CVE-2025-2xxx

There are 841 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-2000 Qiskit SDK code execution
S
CVE-2025-2002 CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the...
CVE-2025-2003 Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenti...
CVE-2025-2004 Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion
CVE-2025-2005 Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
CVE-2025-2006 Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-2007 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-2008 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-2009 Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-2010 JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection
CVE-2025-2011 Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
CVE-2025-2012 Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-2013 Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-2014 Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-2015 Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-2016 Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-2017 Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-2018 Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-2019 Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-2020 Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-2021 Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-2022 Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-2023 Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-2024 Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability
CVE-2025-2025 Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function
S
CVE-2025-2027 A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerabil...
CVE-2025-2029 MicroDicom DICOM Viewer mDicom.exe memory corruption
S
CVE-2025-2030 Seeyon Zhiyuan Interconnect FE Collaborative Office Platform addUser.jsp sql injection
E
CVE-2025-2031 ChestnutCMS upload uploadFile unrestricted upload
E
CVE-2025-2032 ChestnutCMS rename renameFile path traversal
E
CVE-2025-2033 code-projects Blood Bank Management System view_donor.php sql injection
E
CVE-2025-2034 PHPGurukul Pre-School Enrollment System edit-class.php sql injection
E
CVE-2025-2035 s-a-zhd Ecommerce-Website-using-PHP customer_register.php unrestricted upload
E
CVE-2025-2036 s-a-zhd Ecommerce-Website-using-PHP details.php sql injection
E
CVE-2025-2037 code-projects Blood Bank Management System delete_requester.php sql injection
E
CVE-2025-2038 code-projects Blood Bank Management System upload exposure of information through directory listing
E
CVE-2025-2039 code-projects Blood Bank Management System delete_members.php sql injection
E
CVE-2025-2040 zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine
E
CVE-2025-2041 s-a-zhd Ecommerce-Website-using-PHP shop.php sql injection
E
CVE-2025-2042 huang-yk student-manage cross-site request forgery
E
CVE-2025-2043 LinZhaoguan pb-cms Add New Topic admin#themes deserialization
E
CVE-2025-2044 code-projects Blood Bank Management System delete_bloodGroup.php sql injection
E
CVE-2025-2045 Incorrect Authorization in GitLab
E S
CVE-2025-2046 SourceCodester Best Employee Management System print1.php sql injection
E
CVE-2025-2047 PHPGurukul Art Gallery Management System search.php cross site scripting
E
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
E
CVE-2025-2049 code-projects Blood Bank System AB+.php cross site scripting
E
CVE-2025-2050 PHPGurukul User Registration & Login and User Management System login.php sql injection
E
CVE-2025-2051 PHPGurukul Apartment Visitors Management System search-visitor.php sql injection
E
CVE-2025-2052 PHPGurukul Apartment Visitors Management System forgot-password.php sql injection
E
CVE-2025-2053 PHPGurukul Apartment Visitors Management System visitor-detail.php sql injection
E
CVE-2025-2054 code-projects Blood Bank Management System edit_state.php sql injection
E
CVE-2025-2055 MapPress Maps for WordPress < 2.94.9 - Contributor+ Stored XSS
E
CVE-2025-2056 WP Ghost <= 5.4.01 - Unauthenticated Limited File Read
S
CVE-2025-2057 PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection
E
CVE-2025-2058 PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection
E
CVE-2025-2059 PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection
E
CVE-2025-2060 PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection
E
CVE-2025-2061 code-projects Online Ticket Reservation System passenger.php cross site scripting
E
CVE-2025-2062 projectworlds Life Insurance Management System clientStatus.php sql injection
E
CVE-2025-2063 projectworlds Life Insurance Management System deleteNominee.php sql injection
E
CVE-2025-2064 projectworlds Life Insurance Management System deletePayment.php sql injection
E
CVE-2025-2065 projectworlds Life Insurance Management System editAgent.php sql injection
E
CVE-2025-2066 projectworlds Life Insurance Management System updateAgent.php sql injection
E
CVE-2025-2067 projectworlds Life Insurance Management System search.php sql injection
E
CVE-2025-2068 An open redirect vulnerability was reported in the FileZ client that could allow information disclos...
S
CVE-2025-2069 A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of ...
S
CVE-2025-2070 An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary fi...
S
CVE-2025-2071 OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
S
CVE-2025-2072 Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI
S
CVE-2025-2073 Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a...
E
CVE-2025-2074 Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter
CVE-2025-2075 Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE-2025-2076 binlayerpress <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-2077 Simple Amazon Affiliate <= 1.0.9 - Reflected Cross-Site Scripting
CVE-2025-2078 BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-2079 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11...
S
CVE-2025-2080 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11...
S
CVE-2025-2081 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11...
S
CVE-2025-2082 Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability
CVE-2025-2083 Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter
CVE-2025-2084 PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting
E
CVE-2025-2085 StarSea99 starsea-mall save cross site scripting
E
CVE-2025-2086 StarSea99 starsea-mall update cross site scripting
E
CVE-2025-2087 StarSea99 starsea-mall update cross site scripting
E
CVE-2025-2088 PHPGurukul Pre-School Enrollment System profile.php sql injection
E
CVE-2025-2089 StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control
E
CVE-2025-2090 PHPGurukul Pre-School Enrollment System Sub Admin add-subadmin.php access control
E
CVE-2025-2091 Open redirection in M-Files Mobile
S
CVE-2025-2092 Remote site authentication secrets written to web log
CVE-2025-2093 PHPGurukul Online Library Management System change-password.php password recovery
E
CVE-2025-2094 TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig os command injection
E
CVE-2025-2095 TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection
E
CVE-2025-2096 TOTOLINK EX1800T cstecgi.cgi setRebootScheCfg os command injection
E
CVE-2025-2097 TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow
E
CVE-2025-2098 Dylib Hijacking in Fast CAD Reader
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E S
CVE-2025-2101 Edumall <= 4.2.4 - Unauthenticated Local File Inclusion
CVE-2025-2102 Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on...
