| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-24001 | WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-24002 | MQTT DoS Vulnerability in German EV Charging Stations | | |
| CVE-2025-24003 | MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations | | |
| CVE-2025-24004 | USB-C Buffer Overflow via Display Interface in EV Charging Stations | | |
| CVE-2025-24005 | Local Privilege Escalation via Vulnerable SSH Script | | |
| CVE-2025-24006 | Privilege Escalation via Insecure SSH Permissions | | |
| CVE-2025-24007 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIU... | | |
| CVE-2025-24008 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIU... | | |
| CVE-2025-24009 | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIU... | | |
| CVE-2025-24010 | Vite allows any websites to send any requests to the development server and read the response | | |
| CVE-2025-24011 | Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes | S | |
| CVE-2025-24012 | Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability | S | |
| CVE-2025-24013 | CodeIgniter validation of header name and value | | |
| CVE-2025-24014 | segmentation fault in win_line() in Vim < 9.1.1043 | | |
| CVE-2025-24015 | Deno's AES GCM authentication tags are not verified | E S | |
| CVE-2025-24016 | Remote code execution in Wazuh server | KEV E | |
| CVE-2025-24017 | YesWiki Vulnerable to Unauthenticated DOM Based XSS | E S | |
| CVE-2025-24018 | YesWiki Vulnerable to Authenticated Stored XSS | E S | |
| CVE-2025-24019 | YesWiki vulnerable to authenticated arbitrary file deletion | E S | |
| CVE-2025-24020 | WeGIA Open Redirect vulnerability | E S | |
| CVE-2025-24021 | iTop doesn't have mass assignment of fields in the portal form | | |
| CVE-2025-24022 | iTop server vulnerable to portal code injection | | |
| CVE-2025-24023 | Observable Response Discrepancy in flask-appbuilder | | |
| CVE-2025-24024 | Mjolnir v1.9.0 accepts commands from any room | | |
| CVE-2025-24025 | Coolify Vulnerable to Reflected XSS on Tag Search | | |
| CVE-2025-24026 | iTop Inefficient Regular Expression Complexity vulnerability | | |
| CVE-2025-24027 | ps_contactinfo has potential XSS due to usage of the nofilter tag in template | | |
| CVE-2025-24028 | Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin | E S | |
| CVE-2025-24029 | Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap | | |
| CVE-2025-24030 | Envoy Admin Interface Exposed through prometheus metrics endpoint | | |
| CVE-2025-24031 | PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN | E | |
| CVE-2025-24032 | PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`) | | |
| CVE-2025-24033 | @fastify/multipart vulnerable to unlimited consumption of resources | | |
| CVE-2025-24034 | Himmelblau leaks credentials in the debug log | | |
| CVE-2025-24035 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2025-24036 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | S | |
| CVE-2025-24039 | Visual Studio Code Elevation of Privilege Vulnerability | | |
| CVE-2025-24042 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | | |
| CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability | | |
| CVE-2025-24044 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | | |
| CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2025-24046 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24048 | Windows Hyper-V Elevation of Privilege Vulnerability | | |
| CVE-2025-24049 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | | |
| CVE-2025-24050 | Windows Hyper-V Elevation of Privilege Vulnerability | | |
| CVE-2025-24051 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-24053 | Microsoft Dataverse Elevation of Privilege Vulnerability | | |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | KEV E M | |
| CVE-2025-24055 | Windows USB Video Class System Driver Information Disclosure Vulnerability | | |
| CVE-2025-24056 | Windows Telephony Service Remote Code Execution Vulnerability | | |
| CVE-2025-24057 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-24058 | Windows DWM Core Library Elevation of Privilege Vulnerability | | |
| CVE-2025-24059 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24060 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | | |
| CVE-2025-24061 | Windows Mark of the Web Security Feature Bypass Vulnerability | | |
| CVE-2025-24062 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | | |
| CVE-2025-24063 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24064 | Windows Domain Name Service Remote Code Execution Vulnerability | | |
| CVE-2025-24065 | Windows Storage Management Provider Information Disclosure Vulnerability | | |
| CVE-2025-24066 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24067 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24068 | Windows Storage Management Provider Information Disclosure Vulnerability | | |
| CVE-2025-24069 | Windows Storage Management Provider Information Disclosure Vulnerability | | |
| CVE-2025-24070 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | E | |
| CVE-2025-24071 | Microsoft Windows File Explorer Spoofing Vulnerability | E M | |
| CVE-2025-24072 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability | | |
| CVE-2025-24073 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | | |
| CVE-2025-24074 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | | |
| CVE-2025-24075 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-24076 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | | |
| CVE-2025-24077 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-24078 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-24079 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-24080 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-24081 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-24082 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-24083 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-24084 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability | | |
| CVE-2025-24085 | A use after free issue was addressed with improved memory management. This issue is fixed in visionO... | KEV | |
| CVE-2025-24086 | The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS V... | | |
| CVE-2025-24087 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-24091 | An app could impersonate system notifications. Sensitive notifications now require restricted entitl... | | |
| CVE-2025-24092 | This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, m... | | |
| CVE-2025-24093 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2025-24094 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7... | | |
| CVE-2025-24095 | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iO... | | |
| CVE-2025-24096 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-24097 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2025-24099 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventu... | | |
| CVE-2025-24100 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.3,... | | |
| CVE-2025-24101 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2025-24102 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15... | | |
| CVE-2025-24103 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ... | | |
| CVE-2025-24104 | This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, i... | | |
| CVE-2025-24106 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Seq... | | |
| CVE-2025-24107 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-24108 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Seq... | | |
| CVE-2025-24109 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2025-24111 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS... | | |
| CVE-2025-24112 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonom... | | |
| CVE-2025-24113 | The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iO... | | |
| CVE-2025-24114 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2025-24115 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 1... | | |
| CVE-2025-24116 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ven... | | |
| CVE-2025-24117 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iP... | | |
| CVE-2025-24118 | The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS S... | | |
| CVE-2025-24120 | This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ve... | | |
| CVE-2025-24121 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS... | | |
| CVE-2025-24122 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res... | | |
| CVE-2025-24123 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13... | | |
