Link DAP-1562 HTTP POST Request pure_auth_check null pointer dereference
E
CVE-2025-1878 i-Drive i11/i12 WiFi default password
CVE-2025-1879 i-Drive i11/i12 APK hard-coded credentials
CVE-2025-1880 i-Drive i11/i12 Device Pairing authentication bypass
CVE-2025-1881 i-Drive i11/i12 Video Footage/Live Video Stream access control
CVE-2025-1882 i-Drive i11/i12 Device Setting improper access control for register interface
CVE-2025-1883 Out-Of-Bounds Write vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
CVE-2025-1884 Use-After-Free vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
CVE-2025-1886 Pass-Back vulnerability in Sage 200 Spain
S
CVE-2025-1887 SMB forced authentication vulnerability in Sage 200 Spain
S
CVE-2025-1888 Reflected Cross Site Scripting in Aperio Eslide Manager
CVE-2025-1889 picklescan - Security scanning bypass via non-standard file extensions
E M
CVE-2025-1890 shishuocms ManageUpLoadAction.java handleRequest unrestricted upload
E
CVE-2025-1891 shishuocms cross-site request forgery
E
CVE-2025-1892 shishuocms Directory Deletion Page add.json cross site scripting
E
CVE-2025-1893 Open5GS AMF gmm-sm.c gmm_state_authentication denial of service
E S
CVE-2025-1894 PHPGurukul Restaurant Table Booking System search-result.php sql injection
E
CVE-2025-1895 Tenda TX3 setMacFilterCfg buffer overflow
E
CVE-2025-1896 Tenda TX3 SetStaticRouteCfg buffer overflow
E
CVE-2025-1897 Tenda TX3 SetNetControlList buffer overflow
E
CVE-2025-1898 Tenda TX3 openSchedWifi buffer overflow
E
CVE-2025-1899 Tenda TX3 setPptpUserList buffer overflow
E
CVE-2025-1900 PHPGurukul Restaurant Table Booking System add-table.php sql injection
E
CVE-2025-1901 PHPGurukul Restaurant Table Booking System check_availability.php sql injection
E
CVE-2025-1902 PHPGurukul Student Record System password-recovery.php sql injection
E
CVE-2025-1903 Codezips Online Shopping Website cart_add.php sql injection
E
CVE-2025-1904 code-projects Blood Bank System A+.php cross site scripting
E
CVE-2025-1905 SourceCodester Employee Management System employee.php cross site scripting
E
CVE-2025-1906 PHPGurukul Restaurant Table Booking System profile.php sql injection
E
CVE-2025-1907 Instantel Micromate Missing Authentication for Critical Function
M
CVE-2025-1908 Business Logic Errors in GitLab
E S
CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider
CVE-2025-1911 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function
S
CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function
S
CVE-2025-1913 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
S
CVE-2025-1914 Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perfor...
CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows ...
CVE-2025-1916 Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced...
CVE-2025-1917 Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowe...
CVE-2025-1918 Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to po...
CVE-2025-1919 Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to pot...
CVE-2025-1920 Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentiall...
CVE-2025-1921 Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remot...
CVE-2025-1922 Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed...
CVE-2025-1923 Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed a...
CVE-2025-1925 Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service
E
CVE-2025-1926 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification
CVE-2025-1930 On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a u...
CVE-2025-1931 It was possible to cause a use-after-free in the content process side of a WebTransport connection, ...
CVE-2025-1932 An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-o...
CVE-2025-1933 On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over me...
CVE-2025-1934 It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, poten...
CVE-2025-1935 A web page could trick a user into setting that site as the default handler for a custom URL protoco...
CVE-2025-1936 jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it wa...
CVE-2025-1937 Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, a...
E
CVE-2025-1938 Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7...
CVE-2025-1939 Android apps can load web pages using the Custom Tabs feature. This feature supports a transition an...
CVE-2025-1940 A select option could partially obscure the confirmation prompt shown before launching external apps...
CVE-2025-1941 Under certain circumstances, a user opt-in setting that Focus should require authentication before u...
CVE-2025-1942 When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to ...
CVE-2025-1943 Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of...
CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash
E S
CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
E S
CVE-2025-1946 hzmanyun Education and Training System exportPDF command injection
E
CVE-2025-1947 hzmanyun Education and Training System UploadImageController.java scorm command injection
E
CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation
CVE-2025-1949 ZZCMS URL register_nodb.php cross site scripting
E
CVE-2025-1950 IBM Hardware Management Console - Power Systems command execution
CVE-2025-1951 IBM Hardware Management Console - Power Systems command execution
CVE-2025-1952 PHPGurukul Restaurant Table Booking System password-recovery.php sql injection
E
CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values
S
CVE-2025-1954 PHPGurukul Human Metapneumovirus Testing Management System login.php sql injection
E
CVE-2025-1955 code-projects Online Class and Exam Scheduling System profile.php cross site scripting
E
CVE-2025-1956 code-projects Shopping Portal Login index.php sql injection
E
CVE-2025-1957 code-projects Blood Bank System o+.php cross site scripting
E
CVE-2025-1958 aaluoxiang oa_system address-mapper.xml sql injection
E
CVE-2025-1959 Codezips Gym Management System change_s_pwd.php sql injection
E
CVE-2025-1960 CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could caus...
CVE-2025-1961 SourceCodester Best Church Management Software web_crud.php sql injection
E
CVE-2025-1962 projectworlds Online Hotel Booking addroom.php sql injection
E
CVE-2025-1963 projectworlds Online Hotel Booking reservation.php sql injection
E
CVE-2025-1964 projectworlds Online Hotel Booking booknow.php sql injection
E
CVE-2025-1965 projectworlds Online Hotel Booking login.php sql injection
E
CVE-2025-1966 PHPGurukul Pre-School Enrollment System index.php sql injection
E
CVE-2025-1967 code-projects Blood Bank Management System donor.php cross site scripting
E
CVE-2025-1968 Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some...
CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center
CVE-2025-1970 Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function
S
CVE-2025-1971 Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
S
CVE-2025-1972 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function
S
CVE-2025-1973 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function
S
CVE-2025-1974 ingress-nginx admission controller RCE escalation
M
CVE-2025-1975 Improper Validation of Array Index in ollama/ollama
CVE-2025-1976 Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
KEV
CVE-2025-1979 Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into ...
CVE-2025-1980 Remote Code Execution via Unrestricted File Upload in Ready_
CVE-2025-1981 SQL Injection in Ready_
CVE-2025-1982 Local File Inclusion in Ready_
CVE-2025-1983 Stored Cross-Site Scripting in Ready_
CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5
CVE-2025-1985 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability
CVE-2025-1986 Gutentor < 3.4.7 - Admin+ SQL Injection
E
CVE-2025-1987 Stored XSS in Psono-Client via Malicious Vault Entry URLs
S
CVE-2025-1990 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-1991 IBM Informix Dynamic Server denial of service
S
CVE-2025-1992 IBM Db2 denial of service
S
CVE-2025-1993 IBM App Connect Enterprise Certified Container information disclosure
S
CVE-2025-1997 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
CVE-2025-1998 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.