CVE-2025-2103 SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-2104 Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication
S
CVE-2025-2105 Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR
S
CVE-2025-2106 Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection
CVE-2025-2107 Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection
CVE-2025-2108 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget
CVE-2025-2109 WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function
CVE-2025-2110 WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions
CVE-2025-2111 WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update
CVE-2025-2112 user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection
E
CVE-2025-2113 AT Software Solutions ATSVD Esqueceu a senha sql injection
E
CVE-2025-2114 Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization
E
CVE-2025-2115 zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload
E
CVE-2025-2116 Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery
E
CVE-2025-2117 Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection
E
CVE-2025-2118 Quantico Tecnologia PRMV Login Endpoint login.php sql injection
CVE-2025-2119 Thinkware Car Dashcam F800 Pro Device Registration default credentials
E
CVE-2025-2120 Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk
E
CVE-2025-2121 Thinkware Car Dashcam F800 Pro File Storage access control
E
CVE-2025-2122 Thinkware Car Dashcam F800 Pro Connection denial of service
E
CVE-2025-2123 GeSHi CSS cssgen.php get_var cross site scripting
E
CVE-2025-2124 Control iD RH iD API change_password cross site scripting
CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection
CVE-2025-2126 JoomlaUX JUX Real Estate GET Parameter realties sql injection
CVE-2025-2127 JoomlaUX JUX Real Estate realties cross site scripting
E
CVE-2025-2128 Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter
CVE-2025-2129 Mage AI insecure default initialization of resource
E
CVE-2025-2130 OpenXE Ticket Bearbeiten Page cross site scripting
E
CVE-2025-2131 dayrui XunRuiCMS Friendly Links cross site scripting
E
CVE-2025-2132 ftcms Search ajax_all_lists sql injection
E
CVE-2025-2133 ftcms edit cross site scripting
E
CVE-2025-2135 Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentiall...
CVE-2025-2136 Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to pot...
CVE-2025-2137 Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perfor...
CVE-2025-2141 IBM System Storage Virtualization Engine TS7700 cross-site scripting
S
CVE-2025-2146 Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and L...
CVE-2025-2147 Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access
E
CVE-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption
E
CVE-2025-2149 PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization
E
CVE-2025-2150 HGiga C&Cm@il - Stored Cross-Site Scripting
S
CVE-2025-2151 Open Asset Import Library Assimp File ParsingUtils.h GetNextLine stack-based overflow
E
CVE-2025-2152 Open Asset Import Library Assimp File BaseImporter.cpp ConvertToUTF8 heap-based overflow
E
CVE-2025-2153 HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
E
CVE-2025-2156 Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed....
R
CVE-2025-2157 Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
CVE-2025-2158 WordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom Fields
CVE-2025-2159 Stored XSS in M-Files Admin user interface
CVE-2025-2160 Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup...
CVE-2025-2161 Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup...
CVE-2025-2162 MapPress Maps for WordPress < 2.94.10 - Admin+ Stored XSS
E
CVE-2025-2163 Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-2164 pixelstats <= 0.8.2 - Reflected Cross-Site Scripting
CVE-2025-2165 SH Email Alert <= 1.0 - Reflected Cross-Site Scripting
CVE-2025-2166 CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting
CVE-2025-2167 Event post <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-2168 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update
S
CVE-2025-2169 WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2170 A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work...
CVE-2025-2171 Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on ...
CVE-2025-2172 Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prio...
CVE-2025-2173 libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer
S
CVE-2025-2174 libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow
S
CVE-2025-2175 libzvbi _vbi_strndup_iconv integer overflow
S
CVE-2025-2176 libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow
S
CVE-2025-2177 libzvbi search.c vbi_search_new integer overflow
S
CVE-2025-2185 ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration
S
CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId'
CVE-2025-2188 Whitelist bypass Vulnerability in GameCenter
CVE-2025-2189 Information Disclosure Vulnerability in Tinxy Smart Devices
S
CVE-2025-2190 The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may...
CVE-2025-2191 Claro A7600-A1 Ping6 Diagnóstico form2pingv6.cgi cross site scripting
CVE-2025-2192 Stoque Zeev.it Login Page server-side request forgery
E
CVE-2025-2193 MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal
E
CVE-2025-2194 MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting
E
CVE-2025-2195 MRCMS org.marker.mushroom.controller.FileController rename.do rename cross site scripting
E
CVE-2025-2196 MRCMS org.marker.mushroom.controller.FileController upload.do upload cross site scripting
E
CVE-2025-2197 Type Confusion Vulnerability in Browser
CVE-2025-2198 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2199 SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php
S
CVE-2025-2200 SQL injection vulnerability in the Innovación y Cualificación IcProgreso plugin
S
CVE-2025-2201 Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
S
CVE-2025-2202 Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php
S
CVE-2025-2203 WooCommerce Checkout & Funnel Builder by FunnelKit < 3.10.2 - Admin+ SQL Injection
E
CVE-2025-2205 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting
E
CVE-2025-2206 aitangbao springboot-manager permission cross site scripting
E
CVE-2025-2207 aitangbao springboot-manager dept cross site scripting
E
CVE-2025-2208 aitangbao springboot-manager Filename upload cross site scripting
E
CVE-2025-2209 aitangbao springboot-manager add cross site scripting
E
CVE-2025-2210 aitangbao springboot-manager add cross site scripting
E
CVE-2025-2211 aitangbao springboot-manager add cross site scripting
E
CVE-2025-2212 Castlenet CBW383G2N RgSwInfo.asp cross site scripting
CVE-2025-2213 Castlenet CBW383G2N Wireless Menu wlanPrimaryNetwork.asp cross site scripting
CVE-2025-2214 Microweber Settings index.php cross site scripting
E
CVE-2025-2215 Doufox s=doudou path traversal
E
CVE-2025-2216 zzskzy Warehouse Refinement Management System SaveCrash.ashx UploadCrash unrestricted upload
E
CVE-2025-2217 zzskzy Warehouse Refinement Management System getAdyData.ashx ProcessRequest sql injection
E
CVE-2025-2218 LoveCards LoveCardsV2 Setting other access control
E
CVE-2025-2219 LoveCards LoveCardsV2 image unrestricted upload
E
CVE-2025-2220 Odyssey CMS reCAPTCHA odyssey_contact_form.php key management
E
CVE-2025-2221 WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection
S
CVE-2025-2222 CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that co...
CVE-2025-2223 CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, I...
CVE-2025-2224 Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing
CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'
CVE-2025-2228 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure
CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials
S
CVE-2025-2230 Philips Intellispace Cardiovascular (ISCV) Improper Authentication
S
CVE-2025-2231 PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
CVE-2025-2233 Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability
CVE-2025-2236 Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication.