| CVE-2025-24124 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13... | | |
| CVE-2025-24126 | An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18... | | |
| CVE-2025-24127 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13... | | |
| CVE-2025-24128 | The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safar... | | |
| CVE-2025-24129 | A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS ... | | |
| CVE-2025-24130 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Seq... | | |
| CVE-2025-24131 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3... | | |
| CVE-2025-24132 | The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.... | | |
| CVE-2025-24134 | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in... | | |
| CVE-2025-24135 | This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3... | | |
| CVE-2025-24136 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ... | | |
| CVE-2025-24137 | A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, mac... | | |
| CVE-2025-24138 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2025-24139 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Seq... | | |
| CVE-2025-24140 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-24141 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.... | | |
| CVE-2025-24142 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2025-24143 | The issue was addressed with improved access restrictions to the file system. This issue is fixed in... | | |
| CVE-2025-24144 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i... | | |
| CVE-2025-24145 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2025-24146 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2025-24148 | This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ve... | | |
| CVE-2025-24149 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.... | | |
| CVE-2025-24150 | A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia ... | | |
| CVE-2025-24151 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.3, ... | | |
| CVE-2025-24152 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An... | | |
| CVE-2025-24153 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Se... | | |
| CVE-2025-24154 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ve... | | |
| CVE-2025-24155 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, ma... | | |
| CVE-2025-24156 | An integer overflow was addressed through improved input validation. This issue is fixed in macOS Ve... | | |
| CVE-2025-24157 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve... | | |
| CVE-2025-24158 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 1... | | |
| CVE-2025-24159 | A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS So... | | |
| CVE-2025-24160 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.... | | |
| CVE-2025-24161 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.... | | |
| CVE-2025-24162 | This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Saf... | | |
| CVE-2025-24163 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.... | | |
| CVE-2025-24164 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... | | |
| CVE-2025-24166 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-24167 | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS ... | | |
| CVE-2025-24169 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-24170 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5... | | |
| CVE-2025-24172 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... | | |
| CVE-2025-24173 | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, ma... | | |
| CVE-2025-24174 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Seq... | | |
| CVE-2025-24176 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2025-24177 | A null pointer dereference was addressed with improved input validation. This issue is fixed in macO... | | |
| CVE-2025-24178 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2025-24179 | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS ... | | |
| CVE-2025-24180 | The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS... | | |
| CVE-2025-24181 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2025-24182 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in vis... | | |
| CVE-2025-24183 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Seq... | | |
| CVE-2025-24184 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3... | | |
| CVE-2025-24185 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2025-24189 | The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS ... | | |
| CVE-2025-24190 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ve... | | |
| CVE-2025-24191 | The issue was addressed with improved validation of environment variables. This issue is fixed in ma... | | |
| CVE-2025-24192 | A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, vi... | | |
| CVE-2025-24193 | This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18... | | |
| CVE-2025-24194 | A logic issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and ... | | |
| CVE-2025-24195 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventu... | | |
| CVE-2025-24196 | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Seq... | | |
| CVE-2025-24198 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in m... | | |
| CVE-2025-24199 | An uncontrolled format string issue was addressed with improved input validation. This issue is fixe... | | |
| CVE-2025-24200 | An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 1... | KEV | |
| CVE-2025-24201 | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Thi... | KEV | |
| CVE-2025-24202 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPad... | | |
| CVE-2025-24203 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17... | | |
| CVE-2025-24204 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may ... | | |
| CVE-2025-24205 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Ve... | | |
| CVE-2025-24206 | An authentication issue was addressed with improved state management. This issue is fixed in macOS S... | | |
| CVE-2025-24207 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2025-24208 | A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, ... | | |
| CVE-2025-24209 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.... | | |
| CVE-2025-24210 | A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS... | | |
| CVE-2025-24211 | This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS V... | | |
| CVE-2025-24212 | This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13... | | |
| CVE-2025-24213 | This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari ... | | |
| CVE-2025-24214 | A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionO... | | |
| CVE-2025-24215 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17... | | |
| CVE-2025-24216 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.... | | |
| CVE-2025-24217 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iO... | | |
| CVE-2025-24218 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2025-24220 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and ... | | |
| CVE-2025-24221 | This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4,... | | |
| CVE-2025-24222 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Pr... | | |
| CVE-2025-24223 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.... | | |
| CVE-2025-24225 | An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.... | | |
| CVE-2025-24226 | The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may... | | |
| CVE-2025-24228 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ve... | | |
| CVE-2025-24229 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... | | |
| CVE-2025-24230 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in vis... | | |
| CVE-2025-24231 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Seq... | | |
| CVE-2025-24232 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2025-24233 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2025-24234 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.... | | |
| CVE-2025-24235 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in ma... | | |
| CVE-2025-24236 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Seq... | | |
| CVE-2025-24237 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, ... | | |
| CVE-2025-24238 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS ... | | |
| CVE-2025-24239 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2025-24240 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7... | | |
| CVE-2025-24241 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventu... | | |
| CVE-2025-24242 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15... | | |
| CVE-2025-24243 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ve... | | |
| CVE-2025-24244 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, ... | | |
| CVE-2025-24245 | This issue was addressed by adding a delay between verification code attempts. This issue is fixed i... | | |
| CVE-2025-24246 | An injection issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7... | | |
| CVE-2025-24247 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7... | | |
| CVE-2025-24248 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-24249 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... | | |
| CVE-2025-24250 | This issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2025-24251 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, ... | | |
| CVE-2025-24252 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS S... | | |
| CVE-2025-24253 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13... | | |
| CVE-2025-24254 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ... | | |
| CVE-2025-24255 | A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventu... | | |
| CVE-2025-24256 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.7.5, ma... | | |
| CVE-2025-24257 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in vi... | | |
| CVE-2025-24258 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-24259 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13... | | |
| CVE-2025-24260 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, ... | | |
| CVE-2025-24261 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Seq... | | |
| CVE-2025-24262 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2025-24263 | A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed ... | | |
| CVE-2025-24264 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.... | | |
| CVE-2025-24265 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Vent... | | |
| CVE-2025-24266 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Ventura ... | | |
| CVE-2025-24267 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura... | | |
| CVE-2025-24269 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An... | | |
| CVE-2025-24270 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4,... | | |
| CVE-2025-24271 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoi... | | |
| CVE-2025-24272 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Seq... | | |
| CVE-2025-24273 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2025-24274 | An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macO... | | |
| CVE-2025-24276 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.... | | |
| CVE-2025-24277 | A parsing issue in the handling of directory paths was addressed with improved path validation. This... | | |
| CVE-2025-24278 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura ... | | |
| CVE-2025-24279 | This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, m... | | |
| CVE-2025-24280 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Seq... | | |
| CVE-2025-24281 | This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. A... | | |
| CVE-2025-24282 | A library injection issue was addressed with additional restrictions. This issue is fixed in macOS S... | | |
| CVE-2025-24283 | A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS... | | |
| CVE-2025-24286 | A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, ... | | |
| CVE-2025-24287 | A vulnerability allowing local system users to modify directory contents, allowing for arbitrary cod... | | |
| CVE-2025-24288 | The Versa Director software exposes a number of services by default and allow attackers an easy foot... | | |
| CVE-2025-24289 | A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM ... | | |
| CVE-2025-24290 | Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and ... | | |
| CVE-2025-24291 | The Versa Director SD-WAN orchestration platform provides functionality to upload various types of f... | | |
| CVE-2025-24292 | A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to E... | | |
| CVE-2025-24294 | The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insuffic... | | |
| CVE-2025-24297 | Growatt Cloud portal Cross-site Scripting | S | |
| CVE-2025-24301 | Arkcompiler Ets Runtime has an UAF vulnerability | | |
| CVE-2025-24304 | arkcompiler_ets_runtime has an out-of-bounds write vulnerability | | |
| CVE-2025-24306 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2025-24308 | Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50F... | | |
| CVE-2025-24309 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability | | |
| CVE-2025-24310 | Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, whic... | | |
| CVE-2025-24311 | Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability | | |
| CVE-2025-24312 | BIG-IP AFM vulnerability | | |
| CVE-2025-24315 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-24316 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies | S | |
| CVE-2025-24317 | Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and H... | | |
| CVE-2025-24318 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag | S | |
| CVE-2025-24319 | BIG-IP Next Central Manager vulnerability | | |
| CVE-2025-24320 | BIG-IP Configuration utility vulnerability | | |
| CVE-2025-24326 | BIG-IP Advanced WAF/ASM BADoS vulnerability | | |
| CVE-2025-24328 | OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network | | |
| CVE-2025-24329 | OAM service path traversal issue caused by a crafted SOAP message archive field within the RAN management network | | |
| CVE-2025-24330 | OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network | | |
| CVE-2025-24331 | Nokia Single RAN baseband OAM service extensive capabilities | | |
| CVE-2025-24332 | Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication | | |
| CVE-2025-24333 | Administrative user shell input validation fault | | |
| CVE-2025-24334 | The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network | | |
| CVE-2025-24335 | SOAP message input validation fault could in theory cause OAM service resource exhaustion | | |
| CVE-2025-24336 | SXF Common Library handles input data improperly. If a product using the library reads a crafted fil... | | |
| CVE-2025-24337 | WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by readin... | | |
| CVE-2025-24338 | A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a ... | | |
| CVE-2025-24339 | A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to condu... | | |
| CVE-2025-24340 | A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-pr... | | |
| CVE-2025-24341 | A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) at... | | |
| CVE-2025-24342 | A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauth... | | |
| CVE-2025-24343 | A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a ... | | |
| CVE-2025-24344 | A vulnerability in the error notification messages of the web application of ctrlX OS allows a remot... | | |
| CVE-2025-24345 | A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote auth... | | |
| CVE-2025-24346 | A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote auth... | | |
| CVE-2025-24347 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows ... | | |
| CVE-2025-24348 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows ... | | |
| CVE-2025-24349 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows ... | | |
| CVE-2025-24350 | A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allo... | | |
| CVE-2025-24351 | A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a re... | | |
| CVE-2025-24353 | Directus privilege escalation vulnerability using Share feature | | |
| CVE-2025-24354 | imgproxy is vulnerable to SSRF against 0.0.0.0 | | |
| CVE-2025-24355 | Updatecli may expose Maven credentials in console output | | |
| CVE-2025-24356 | UDP traffic amplification via fastd's fast reconnect feature | | |
| CVE-2025-24357 | vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator | S | |
| CVE-2025-24358 | gorilla/csrf CSRF vulnerability due to broken Referer validation | | |
| CVE-2025-24359 | ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape | | |
| CVE-2025-24360 | Opening a malicious website while running a Nuxt dev server could allow read-only access to code | | |
| CVE-2025-24361 | Opening a malicious website while running a Nuxt dev server could allow read-only access to code | | |
| CVE-2025-24362 | CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts | | |
| CVE-2025-24363 | The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information | | |
| CVE-2025-24364 | vaultwarden allows RCE in the admin panel | | |