S
CVE-2025-2237 WP RealEstate <= 1.6.26 - Authentication Bypass via 'process_register'
CVE-2025-2238 Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'
CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
S
CVE-2025-2240 Smallrye-fault-tolerance: smallrye fault tolerance
M
CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm
M
CVE-2025-2242 Incorrect Authorization in GitLab
S
CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634)
S
CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)
S
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
S
CVE-2025-2247 WP-PManager <= 1.2 - Category Deletion via CSRF
E
CVE-2025-2248 WP-PManager <= 1.2 - Admin+ SQL Injection
E
CVE-2025-2249 SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2025-2250 WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins <= 2.32 - Authenticated (Admin+) SQL Injection
CVE-2025-2251 Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure
CVE-2025-2253 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-2255 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-2257 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 - Authenticated (Admin+) Command Injection
S
CVE-2025-2258 Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
S
CVE-2025-2259 Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
S
CVE-2025-2260 Eclipse ThreadX NetX Duo HTTP component server denial of service
CVE-2025-2261 TIBCO BPM Enterprise XSS Vulnerability
CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2263 Santesoft Sante PACS Server Stack-based Buffer Overflow
E
CVE-2025-2264 Santesoft Sante PACS Server Path Traversal Information Disclosure
E
CVE-2025-2265 Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation
CVE-2025-2266 Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update
CVE-2025-2267 WP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download
CVE-2025-2268 HP LaserJet MFP M232-M237 Printer Series - Potential Denial of Service
CVE-2025-2269 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter
CVE-2025-2270 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion
CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp
S
CVE-2025-2272 Privilege Escalation and Arbitrary code execution in F1E Endpoint
S
CVE-2025-2275 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2276 Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation
CVE-2025-2277 Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and e...
CVE-2025-2278 Improper access control in temporary access requests and checkout requests endpoints in Devolutions ...
CVE-2025-2279 Maps - Google Maps <= 1.0.6 - Contributor+ Stored XSS
E
CVE-2025-2280 Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and ...
CVE-2025-2284 Santesoft Sante PACS Server Access of Uninitialized Pointer DoS
CVE-2025-2285 Local Code Execution Vulnerability in Arena®
S
CVE-2025-2286 Local Code Execution Vulnerability in Arena®
S
CVE-2025-2287 Local Code Execution Vulnerability in Arena®
S
CVE-2025-2288 Local Code Execution Vulnerability in Arena®
S
CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates
CVE-2025-2290 LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing
S
CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account
M
CVE-2025-2292 Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
CVE-2025-2293 Local Code Execution Vulnerability in Arena®
S
CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
CVE-2025-2295 Potential iSCSI R2T PDU Vulnerability
CVE-2025-2298 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software
CVE-2025-2299 LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
S
CVE-2025-2300 Information exposure vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
CVE-2025-2302 Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode
CVE-2025-2303 Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution
CVE-2025-2304 Camaleon CMS Privilege Escalation
CVE-2025-2305 Local file inclusion vulnerability in LIVE CONTRACT
S
CVE-2025-2306 Improper Access Control vulnerability in LIVE CONTRACT
S
CVE-2025-2308 HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
E
CVE-2025-2309 HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
E
CVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
E
CVE-2025-2311 Authentication Bypass in Sechard Information Technologies' SecHard
CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments
S
CVE-2025-2314 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-2317 Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter
CVE-2025-2319 EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution
CVE-2025-2320 274056675 springboot-openai-chatgpt User submit improper authorization
E
CVE-2025-2321 274056675 springboot-openai-chatgpt addData logic error
E
CVE-2025-2322 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
E
CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow
E
CVE-2025-2324 A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder
CVE-2025-2325 WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting
S
CVE-2025-2326 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-2327 FlashArray KEK Logging Vulnerability
S
CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion
CVE-2025-2330 All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget
S
CVE-2025-2331 GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure
CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection
CVE-2025-2333 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-2334 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control
E
CVE-2025-2335 Drivin Soluções API registerSchool cross site scripting
CVE-2025-2336 AngularJS improper sanitization in SVG '' element with 'ngSanitize'
E
CVE-2025-2337 tbeu matio mat.c Mat_VarPrint heap-based overflow
E
CVE-2025-2338 tbeu matio io.c strdup_vprintf heap-based overflow
E
CVE-2025-2339 otale Tale Blog logs improper authentication
E
CVE-2025-2340 otale Tale Blog Site Settings save saveOptions cross site scripting
E
CVE-2025-2341 IROAD Dash Cam X5 SSID default credentials
E
CVE-2025-2342 IROAD X5 Mobile App API Endpoint hard-coded credentials
E
CVE-2025-2343 IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials
CVE-2025-2344 IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication
CVE-2025-2345 IROAD Dash Cam X5/Dash Cam X6 improper authorization
CVE-2025-2346 IROAD Dash Cam X5/Dash Cam X6 Domain origin validation
CVE-2025-2347 IROAD Dash Cam FX2 Device Registration default password
E
CVE-2025-2348 IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
E
CVE-2025-2349 IROAD Dash Cam FX2 Password Hash passwd weak password hash
E
CVE-2025-2350 IROAD Dash Cam FX2 upload_file unrestricted upload
E
CVE-2025-2351 DayCloud StudentManage Login Endpoint adminScoreUrl sql injection
CVE-2025-2352 StarSea99 starsea-mall Backend save cross site scripting
E
CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection
CVE-2025-2354 VAM Virtual Airlines Manager index.php cross site scripting
CVE-2025-2355 BlackVue App API Endpoint credentials storage
E
CVE-2025-2356 BlackVue App API deviceDelete get request method with sensitive query strings
E
CVE-2025-2357 DCMTK dcmjpls JPEG-LS Decoder memory corruption
E S
CVE-2025-2358 Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Service.asmx sql injection
E
CVE-2025-2359 D-Link DIR-823G DDNS Service HNAP1 SetDDNSSettings improper authorization
E
CVE-2025-2360 D-Link DIR-823G UPnP Service HNAP1 SetUpnpSettings improper authorization
E
CVE-2025-2361 Mercurial SCM Web Interface cross site scripting
CVE-2025-2362 PHPGurukul Pre-School Enrollment System contact-us.php sql injection
E
CVE-2025-2363 lenve VBlog ArticleController.java uploadImg path traversal
E
CVE-2025-2364 lenve VBlog ArticleService.java addNewArticle cross site scripting
E
CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference
E
CVE-2025-2366 gougucms Add Department Page add cross site scripting
E
CVE-2025-2367 Oiwtech OIW-2431APGN-HP Personal Script Submenu formScript os command injection