| CVE-2025-24365 | vaultwarden allows escalation of privilege via variable confusion in OrgHeaders trait | | |
| CVE-2025-24366 | Insufficient sanitization of user provided rsync command in SFTPGo | | |
| CVE-2025-24367 | Cacti allows Arbitrary File Creation leading to RCE | E S | |
| CVE-2025-24368 | Cacti has a SQL Injection vulnerability when using tree rules through Automation API | E S | |
| CVE-2025-24369 | Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 | | |
| CVE-2025-24370 | Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass | | |
| CVE-2025-24371 | Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft | | |
| CVE-2025-24372 | XSS vector in user uploaded images in group/org and user profiles in ckan | | |
| CVE-2025-24373 | Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips | S | |
| CVE-2025-24374 | Twig fixes a security issue where escaping was missing when using null coalesce operator (??) | | |
| CVE-2025-24375 | MySQL K8s charm could leak credentials for root-level user `serverconfig` | | |
| CVE-2025-24376 | The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources | | |
| CVE-2025-24377 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24378 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24379 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24380 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24381 | Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirec... | | |
| CVE-2025-24382 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24383 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24385 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24386 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used... | | |
| CVE-2025-24387 | Missing CSRF protection | S | |
| CVE-2025-24388 | Unsafe handling of AJAX calls | S | |
| CVE-2025-24389 | SMTP Password will be shown in cleartext on some SMTP errors | S | |
| CVE-2025-24390 | Missing Cookie Flags | S | |
| CVE-2025-24397 | An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with globa... | | |
| CVE-2025-24398 | Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to... | | |
| CVE-2025-24399 | Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f... | | |
| CVE-2025-24400 | Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as th... | | |
| CVE-2025-24401 | Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify th... | | |
| CVE-2025-24402 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and ear... | | |
| CVE-2025-24403 | A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers w... | | |
| CVE-2025-24406 | Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | | |
| CVE-2025-24407 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24408 | Adobe Commerce | Information Exposure (CWE-200) | | |
| CVE-2025-24409 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24410 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24411 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24412 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24413 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24414 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24415 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24416 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24417 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24418 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2025-24419 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24420 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24421 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24422 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24423 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24424 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24425 | Adobe Commerce | Business Logic Errors (CWE-840) | | |
| CVE-2025-24426 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24427 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24428 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24429 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24430 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) | | |
| CVE-2025-24431 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-24432 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) | | |
| CVE-2025-24434 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24435 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-24436 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24437 | Adobe Commerce | Incorrect Authorization (CWE-863) | | |
| CVE-2025-24438 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-24439 | Substance3D - Sampler | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-24440 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24441 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24442 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24443 | Substance3D - Sampler | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-24444 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24445 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24446 | ColdFusion | Improper Input Validation (CWE-20) | | |
| CVE-2025-24447 | ColdFusion | Deserialization of Untrusted Data (CWE-502) | | |
| CVE-2025-24448 | Illustrator | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-24449 | Illustrator | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-24450 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24451 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24452 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-24453 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-24456 | In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mappi... | | |
| CVE-2025-24457 | In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs... | | |
| CVE-2025-24458 | In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpde... | | |
| CVE-2025-24459 | In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page... | | |
| CVE-2025-24460 | In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the... | | |
| CVE-2025-24461 | In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions w... | | |
| CVE-2025-24470 | An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2... | S | |
| CVE-2025-24471 | An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, versi... | S | |
| CVE-2025-24472 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiO... | KEV S | |
| CVE-2025-24473 | A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClient... | S | |
| CVE-2025-24474 | An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit... | S | |
| CVE-2025-24478 | 5380/5580 Denial-of-Service Vulnerability | S | |
| CVE-2025-24479 | FactoryTalk® View Machine Edition - Local Code Injection | S | |
| CVE-2025-24480 | FactoryTalk® View Machine Editon - Remote Code Execution | S | |
| CVE-2025-24481 | FactoryTalk® View Site Edition - Incorrect Permission Assignment | S | |
| CVE-2025-24482 | FactoryTalk® View Site Edition - Local Code Injection | S | |
| CVE-2025-24483 | NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earl... | | |
| CVE-2025-24487 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-24490 | SQL Injection in Mattermost Boards via board category ID reordering | S | |
| CVE-2025-24493 | kernel_liteos_a has a race condition vulnerability | | |
| CVE-2025-24494 | Keysight Ixia Vision Product Family Path Traversal | S | |
| CVE-2025-24495 | Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Pro... | | |
| CVE-2025-24497 | BIG-IP PEM vulnerability | | |
| CVE-2025-24499 | A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0... | | |
| CVE-2025-24500 | The vulnerability allows an unauthenticated attacker to access information in PAM database.... | | |
| CVE-2025-24501 | An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a speci... | | |
| CVE-2025-24502 | An improper session validation allows an unauthenticated attacker to cause certain request notificat... | | |
| CVE-2025-24503 | A malicious actor can fix the session of a PAM user by tricking the user to click on a specially cra... | | |
| CVE-2025-24504 | An improper input validation the CSRF filter results in unsanitized user input written to the applic... | | |
| CVE-2025-24505 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command executi... | | |
| CVE-2025-24506 | A specific authentication strategy allows to learn ids of PAM users associated with certain authenti... | | |
| CVE-2025-24507 | This vulnerability allows appliance compromise at boot time.... | | |
| CVE-2025-24508 | Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite | | |
| CVE-2025-24510 | A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices im... | | |
| CVE-2025-24513 | ingress-nginx controller - auth secret file path traversal vulnerability | | |
| CVE-2025-24514 | ingress-nginx controller - configuration injection via unsanitized auth-url annotation | | |
| CVE-2025-24517 | Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. I... | | |
| CVE-2025-24521 | Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference | S | |
| CVE-2025-24522 | KUNBUS Revolution Pi Authentication Bypass by Primary Weakness | S | |
| CVE-2025-24526 | Channel export permitted on archived channel when viewing archived channels is disabled | S | |
| CVE-2025-24527 | An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin... | | |
| CVE-2025-24529 | An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for... | | |
| CVE-2025-24530 | An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for... | | |
| CVE-2025-24532 | A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0... | | |
| CVE-2025-24533 | WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24534 | WordPress DPortfolio plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24535 | WordPress SKT Donation plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24536 | WordPress ThriveDesk plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24537 | WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24538 | WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24539 | WordPress DeBounce Email Validator plugin <= 5.6.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24540 | WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24541 | WordPress DK White Label plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24542 | WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24543 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24544 | WordPress Bitcoin and Altcoin Wallets plugin <= 6.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24545 | WordPress BSK Forms Validation plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24546 | WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24547 | WordPress Caching Compatible Cookie Opt-In plugin <= 0.0.10 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24548 | WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24549 | WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24550 | WordPress Job Manager plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24551 | WordPress Radio Buttons and Swatches for WooCommerce plugin <= 1.1.20 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24552 | WordPress Paytium plugin <= 4.4.11 - Full Path Disclosure (FPD) vulnerability | S | |
| CVE-2025-24553 | WordPress Shipping with Venipak for WooCommerce plugin <= 1.22.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24554 | WordPress AWcode Toolkit plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24555 | WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-24556 | WordPress MooWoodle plugin <= 3.2.4 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24557 | WordPress PlainInventory plugin <= 3.1.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24558 | WordPress CRM Perks plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24559 | WordPress WP Mailster plugin <= 1.8.15.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24560 | WordPress Awesome Event Booking plugin <= 2.7.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24561 | WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability | S | |
| CVE-2025-24562 | WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability | S | |
| CVE-2025-24563 | WordPress Cleanup – Directory Listing & Classifieds plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24564 | WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24565 | WordPress WP2LEADS plugin <= 3.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24566 | WordPress Intro Tour Tutorial DeepPresentation plugin <= 6.5.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24567 | WordPress WP Mailster plugin <= 1.8.16.0 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24568 | WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24569 | WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.5 - Arbitrary File Read vulnerability | S | |
| CVE-2025-24570 | WordPress Atarim plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24571 | WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability | S | |
| CVE-2025-24572 | WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24573 | WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24574 | WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24575 | WordPress HelloAsso plugin <= 1.1.11 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24576 | WordPress Landing Page Cat plugin <= 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24577 | WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24578 | WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24579 | WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24580 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability | S | |
| CVE-2025-24581 | WordPress Instantio plugin <= 3.3.7 - Settings Change vulnerability | S | |
| CVE-2025-24582 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24583 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerability | S | |
| CVE-2025-24584 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24585 | WordPress Event post plugin <= 5.9.7 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24586 | WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24587 | WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability | S | |
| CVE-2025-24588 | WordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24589 | WordPress JSM Show Post Metadata plugin <= 4.6.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24590 | WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24591 | WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24592 | WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.8.22 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24593 | WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24594 | WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.7 - CSRF to Broken Access Control vulnerability | S | |
| CVE-2025-24595 | WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24596 | WordPress WooCommerce Product Table Lite plugin <= 3.8.7 - Broken Access Control vulnerability | S | |
| CVE-2025-24597 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.2 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24598 | WordPress WP Mailster plugin <= 1.8.17.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24599 | WordPress Newsletters plugin <= 4.9.9.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24600 | WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability | S | |
| CVE-2025-24601 | WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability | S | |
| CVE-2025-24602 | WordPress WP24 Domain Check plugin <= 1.10.14 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-24603 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.10 - Broken Access Control vulnerability | S | |
| CVE-2025-24604 | WordPress Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin <= 3.0.5 - Broken Access Control vulnerability | S | |
| CVE-2025-24605 | WordPress WOLF plugin <= 1.0.8.5 - Path Traversal vulnerability | S | |
| CVE-2025-24606 | WordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24607 | WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability | S | |
| CVE-2025-24608 | WordPress GD Mail Queue Plugin <= 4.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24609 | WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24610 | WordPress Restrict Anonymous Access Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24611 | WordPress Export All Posts, Products, Orders, Refunds & Users Plugin <= 2.9 - Arbitrary File Read vulnerability | S | |
| CVE-2025-24612 | WordPress Shipping for Nova Poshta plugin <= 1.19.6 - SQL Injection vulnerability | S | |
| CVE-2025-24613 | WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability | S | |