CVE-2025-2368 WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow
E S
CVE-2025-2369 TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow
E
CVE-2025-2370 TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow
E
CVE-2025-2371 PHPGurukul Human Metapneumovirus Testing Management System Registered Mobile Number Search registered-user-testing.php cross site scripting
E
CVE-2025-2372 PHPGurukul Human Metapneumovirus Testing Management System Password Recovery Page password-recovery.php sql injection
E
CVE-2025-2373 PHPGurukul Human Metapneumovirus Testing Management System check_availability.php sql injection
E
CVE-2025-2374 PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
E
CVE-2025-2375 PHPGurukul Human Metapneumovirus Testing Management System Admin Profile Page profile.php cross site scripting
E
CVE-2025-2376 viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization
E
CVE-2025-2377 SourceCodester Vehicle Management System confirmbooking.php cross site scripting
E
CVE-2025-2378 PHPGurukul Medical Card Generation System download-medical-cards.php sql injection
E
CVE-2025-2379 PHPGurukul Apartment Visitors Management System create-pass.php sql injection
E
CVE-2025-2380 PHPGurukul Apartment Visitors Management System admin-profile.php sql injection
E
CVE-2025-2381 PHPGurukul Curfew e-Pass Management System search-pass.php sql injection
E
CVE-2025-2382 PHPGurukul Online Banquet Booking System booking-search.php sql injection
E
CVE-2025-2383 PHPGurukul Doctor Appointment Management System search.php sql injection
E
CVE-2025-2384 code-projects Real Estate Property Management System Parameter InsertCustomer.php sql injection
E
CVE-2025-2385 code-projects Modern Bag login.php sql injection
E
CVE-2025-2386 PHPGurukul Local Services Search Engine Management System serviceman-search.php sql injection
E
CVE-2025-2387 SourceCodester Online Food Ordering System ajax.php sql injection
E
CVE-2025-2388 Keytop 路内停车收费系统 API getParks improper authentication
E
CVE-2025-2389 code-projects Blood Bank Management System add_city.php sql injection
E
CVE-2025-2390 code-projects Blood Bank Management System add_donor.php sql injection
E
CVE-2025-2391 code-projects Blood Bank Management System Admin Login Page admin_login.php sql injection
E
CVE-2025-2392 code-projects Online Class and Exam Scheduling System activate.php sql injection
E
CVE-2025-2393 code-projects Online Class and Exam Scheduling System salut_del.php sql injection
E
CVE-2025-2394 Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys ...
CVE-2025-2395 e-Excellence U-Office Force - Improper Authentication
S
CVE-2025-2396 e-Excellence U-Office Force - Arbitrary File Upload
S
CVE-2025-2397 China Mobile P22g-CIac Telnet Service improper authorization
E
CVE-2025-2398 China Mobile P22g-CIac CLI su Command default credentials
E
CVE-2025-2400 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2401 Buffer overflow in Immunity Debugger
S
CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub
CVE-2025-2403 A denial-of-service vulnerability due to improper prioritization of network traffic over protection ...
CVE-2025-2407 Missing Authentication & Authorization in Web-API allows adversary unrestricted access
CVE-2025-2408 Insufficient Granularity of Access Control in GitLab
E S
CVE-2025-2409 Admin Authorized System File corruption
CVE-2025-2410 Admin Authorized Port (iptables) manipulation (open/close/disable ports)
CVE-2025-2419 code-projects Real Estate Property Management System InsertFeedback.php sql injection
E
CVE-2025-2420 猫宁i Morning cross-site request forgery
E
CVE-2025-2421 Remote Code Execution in Profelis Informatics' SambaBox
CVE-2025-2422 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation
S
CVE-2025-2440 CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead ...
CVE-2025-2441 CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead...
CVE-2025-2442 CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could pote...
CVE-2025-2443 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-2449 NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability
CVE-2025-2450 NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability
CVE-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab
E S
CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'
CVE-2025-2471 PHPGurukul Boat Booking System boat-details.php sql injection
E
CVE-2025-2472 PHPGurukul Apartment Visitors Management System Sign In index.php sql injection
E
CVE-2025-2473 PHPGurukul Company Visitor Management System Sign In index.php sql injection
E
CVE-2025-2474 Vulnerability in PCX Image Codec Impacts QNX Software Development Platform
CVE-2025-2475 Unauthorized Bot Login Using Credentials
S
CVE-2025-2476 Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potenti...
CVE-2025-2477 CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter
CVE-2025-2478 Code Clone <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter
CVE-2025-2479 Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter
CVE-2025-2480 Santesoft Sante DICOM Viewer Pro Out-of-bounds Write
S
CVE-2025-2481 MediaView <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter
CVE-2025-2482 Gotcha | Gesture-based Captcha <= 1.0.0 - Reflected Cross-Site Scripting via menu Parameter
CVE-2025-2483 Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter
CVE-2025-2484 Multi Video Box <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
CVE-2025-2487 389-ds-base: null pointer dereference leads to denial of service
M
CVE-2025-2488 XSS in Profelis Informatics' SambaBox
CVE-2025-2489 Insecure storage of sensitive information in NTFS Tool
S
CVE-2025-2490 Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting
E
CVE-2025-2491 Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting
E
CVE-2025-2492 An improper authentication control vulnerability exists in AiCloud. This vulnerability can be trigge...
CVE-2025-2493 Path Traversal vulnerability in Softdial Contact Center
CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center
CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center
CVE-2025-2496 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2497 DWG File Parsing Stack-Based Buffer Vulnerability
CVE-2025-2499 Client side access control bypass in the permission component in Devolutions Remote Desktop Manager...
CVE-2025-2500 A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If succes...
CVE-2025-2501 An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local at...
S
CVE-2025-2502 An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a l...
S
CVE-2025-2503 An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a l...
S
CVE-2025-2504 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2505 Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'
CVE-2025-2506 When pglogical attempts to replicate data, it does not verify it is using a replication connection, ...
CVE-2025-2509 Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve a...
CVE-2025-2510 Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter
CVE-2025-2511 AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter
CVE-2025-2512 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function
CVE-2025-2513 Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2516 Use of a weak cryptographic key in the signature verification process in WPS Office
CVE-2025-2517 Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
CVE-2025-2518 IBM Db2 denial of service
S
CVE-2025-2519 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Download
CVE-2025-2520 Dereferencing of an uninitialized pointer leads to denial of service.
CVE-2025-2521 Lack of indexes’ validation against buffer borders leads to remote code execution.
CVE-2025-2522 Lack of buffer clearing before reuse may result in incorrect system behavior.
CVE-2025-2523 Lack of buffer clearing before reuse may result in incorrect system behavior.