| CVE-2025-24614 | WordPress Post Timeline Plugin <= 2.3.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24615 | WordPress Analytics Cat Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24616 | WordPress Uix Page Builder Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24617 | WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24618 | WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24619 | WordPress WP Log Action Plugin <= 0.51 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24620 | WordPress AIO Shortcodes plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24621 | WordPress Arconix Shortcodes plugin <= 2.1.15 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24622 | WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24623 | WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24624 | WordPress HT Event – WordPress Event Manager Plugin for Elementor Plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24625 | WordPress Taxonomy/Term and Role based Discounts for WooCommerce plugin <= 5.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-24626 | WordPress Music Store – WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24627 | WordPress Blur Text Plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24628 | WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability | S | |
| CVE-2025-24629 | WordPress Import Excel to Gravity Forms Plugin <= 1.18 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24630 | WordPress Sikshya LMS Plugin <= 0.0.21 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24631 | WordPress BP Email Assign Templates Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24632 | WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.9.0 -Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24633 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24634 | WordPress Orbisius Simple Notice plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24635 | WordPress Paytm – Donation Plugin plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24636 | WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-24637 | WordPress Beacon Lead Magnets and Lead Capture Plugin <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24638 | WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24639 | WordPress Korea for WooCommerce plugin <= 1.1.11 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24640 | WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24641 | WordPress Better WishList API plugin <= 1.1.3 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24642 | WordPress Setup Default Featured Image plugin <= 1.2 - Broken Access Control vulnerability | S | |
| CVE-2025-24643 | WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability | S | |
| CVE-2025-24644 | WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24645 | WordPress Eazy Under Construction Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24646 | WordPress XML for Avito Plugin <= 2.5.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24647 | WordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24648 | WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2.1 - Privilege Escalation vulnerability | S | |
| CVE-2025-24649 | WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability | S | |
| CVE-2025-24650 | WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability | S | |
| CVE-2025-24651 | WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24652 | WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability | S | |
| CVE-2025-24653 | WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24654 | WordPress Squirrly SEO plugin <= 12.4.05 - Broken Access Control vulnerability | | |
| CVE-2025-24655 | WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24656 | WordPress Realtyna Provisioning Plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24657 | WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24658 | WordPress Auction Nudge – Your eBay on Your Site plugin <= 7.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24659 | WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability | S | |
| CVE-2025-24660 | WordPress Simple Membership Custom Messages Plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24661 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.1.8 - PHP Object Injection vulnerability | S | |
| CVE-2025-24662 | WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24663 | WordPress Simple Download Monitor plugin <= 3.9.25 - SQL Injection vulnerability | S | |
| CVE-2025-24664 | WordPress LTL Freight Quotes Plugin <= 5.0.20 - SQL Injection vulnerability | S | |
| CVE-2025-24665 | WordPress Small Package Quotes Plugin <= 2.4.8 - SQL Injection vulnerability | S | |
| CVE-2025-24666 | WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24667 | WordPress Small Package Quotes Plugin <= 5.2.17 - SQL Injection vulnerability | S | |
| CVE-2025-24668 | WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24669 | WordPress SERPed.net Plugin <= 4.4 - SQL Injection vulnerability | S | |
| CVE-2025-24670 | WordPress Term Taxonomy Converter Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24671 | WordPress Save as PDF Plugin by Pdfcrowd Plugin <= 4.4.0 - PHP Object Injection vulnerability | S | |
| CVE-2025-24672 | WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability | S | |
| CVE-2025-24673 | WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24674 | WordPress ShMapper by Teplitsa Plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24675 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24676 | WordPress Custom WP Store Locator plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24677 | WordPress Post/Page Copying Tool to Export and Import post/page for Cross site Migration Plugin <= 2.0.3 - Remote Code Execution (RCE) vulnerability | S | |
| CVE-2025-24678 | WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24679 | WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability | S | |
| CVE-2025-24680 | WordPress WP Multi Store Locator Plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24681 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24682 | WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability | S | |
| CVE-2025-24683 | WordPress RSVP and Event Management Plugin <= 2.7.14 - SQL Injection vulnerability | S | |
| CVE-2025-24684 | WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24685 | WordPress Morkva UA Shipping plugin <= 1.0.18 - Local File Inclusion vulnerability | S | |
| CVE-2025-24686 | WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24687 | WordPress Show/Hide Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24688 | WordPress WP Mailster Plugin <= 1.8.20.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24689 | WordPress Import and export users and customers plugin 1.27.12 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24690 | WordPress Formality Plugin <= 1.5.7 - Local File Inclusion vulnerability | S | |
| CVE-2025-24691 | WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability | S | |
| CVE-2025-24692 | WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability | S | |
| CVE-2025-24693 | WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability | S | |
| CVE-2025-24694 | WordPress Name: CM E-Mail Registration Blacklist plugin <= 1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24695 | WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2025-24696 | WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24697 | WordPress Image Gallery – Responsive Photo Gallery plugin <= 1.0.5 - Broken Access Control vulnerability | S | |
| CVE-2025-24698 | WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24699 | WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24700 | WordPress WP Event Aggregator Plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24701 | WordPress Chained Quiz Plugin <= 1.3.2.9 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2025-24702 | WordPress Xagio SEO plugin <= 7.0.0.20 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24703 | WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2025-24704 | WordPress Magic the Gathering Card Tooltips plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24705 | WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-24706 | WordPress MultiVendorX plugin <= 4.2.13 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24707 | WordPress Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin <= 2.7.7.24 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24708 | WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24709 | WordPress Plethora Plugins Tabs + Accordions plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24710 | WordPress Gwolle Guestbook plugin <= 4.7.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24711 | WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24712 | WordPress Radius Blocks – WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24713 | WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24714 | WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24715 | WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-24716 | WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-24717 | WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-24718 | WordPress WP Sessions Time Monitoring Full Automatic Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24719 | WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24720 | WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-24721 | WordPress Easy YouTube Gallery plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24722 | WordPress FAQ Builder AYS Plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24723 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24724 | WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-24725 | WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability | S | |
| CVE-2025-24726 | WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24727 | WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24728 | WordPress Bug Library plugin <= 2.1.4 - SQL Injection vulnerability | S | |
| CVE-2025-24729 | WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24730 | WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24731 | WordPress IP2Location Country Blocker plugin <= 2.38.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24732 | WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24733 | WordPress Post Grid Master plugin <= 3.4.12 - Local File Inclusion vulnerability | S | |
| CVE-2025-24734 | WordPress Better Find and Replace plugin <= 1.6.7 - Privilege Escalation vulnerability | S | |
| CVE-2025-24735 | WordPress Chatra Live Chat + ChatBot + Cart Saver plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-24736 | WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability | S | |
| CVE-2025-24737 | WordPress WP Helper Premium plugin <= 4.6.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24738 | WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24739 | WordPress FluentSMTP plugin <= 2.2.80 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24740 | WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability | S | |
| CVE-2025-24741 | WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability | S | |
| CVE-2025-24742 | WordPress WP Google Maps plugin <= 9.0.40 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-24743 | WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability | S | |
| CVE-2025-24744 | WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability | S | |
| CVE-2025-24745 | WordPress Classified Listing plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24746 | WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24747 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24748 | WordPress All In One Slider Responsive plugin <= 3.7.9 - SQL Injection Vulnerability | | |
| CVE-2025-24749 | WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-24750 | WordPress ExactMetrics plugin <= 8.1.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24751 | WordPress CoBlocks plugin <= 3.1.13 - Broken Access Control vulnerability | S | |
| CVE-2025-24752 | WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24753 | WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability | S | |
| CVE-2025-24754 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability | S | |
| CVE-2025-24755 | WordPress PDF Invoices for WooCommerce plugin <= 4.6.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24756 | WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-24757 | WordPress MyRewards plugin <= 5.4.13.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-24758 | WordPress CM Map Locations plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24760 | WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability | | |
| CVE-2025-24761 | WordPress DSK <= 2.2 - Local File Inclusion Vulnerability | | |
| CVE-2025-24762 | WordPress TicketBAI Facturas para WooCommerce <= 3.19 - Broken Access Control Vulnerability | | |
| CVE-2025-24763 | WordPress bbPress API <= 1.0.14 - Broken Access Control Vulnerability | | |
| CVE-2025-24764 | WordPress (Simply) Guest Author Name plugin <= 4.36 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-24765 | WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability | | |
| CVE-2025-24767 | WordPress TicketBAI Facturas para WooCommerce <= 3.19 - SQL Injection Vulnerability | | |
| CVE-2025-24768 | WordPress Nitan <= 2.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-24769 | WordPress Zenny theme <= 1.7.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-24770 | WordPress CraftXtore <= 1.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-24771 | WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-24772 | WordPress Pay with Contact Form 7 <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-24773 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - SQL Injection Vulnerability | | |
| CVE-2025-24774 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-24776 | WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability | | |
| CVE-2025-24778 | WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability | | |
| CVE-2025-24780 | WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.4.0 - SQL Injection Vulnerability | | |
| CVE-2025-24781 | WordPress WPJobBoard plugin <= 5.10.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-24782 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability | S | |
| CVE-2025-24783 | Apache Cocoon: continuations may not be private | | |
| CVE-2025-24784 | kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource | | |
| CVE-2025-24785 | iTop dashboard vulnerable to denial of service | | |
| CVE-2025-24786 | Path traversal opening Sqlite3 database in WhoDB | E | |
| CVE-2025-24787 | Parameter injection in DB connection URIs leading to local file inclusion in WhoDB | E | |
| CVE-2025-24788 | Snowflake Connector for .NET has weak temporary files permissions | | |
| CVE-2025-24789 | Snowflake JDBC allows an untrusted search path on Windows | | |
| CVE-2025-24790 | Snowflake JDBC uses insecure temporary credential cache file permissions | | |
| CVE-2025-24791 | snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions | | |
| CVE-2025-24792 | Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error | | |
| CVE-2025-24793 | Snowflake Connector for Python has an SQL Injection in write_pandas | | |
| CVE-2025-24794 | The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache | | |
| CVE-2025-24795 | The Snowflake Connector for Python uses insecure cache files permissions | | |
| CVE-2025-24796 | Remote Code Execution within Collabora Online jail with Macros Enabled | | |
| CVE-2025-24797 | Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow | | |
| CVE-2025-24798 | Meshtastic crashes via an unimplemented routing module reply | | |
| CVE-2025-24799 | GLPI allows unauthenticated SQL injection through the inventory endpoint | | |
| CVE-2025-24800 | Critical vulnerability in `ismp-grandpa` | | |
| CVE-2025-24801 | GLPI allows authenticated remote code execution | | |
| CVE-2025-24802 | Soundness issue with Plonky2 look up tables | | |
| CVE-2025-24803 | Stored Cross-Site Scripting (XSS) in MobSF | E S | |
| CVE-2025-24804 | Partial Denial of Service (DoS) in MobSF | E S | |
| CVE-2025-24805 | Local Privilege Escalation in MobSF | E S | |
| CVE-2025-24806 | Regulation applies separately to Username-based logins to Email-based logins in authelia | | |
| CVE-2025-24807 | Fast DDS does not verify Permissions CA | S | |
| CVE-2025-24808 | Discourse has race condition when adding users to a group DM | | |
| CVE-2025-24810 | Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerabi... | | |
| CVE-2025-24811 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIM... | | |
| CVE-2025-24812 | A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) (All... | | |
| CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | KEV E | |
| CVE-2025-24814 | Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files | | |
| CVE-2025-24826 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2025-24827 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2025-24828 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2025-24829 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2025-24830 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2025-24831 | Local privilege escalation due to unquoted search path vulnerability. The following products are aff... | | |
| CVE-2025-24832 | Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The ... | | |
| CVE-2025-24836 | Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception | M | |
| CVE-2025-24839 | Unauthorized AI bot activation via Wrangler plugin | S | |
| CVE-2025-24841 | Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block ... | | |
| CVE-2025-24843 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control | S | |
| CVE-2025-24845 | Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in D... | | |