CVE-2025-2524 Ninja Forms < 3.10.1 - Admin+ Stored XSS
E
CVE-2025-2525 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover
CVE-2025-2527 Improper access control to group information
S
CVE-2025-2528 Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windo...
CVE-2025-2530 Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability
CVE-2025-2531 Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-2532 Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2025-2536 Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay D...
CVE-2025-2537 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library
CVE-2025-2538 BUG-000174336
CVE-2025-2539 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
CVE-2025-2540 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library
CVE-2025-2541 WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2025-2542 Your Simple SVG Support <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2543 Advanced Accordion Gutenberg Block <= 5.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2544 AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2545 Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME
S
CVE-2025-2546 D-Link DIR-618/DIR-605L Firewall Service formAdvFirewall access control
E
CVE-2025-2547 D-Link DIR-618/DIR-605L formAdvNetwork access control
E
CVE-2025-2548 D-Link DIR-618/DIR-605L formSetDomainFilter access control
E
CVE-2025-2549 D-Link DIR-618/DIR-605L formSetPassword access control
E
CVE-2025-2550 D-Link DIR-618/DIR-605L DDNS Service formSetDDNS access control
E
CVE-2025-2551 D-Link DIR-618/DIR-605L formSetPortTr access control
E
CVE-2025-2552 D-Link DIR-618/DIR-605L formTcpipSetup access control
E
CVE-2025-2553 D-Link DIR-618/DIR-605L formVirtualServ access control
E
CVE-2025-2555 Audi Universal Traffic Recorder App FTP Credentials hard-coded password
E
CVE-2025-2556 Audi UTR Dashcam Video Stream hard-coded credentials
E
CVE-2025-2557 Audi UTR Dashcam Command API access control
E
CVE-2025-2558 The Wound <= 0.0.1 - Unauthenticated LFI
E
CVE-2025-2559 Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak
CVE-2025-2560 Ninja Forms < 3.10.1 - Admin+ Stored XSS
E
CVE-2025-2561 Ninja Forms < 3.10.1 - Admin+ Stored XSS
E
CVE-2025-2562 Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allo...
CVE-2025-2563 User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation
E
CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info
S
CVE-2025-2565 The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0...
CVE-2025-2566 Deserialization of Untrusted Data in Kaleris Navis N4
S
CVE-2025-2567 Lantronix Xport Missing Authentication for Critical Function
M
CVE-2025-2568 Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update
CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can
S
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
S
CVE-2025-2572 WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability
CVE-2025-2573 Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2574 Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking
CVE-2025-2575 Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2025-2576 Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2577 Bitspecter Suite <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2578 Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure
CVE-2025-2579 Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload
CVE-2025-2580 Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-2581 xmedcon DICOM File malloc integer underflow
S
CVE-2025-2582 SimpleMachines SMF ManageAttachments.php cross site scripting
E
CVE-2025-2583 SimpleMachines SMF ManageNews.php cross site scripting
E
CVE-2025-2584 WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow
E
CVE-2025-2585 EBM Technologies EBM Maintenance Center - SQL injection
S
CVE-2025-2586 Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion
CVE-2025-2587 Jinher OA C6 IncentivePlanFulfillAppprove.aspx sql injection
E
CVE-2025-2588 Hercules Augeas fa.c re_case_expand null pointer dereference
E
CVE-2025-2589 code-projects Human Resource Management System Account.go Index improper authorization
E
CVE-2025-2590 code-projects Human Resource Management System recruitment.go UpdateRecruitmentById cross site scripting
E
CVE-2025-2591 Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 divide by zero
E S
CVE-2025-2592 Open Asset Import Library Assimp CSMLoader.cpp InternReadFile heap-based overflow
E S
CVE-2025-2593 FastCMS list sql injection
E
CVE-2025-2594 User Registration & Membership < 4.1.3 - Authentication Bypass
E
CVE-2025-2595 Forced Browsing Vulnerability in CODESYS Visualization
CVE-2025-2596 Session logout can be overwritten by long lasting request
CVE-2025-2597 Reflected Cross-Site Scripting (XSS) vulnerability in ITIUM 6050
CVE-2025-2598 AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
CVE-2025-2600 Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows al...
CVE-2025-2601 SourceCodester Kortex Lite Advocate Office Management System activate_reg.php sql injection
E
CVE-2025-2602 SourceCodester Kortex Lite Advocate Office Management System deactivate_reg.php sql injection
E
CVE-2025-2603 SourceCodester Kortex Lite Advocate Office Management System deactivate.php sql injection
E
CVE-2025-2604 SourceCodester Kortex Lite Advocate Office Management System edit_act.php sql injection
E
CVE-2025-2605 Authenticated command injection
CVE-2025-2606 SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload
E
CVE-2025-2607 phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload
E
CVE-2025-2608 PHPGurukul Banquet Booking System view-user-queries.php sql injection
E
CVE-2025-2609 MagnusBilling Stored Cross-Site Scripting in Login Logs
E S
CVE-2025-2610 MagnusBilling Stored Cross-Site Scripting in Alarm Module
E S
CVE-2025-2613 Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL
CVE-2025-2616 yangyouwang 杨有旺 crud 简约后台管理系统 Role Management Page cross site scripting
E
CVE-2025-2617 yangyouwang 杨有旺 crud 简约后台管理系统 Department Page cross site scripting
E
CVE-2025-2618 D-Link DAP-1620 Path api set_ws_action heap-based overflow
E
CVE-2025-2619 D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow
E
CVE-2025-2620 D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow
E
CVE-2025-2621 D-Link DAP-1620 storage check_dws_cookie stack-based overflow
E
CVE-2025-2622 aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization
E
CVE-2025-2623 westboy CicadasCMS save cross site scripting
E
CVE-2025-2624 westboy CicadasCMS save sql injection
E
CVE-2025-2625 westboy CicadasCMS page sql injection
E
CVE-2025-2626 SourceCodester Kortex Lite Advocate Office Management System edit_case.php sql injection
E
CVE-2025-2627 PHPGurukul Art Gallery Management System contactus.php sql injection
E
CVE-2025-2628 PHPGurukul Art Gallery Management System art-enquiry.php sql injection
E
CVE-2025-2629 DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting
CVE-2025-2630 DLL Hijacking Vulnerability in NI LabVIEW
CVE-2025-2631 Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()
CVE-2025-2632 Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
CVE-2025-2635 Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function
CVE-2025-2636 InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion
CVE-2025-2637 JIZHICMS Account Profile Page userinfo.html improper authorization
E
CVE-2025-2638 JIZHICMS Article release.html improper authorization
E
CVE-2025-2639 JIZHICMS Article release.html improper authorization
E
CVE-2025-2640 PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php sql injection
E
CVE-2025-2641 PHPGurukul Art Gallery Management System edit-artist-detail.php sql injection
E
CVE-2025-2642 PHPGurukul Art Gallery Management System edit-art-product-detail.php sql injection
E
CVE-2025-2643 PHPGurukul Art Gallery Management System edit-art-type-detail.php sql injection
E
CVE-2025-2644 PHPGurukul Art Gallery Management System add-art-product.php sql injection
E
CVE-2025-2645 PHPGurukul Art Gallery Management System product.php cross site scripting
E
CVE-2025-2646 PHPGurukul Art Gallery Management System admin-profile.php sql injection
E
CVE-2025-2647 PHPGurukul Art Gallery Management System search.php sql injection
E
CVE-2025-2648 PHPGurukul Art Gallery Management System view-enquiry-detail.php sql injection
E
CVE-2025-2649 PHPGurukul Doctor Appointment Management System check-appointment.php sql injection
E
CVE-2025-2650 PHPGurukul Medical Card Generation System download-medical-cards.php cross site scripting
E
CVE-2025-2651 SourceCodester Online Eyewear Shop admin exposure of information through directory listing
E
CVE-2025-2652 SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing
E
CVE-2025-2653 FoxCMS improper authorization
E
CVE-2025-2654 SourceCodester AC Repair and Services System manage_service.php sql injection
E
CVE-2025-2655 SourceCodester AC Repair and Services System Users.php save_users sql injection
E
CVE-2025-2656 PHPGurukul Zoo Management System login.php sql injection
E
CVE-2025-2657 projectworlds Apartment Visitors Management System front.php sql injection
E
CVE-2025-2658 PHPGurukul Online Security Guards Hiring System search-request.php sql injection
E
CVE-2025-2659 Project Worlds Online Time Table Generator index.php sql injection
E
CVE-2025-2660 Project Worlds Online Time Table Generator index.php sql injection
E
CVE-2025-2661 Project Worlds Online Time Table Generator index.php sql injection
E
CVE-2025-2662 Project Worlds Online Time Table Generator studentdashboard.php sql injection
E
CVE-2025-2663 PHPGurukul Bank Locker Management System search-locker-details.php sql injection
E
CVE-2025-2664 CodeZips Hospital Management System suadpeted.php sql injection
E
CVE-2025-2665 PHPGurukul Online Security Guards Hiring System bwdates-reports-details.php sql injection
E
CVE-2025-2670 IBM OpenPages information disclosure
S
CVE-2025-2671 Yue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted upload
E
CVE-2025-2672 code-projects Payroll Management System add_deductions.php sql injection
E
CVE-2025-2673 code-projects Payroll Management System home_employee.php cross site scripting
E
CVE-2025-2674 PHPGurukul Bank Locker Management System aboutus.php sql injection
E
CVE-2025-2675 PHPGurukul Bank Locker Management System add-lockertype.php sql injection
E
CVE-2025-2676 PHPGurukul Bank Locker Management System add-subadmin.php sql injection
E
CVE-2025-2677 PHPGurukul Bank Locker Management System changeidproof.php sql injection
E
CVE-2025-2678 PHPGurukul Bank Locker Management System changeimage1.php sql injection
E
CVE-2025-2679 PHPGurukul Bank Locker Management System contact-us.php sql injection
E
CVE-2025-2680 PHPGurukul Bank Locker Management System edit-assign-locker.php sql injection
E
CVE-2025-2681 PHPGurukul Bank Locker Management System edit-locker.php sql injection
E
CVE-2025-2682 PHPGurukul Bank Locker Management System edit-subadmin.php sql injection
E
CVE-2025-2683 PHPGurukul Bank Locker Management System profile.php sql injection
E
CVE-2025-2684 PHPGurukul Bank Locker Management System search-report-details.php sql injection
E
CVE-2025-2685 TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2025-2686 mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 Backend admin doFilter access control
E
CVE-2025-2687 PHPGurukul eLearning System Image index.php unrestricted upload
E
CVE-2025-2688 TOTOLINK A3000RU Syslog Configuration File ExportSyslog.sh access control
E
CVE-2025-2689 yiisoft Yii2 SortableIterator.php getIterator deserialization
E
CVE-2025-2690 yiisoft Yii2 MockClass.php generate deserialization
E
CVE-2025-2691 Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) whe...
E
CVE-2025-2699 GetmeUK ContentTools Image cross site scripting
E
CVE-2025-2700 michelson Dante Editor Insert Link cross site scripting
E
CVE-2025-2701 AMTT Hotel Broadband Operation System port_setup.php popen os command injection
E
CVE-2025-2702 Softwin WMX3 ImageAdd.ashx ImageAdd unrestricted upload
E
CVE-2025-2703 The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissi...
CVE-2025-2704 OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to tr...