| CVE-2025-24846 | Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by C... | | |
| CVE-2025-24849 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cleartext Transmission of Sensitive Information | S | |
| CVE-2025-24850 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-24852 | Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all ver... | | |
| CVE-2025-24855 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPa... | | |
| CVE-2025-24856 | An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for T... | | |
| CVE-2025-24858 | Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to... | | |
| CVE-2025-24859 | Apache Roller: Insufficient Session Expiration on Password Change | | |
| CVE-2025-24860 | Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions | | |
| CVE-2025-24861 | Outback Power Mojave Inverter Command Injection | M | |
| CVE-2025-24864 | Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) vers... | | |
| CVE-2025-24865 | mySCADA myPRO Manager Missing Authentication for Critical Function | S | |
| CVE-2025-24866 | Unauthorized Access to User Activity Logs API by delegated granular administration roles | S | |
| CVE-2025-24867 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad) | | |
| CVE-2025-24868 | Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services) | | |
| CVE-2025-24869 | Information Disclosure vulnerability in SAP NetWeaver Application Server Java | | |
| CVE-2025-24870 | Insecure Key & Secret Management vulnerability in SAP GUI for Windows | | |
| CVE-2025-24872 | Missing Authorization check in SAP ABAP Platform (ABAP Build Framework) | | |
| CVE-2025-24874 | Missing Defense in Depth Against Clickjacking in SAP Commerce Backoffice | | |
| CVE-2025-24875 | SameSite Defense in Depth not applied for some cookies in SAP Commerce | | |
| CVE-2025-24876 | Authentication bypass via authorization code injection in SAP Approuter | | |
| CVE-2025-24882 | regclient may ignore pinned manifest digests | | |
| CVE-2025-24883 | go-ethereum has a DoS via malicious p2p message | | |
| CVE-2025-24884 | kube-audit-rest's example logging configuration could disclose secret values in the audit log | | |
| CVE-2025-24885 | pwn.college has a XSS on dojo pages | | |
| CVE-2025-24886 | pwn.college has Symlink LFI in Dojo repos | | |
| CVE-2025-24887 | OpenCTI bypass of protected attribute update | | |
| CVE-2025-24888 | Path traversal in SecureDrop Client API.download_reply() | | |
| CVE-2025-24889 | Path traversal in sd-log Qubes virtual machine | | |
| CVE-2025-24891 | Dumb Drop has an arbitrary file overwrite and path traversal for root shell | | |
| CVE-2025-24892 | OpenProject stored HTML injection vulnerability | | |
| CVE-2025-24893 | Remote code execution as guest via SolrSearchMacros request in xwiki | E S | |
| CVE-2025-24894 | SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication | | |
| CVE-2025-24895 | SAML Response Signature Verification Bypass in CIE.AspNetCore.Authentication | | |
| CVE-2025-24896 | Misskey allows token to remain valid in cookie after signing out | S | |
| CVE-2025-24897 | Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes | | |
| CVE-2025-24898 | rust openssl ssl::select_next_proto use after free | | |
| CVE-2025-24899 | Disclosure of Sensitive User Information via API in reNgine | E S | |
| CVE-2025-24900 | Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes | | |
| CVE-2025-24901 | SQL Injection endpoint 'deletar_permissao.php' parameter 'c', 'a', 'r' in WeGIA | E | |
| CVE-2025-24902 | SQL Injection endpoint 'salvar_cargo.php' parameter 'id_cargo' in WeGIA | E | |
| CVE-2025-24903 | libsignal-service-rs Doesn't Check Origin of Sync Messages | | |
| CVE-2025-24904 | libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked | | |
| CVE-2025-24905 | SQL Injection endpoint 'get_codigobarras_cobranca.php' parameter 'codigo' in WeGIA | E | |
| CVE-2025-24906 | SQL Injection endpoint 'get_detalhes_cobranca.php' parameter 'codigo' in WeGIA | E | |
| CVE-2025-24907 | Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal | | |
| CVE-2025-24908 | Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal | | |
| CVE-2025-24909 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | | |
| CVE-2025-24910 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference | | |
| CVE-2025-24911 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference | | |
| CVE-2025-24912 | hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices w... | | |
| CVE-2025-24914 | Local Priviledge Escalation | S | |
| CVE-2025-24915 | When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prio... | S | |
| CVE-2025-24916 | Improper Access Control leads to Local Priviledge Escalation | S | |
| CVE-2025-24917 | Improper Access Control leads to Local Privilege Escalation | S | |
| CVE-2025-24919 | Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability | | |
| CVE-2025-24920 | Unauthorized Bookmark Creation and Modification in Archived Channels | S | |
| CVE-2025-24922 | Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability | | |
| CVE-2025-24924 | GMOD Apollo Missing Authentication for Critical Function | S | |
| CVE-2025-24928 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElem... | | |
| CVE-2025-24946 | The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allo... | | |
| CVE-2025-24947 | A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpe... | | |
| CVE-2025-24948 | In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to ea... | | |
| CVE-2025-24949 | In JotUrl 2.0, is possible to bypass security requirements during the password change process.... | | |
| CVE-2025-24956 | A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feat... | | |
| CVE-2025-24957 | SQL Injection endpoint 'get_detalhes_socio.php' parameter 'id_socio' in WeGIA | E | |
| CVE-2025-24958 | SQL Injection endpoint 'salvar_tag.php' parameter 'id_tag' in WeGIA | E | |
| CVE-2025-24959 | Environment Variable Injection for dotenv API in zx | | |
| CVE-2025-24960 | Missing Input validation for filename in backups endpoint in Jellystat | | |
| CVE-2025-24961 | Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy | | |
| CVE-2025-24962 | Command Injection in reNgine | E S | |
| CVE-2025-24963 | Browser mode serves arbitrary files in vitest | | |
| CVE-2025-24964 | Remote Code Execution when accessing a malicious website while Vitest API server is listening | | |
| CVE-2025-24965 | .krun_config.json symlink attack creates or overwrites file on the host in crun | | |
| CVE-2025-24966 | HTML Injection in reNgine | E | |
| CVE-2025-24967 | Stored XSS on Admin Panel When Deleting a User in reNgine | E | |
| CVE-2025-24968 | Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine | E | |
| CVE-2025-24969 | iTop portal user can see any other contact's picture | | |
| CVE-2025-24970 | SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine | E | |
| CVE-2025-24971 | OS Command Injection endpoint '/upload/init' parameter 'filename' (RCE) in DumpDrop | E | |
| CVE-2025-24972 | Discourse may bypass user preference when adding users to chat groups | | |
| CVE-2025-24973 | Concorde not removing authentication tokens after logging out | | |
| CVE-2025-24974 | DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability | E | |
| CVE-2025-24976 | Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT | | |
| CVE-2025-24977 | OpenCTI has remote code execution and sensitive secrets exposed through web hook | | |
| CVE-2025-24980 | User enumeration in pimcore/admin-ui-classic-bundle | E | |
| CVE-2025-24981 | Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc | | |
| CVE-2025-24982 | Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. ... | | |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | KEV S | |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | KEV E S | |
| CVE-2025-24986 | Azure Promptflow Remote Code Execution Vulnerability | | |
| CVE-2025-24987 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24988 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24989 | Microsoft Power Pages Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | KEV | |
| CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerability | | |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | KEV | |
| CVE-2025-24994 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability | | |
| CVE-2025-24995 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-24996 | NTLM Hash Disclosure Spoofing Vulnerability | | |
| CVE-2025-24997 | DirectX Graphics Kernel File Denial of Service Vulnerability | | |
| CVE-2025-24998 | Visual Studio Elevation of Privilege Vulnerability | |