CVE-2025-2705 Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload
E
CVE-2025-2706 Digiwin ERP UploadAjaxAPI.ashx unrestricted upload
E
CVE-2025-2707 zhijiantianya ruoyi-vue-pro Front-End Store Interface upload path traversal
E
CVE-2025-2708 zhijiantianya ruoyi-vue-pro Backend File Upload Interface upload path traversal
E
CVE-2025-2709 Yonyou UFIDA ERP-NC login.jsp cross site scripting
E
CVE-2025-2710 Yonyou UFIDA ERP-NC menu.jsp cross site scripting
E
CVE-2025-2711 Yonyou UFIDA ERP-NC systop.jsp cross site scripting
E
CVE-2025-2712 Yonyou UFIDA ERP-NC top.jsp cross site scripting
E
CVE-2025-2713 Improper File Permission Handling in Google gVisor runsc
CVE-2025-2714 JoomlaUX JUX Real Estate addagent cross site scripting
E
CVE-2025-2715 timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting
E S
CVE-2025-2716 China Mobile P22g-CIac Samba Path path traversal
E
CVE-2025-2717 D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection
E
CVE-2025-2718 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2719 Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
CVE-2025-2720 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-2721 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-2722 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-2723 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-2724 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-2725 H3C Magic BE18000 HTTP POST Request auth command injection
E S
CVE-2025-2726 H3C Magic BE18000 HTTP POST Request esps command injection
E S
CVE-2025-2727 H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection
E S
CVE-2025-2728 H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection
S
CVE-2025-2729 H3C Magic BE18000 HTTP POST Request networkSetup command injection
E S
CVE-2025-2730 H3C Magic BE18000 HTTP POST Request getssidname command injection
E S
CVE-2025-2731 H3C Magic BE18000 HTTP POST Request getDualbandSync command injection
E S
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
E S
CVE-2025-2733 mannaandpoem OpenManus Prompt python_execute.py os command injection
E
CVE-2025-2734 PHPGurukul Old Age Home Management System aboutus.php sql injection
E
CVE-2025-2735 PHPGurukul Old Age Home Management System add-services.php sql injection
E
CVE-2025-2736 PHPGurukul Old Age Home Management System bwdates-report-details.php sql injection
E
CVE-2025-2737 PHPGurukul Old Age Home Management System contactus.php sql injection
E
CVE-2025-2738 PHPGurukul Old Age Home Management System manage-scdetails.php sql injection
E
CVE-2025-2739 PHPGurukul Old Age Home Management System manage-services.php sql injection
E
CVE-2025-2740 PHPGurukul Old Age Home Management System eligibility.php sql injection
E
CVE-2025-2742 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal
E
CVE-2025-2743 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal
E
CVE-2025-2744 zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal
E
CVE-2025-2745 AVEVA PI Web API Cross-site Scripting
S
CVE-2025-2746 Kentico Xperience Staging Sync Server digest password authentication bypass
E
CVE-2025-2747 Kentico Xperience Staging Sync Server None password type authentication bypass
E
CVE-2025-2748 Kentico Xperience stored cross-site scripting in multiple-file upload functionality
CVE-2025-2749 Kentico Xperience Staging media files upload authenticated remote code execution
E
CVE-2025-2750 Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write
E
CVE-2025-2751 Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds
E
CVE-2025-2752 Open Asset Import Library Assimp CSM File fast_atof.h fast_atoreal_move out-of-bounds
E
CVE-2025-2753 Open Asset Import Library Assimp LWS File LWSLoader.cpp MergeScenes out-of-bounds
E
CVE-2025-2754 Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow
E
CVE-2025-2755 Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection out-of-bounds
E
CVE-2025-2756 Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow
E
CVE-2025-2757 Open Asset Import Library Assimp MD5 File MD5Parser.cpp AI_MD5_PARSE_STRING_IN_QUOTATION heap-based overflow
E
CVE-2025-2759 GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2025-2760 GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-2761 GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-2762 CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
CVE-2025-2763 CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
CVE-2025-2764 CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability
CVE-2025-2765 CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability
CVE-2025-2766 70mai A510 Use of Default Password Authentication Bypass Vulnerability
CVE-2025-2767 Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability
CVE-2025-2768 Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2025-2769 Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2025-2770 BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability
CVE-2025-2771 BEC Technologies Multiple Routers Authentication Bypass Vulnerability
CVE-2025-2772 BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
CVE-2025-2773 BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability
CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
E
CVE-2025-2776 SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
E
CVE-2025-2777 SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
E
CVE-2025-2778 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2779 Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-2781 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
CVE-2025-2782 WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to ...
KEV
CVE-2025-2784 Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
E M
CVE-2025-2786 Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
M
CVE-2025-2787 Ingress-nginx vulnerability in KNIME Business Hub
M
CVE-2025-2789 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion
CVE-2025-2793 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
S
CVE-2025-2794 Kentico Xperience Staging Unsafe Reflection Kentico Xperience
S
CVE-2025-2796 On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal
S
CVE-2025-2797 Woffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration Approval
CVE-2025-2798 Woffice <= 5.4.21 - Authentication Bypass via Registration Role
CVE-2025-2801 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2803 So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'
CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2806 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data'
CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
CVE-2025-2808 Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
CVE-2025-2811 GL.iNet GL-A1300 Slate Plus API redos
E S
CVE-2025-2812 SQLi in Mydata Informatics' Ticket Sales Automation
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
S
CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-2816 Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
S
CVE-2025-2817 Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-...
CVE-2025-2819 Unrestricted Fileupload
S
CVE-2025-2820 Denial of Service
S
CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification
CVE-2025-2825 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a re...
R
CVE-2025-2826 n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.
S
CVE-2025-2827 IBM Sterling File Gateway information disclosure
S
CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain
E
CVE-2025-2829 Local Code Execution Vulnerability in Arena®
S
CVE-2025-2830 By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Th...
CVE-2025-2831 mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection
E
CVE-2025-2832 mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery
E
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
E
CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
E
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-2837 Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-2838 Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability
CVE-2025-2839 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2025-2840 DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure
CVE-2025-2841 Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure
CVE-2025-2842 Tempo-operator: tempo operator token exposition lead to read sensitive data
M
CVE-2025-2845 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2846 SourceCodester Online Eyewear Shop Registration Users.php registration sql injection
E
CVE-2025-2847 Codezips Gym Management System over_month.php sql injection
E
CVE-2025-2849 UPX p_lx_elf.cpp un_DT_INIT heap-based overflow
E S
CVE-2025-2850 GL.iNet GL-A1300 Slate Plus Download Interface improper authorization
S
CVE-2025-2851 GL.iNet GL-A1300 Slate Plus RPC plugins.so buffer overflow
S
CVE-2025-2852 SourceCodester Food Ordering Management System view_menu.php sql injection
E
CVE-2025-2853 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-2854 code-projects Payroll Management System update_employee.php sql injection
E
CVE-2025-2855 elunez eladmin upload checkFile deserialization
E
CVE-2025-2856 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2857 Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a ...
CVE-2025-2858 Privilege escalation vulnerability in saTECH BCU
S
CVE-2025-2859 Improper Authentication vulnerability in saTECH BCU
S
CVE-2025-2860 Exposure of Sensitive Information vulnerability in saTECH BCU
S
CVE-2025-2861 Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU
S
CVE-2025-2862 Weak Encoding for Password vulnerability in saTECH BCU
S
CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU
S
CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
S
CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
S
CVE-2025-2866 PDF signature forgery with adbe.pkcs7.sha1 SubFilter
CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab
S
CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
CVE-2025-2871 WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update
CVE-2025-2872 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: ...
R
CVE-2025-2873 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Further ...
R
CVE-2025-2874 User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-2875 CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that c...
CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion
CVE-2025-2877 Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
M
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
S
CVE-2025-2880 Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure
CVE-2025-2881 Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure
CVE-2025-2882 GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure
CVE-2025-2883 Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure
CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
CVE-2025-2885 Root metadata version not validated in tough
CVE-2025-2886 Terminating targets role delegations are not respected in tough
CVE-2025-2887 Failure to detect delegated target rollback in tough
CVE-2025-2888 Improper timestamp caching during snapshot rollback in tough
CVE-2025-2889 Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters
CVE-2025-2890 tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter
CVE-2025-2891 WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload
CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL
S
CVE-2025-2893 Gutenverse <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via countdown Block
S
CVE-2025-2894 Unitree Go1 Robot Dog Backdoor Control Channel
CVE-2025-2895 IBM Cloud Pak System HTML injection
S
CVE-2025-2896 IBM Planning Analytics Local cross-site scripting
S
CVE-2025-2898 IBM Maximo Application Suite privilege escalation
S
CVE-2025-2900 IBM Semeru Runtime denial of service
S
CVE-2025-2901 Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234....
R
CVE-2025-2903 Privilege Chaining in Delphix
CVE-2025-2904 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2905 Unauthenticated XML External Entity (XXE) Vulnerability in WSO2 API Manager Gateway Component
S
CVE-2025-2906 Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update
E
CVE-2025-2908 Insufficiently Protected Credentials vulnerability in MeetMe products
S
CVE-2025-2909 Lack of encryption vulnerability in DuoxMe
S
CVE-2025-2910 User enumeration vulnerability in MeetMe products
S
CVE-2025-2911 Improper Restriction of Excessive Authentication Attempts vulnerability in MeetMe products
S
CVE-2025-2912 HDF5 H5Omessage.c H5O_msg_flush heap-based overflow
E
CVE-2025-2913 HDF5 H5FL.c H5FL__blk_gc_list use after free
E
CVE-2025-2914 HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
E
CVE-2025-2915 HDF5 H5Faccum.c H5F__accum_free heap-based overflow
E
CVE-2025-2916 Aishida Call Center System amr2mp3 command injection
E
CVE-2025-2917 ChestnutCMS read readFile path traversal
E
CVE-2025-2918 Ultimate Blocks – WordPress Blocks Plugin <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
CVE-2025-2919 Netis WF-2404 UART hardware allows activation of test or debug logic at runtime
E
CVE-2025-2920 Netis WF-2404 passwd weak hash
E
CVE-2025-2921 Netis WF-2404 passwd default password
E
CVE-2025-2922 Netis WF-2404 BusyBox Shell cleartext storage
E
CVE-2025-2923 HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow
E
CVE-2025-2924 HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
E
CVE-2025-2925 HDF5 H5MM.c H5MM_realloc double free
E
CVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
E
CVE-2025-2927 ESAFENET CDG getFileTypeList.jsp sql injection
E
CVE-2025-2929 Order Delivery Date Pro for WooCommerce < 12.4.0 - Reflected XSS
E
CVE-2025-2932 JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-2933 Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-2935 Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions
CVE-2025-2938 Business Logic Errors in GitLab
E S
CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution
CVE-2025-2940 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery
S
CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move
CVE-2025-2942 Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure
E
CVE-2025-2944 Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets
CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
CVE-2025-2946 Cross-Site Vulnerability(XSS) due to arbitrary HTML/JavaScript gets executed while query result rendering in Query Tool and View/Edit Data Tool of pgAdmin 4
CVE-2025-2947 IBM i privilege escalation
CVE-2025-2950 IBM i improper HTTP header neutralization
CVE-2025-2951 Bluestar Micro Mall data.php sql injection
E
CVE-2025-2952 Bluestar Micro Mall api.php unrestricted upload
E
CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service
E
CVE-2025-2954 mannaandpoem OpenManus File file_saver.py execute access control
E
CVE-2025-2955 TOTOLINK A3000RU IBMS Configuration File ExportIbmsConfig.sh access control
E
CVE-2025-2956 TRENDnet TI-G102i HTTP Request lighttpd plugins_call_handle_uri_raw null pointer dereference
E
CVE-2025-2957 TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference
E
CVE-2025-2958 TRENDnet TEW-818DRU HTTP Request httpd denial of service
E
CVE-2025-2959 TRENDnet TEW-410APB HTTP Request httpd sub_4019A0 null pointer dereference
E
CVE-2025-2960 TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference
E
CVE-2025-2961 opensolon org.noear.solon.core.handle.RenderManager aa render_mav path traversal
E
CVE-2025-2962 Infinite loop in dns_copy_qname
CVE-2025-2963 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2964 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2965 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2966 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2967 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2968 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2969 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2970 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2971 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2972 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-2973 code-projects College Management System student.php unrestricted upload
E
CVE-2025-2974 CodeCanyon Perfex CRM Contracts contract cross site scripting
E
CVE-2025-2975 GFI KerioConnect Signature EditHtmlSource cross site scripting
E
CVE-2025-2976 GFI KerioConnect File Upload cross site scripting
E
CVE-2025-2977 GFI KerioConnect PDF File cross site scripting
E
CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload
E
CVE-2025-2979 WCMS Registration setregister cross site scripting
E
CVE-2025-2980 Legrand SMS PowerView redirect
E
CVE-2025-2981 Legrand SMS PowerView cross site scripting
CVE-2025-2982 Legrand SMS PowerView file inclusion
CVE-2025-2983 Legrand SMS PowerView os command injection
CVE-2025-2984 code-projects Payroll Management System delete.php sql injection
E
CVE-2025-2985 code-projects Payroll Management System update_account.php sql injection
E
CVE-2025-2986 IBM Maximo Asset Management cross-site scripting
CVE-2025-2987 IBM Maximo Asset Management server-side request forgery
CVE-2025-2989 Tenda FH1202 Web Management Interface AdvSetWrl access control
E
CVE-2025-2990 Tenda FH1202 Web Management Interface AdvSetWrlGstset access control
E
CVE-2025-2991 Tenda FH1202 Web Management Interface AdvSetWrlmacfilter access control
E
CVE-2025-2992 Tenda FH1202 Web Management Interface AdvSetWrlsafeset access control
E
CVE-2025-2993 Tenda FH1202 default.cfg access control
E
CVE-2025-2994 Tenda FH1202 Web Management Interface qossetting access control
E
CVE-2025-2995 Tenda FH1202 Web Management Interface SysToolChangePwd access control
E
CVE-2025-2996 Tenda FH1202 Web Management Interface SysToolDDNS access control
E
CVE-2025-2997 zhangyanbo2007 youkefu url server-side request forgery
E
CVE-2025-2998 PyTorch torch.nn.utils.rnn.pad_packed_sequence memory corruption
E
CVE-2025-2999 PyTorch torch.nn.utils.rnn.unpack_sequence memory corruption
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.