| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-25000 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | | |
| CVE-2025-25001 | Microsoft Edge for iOS Spoofing Vulnerability | | |
| CVE-2025-25002 | Azure Local Cluster Information Disclosure Vulnerability | | |
| CVE-2025-25003 | Visual Studio Elevation of Privilege Vulnerability | | |
| CVE-2025-25008 | Windows Server Elevation of Privilege Vulnerability | | |
| CVE-2025-25012 | Kibana Open Redirect | | |
| CVE-2025-25013 | Elastic Defend Insertion of Sensitive Information into Log Files | | |
| CVE-2025-25014 | Kibana arbitrary code execution via prototype pollution | | |
| CVE-2025-25015 | Kibana arbitrary code execution via prototype pollution | | |
| CVE-2025-25016 | Kibana Unrestricted Upload of File | | |
| CVE-2025-25019 | IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation | S | |
| CVE-2025-25020 | IBM QRadar Suite Software and IBM Cloud Pak for Security improper input validation | S | |
| CVE-2025-25021 | IBM QRadar Suite Software and IBM Cloud Pak for Security code injection | S | |
| CVE-2025-25022 | IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure | S | |
| CVE-2025-25023 | IBM Security Guardium information disclosure | | |
| CVE-2025-25025 | IBM Security Guardium information disclosure | S | |
| CVE-2025-25026 | IBM Security Guardium information disclosure | S | |
| CVE-2025-25029 | IBM Security Guardium information disclosure | S | |
| CVE-2025-25032 | IBM Cognos Analytics denial of service | S | |
| CVE-2025-25034 | SugarCRM PHP Deserialization RCE | E | |
| CVE-2025-25035 | Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS) | | |
| CVE-2025-25036 | Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE) | | |
| CVE-2025-25037 | Aquatronica Controller System Complete Information Disclosure | E | |
| CVE-2025-25038 | MiniDVBLinux Root Command Injection | E | |
| CVE-2025-25039 | Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface | | |
| CVE-2025-25040 | Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches | | |
| CVE-2025-25041 | Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client | | |
| CVE-2025-25042 | Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface | | |
| CVE-2025-25044 | IBM Planning Analytics Local cross-site scripting | S | |
| CVE-2025-25045 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2025-25046 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2025-25050 | Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability | | |
| CVE-2025-25052 | arkcompiler_ets_runtime has a buffer overflow vulnerability | | |
| CVE-2025-25053 | OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-... | | |
| CVE-2025-25054 | Movable Type contains a reflected cross-site scripting vulnerability in the user information edit pa... | | |
| CVE-2025-25055 | Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0... | | |
| CVE-2025-25056 | Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user vie... | | |
| CVE-2025-25057 | third_party_NuttX has a memory leak vulnerability | | |
| CVE-2025-25060 | Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. ... | | |
| CVE-2025-25061 | Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and H... | | |
| CVE-2025-25062 | An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn'... | | |
| CVE-2025-25063 | An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does n... | | |
| CVE-2025-25064 | SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x b... | | |
| CVE-2025-25065 | SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x befo... | | |
| CVE-2025-25066 | nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/n... | | |
| CVE-2025-25067 | mySCADA myPRO Manager OS Command Injection | S | |
| CVE-2025-25068 | Bypassing MFA Enforcement on Plugin Endpoints | S | |
| CVE-2025-25069 | Apache Kvrocks: Cross-Protocol Scripting Vulnerability | | |
| CVE-2025-25070 | WordPress Album Reviewer plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25071 | WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25072 | WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25073 | WordPress Easy WP Tiles plugin <= 1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25074 | WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25075 | WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25076 | WordPress Graceful Email Obfuscation plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25077 | WordPress Easy Chart Builder for WordPress plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25078 | WordPress Google Earth Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25079 | WordPress Simple Select All Text Box plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25080 | WordPress Kona Gallery Block plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25081 | WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability | | |
| CVE-2025-25082 | WordPress flexIDX Home Search plugin <= 2.1.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25083 | WordPress EP4 More Embeds Plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25084 | WordPress UniTimetable plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25085 | WordPress WP SimpleWeather plugin <= 0.2.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25086 | WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25087 | WordPress seekXL Snapr plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25088 | WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25089 | WordPress Image Rotator plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25090 | WordPress Dreamstime Stock Photos plugin <= 4.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-25091 | WordPress NextGen Cooliris Gallery plugin <= 0.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25092 | WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25093 | WordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerability | | |
| CVE-2025-25094 | WordPress Breaking News Ticker plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25095 | WordPress ReverbNation Widgets plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability< | | |
| CVE-2025-25096 | WordPress RSS in Page plugin <= 2.9.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25097 | WordPress External "Video for Everybody" plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25098 | WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25099 | WordPress Appointment Buddy Widget By Accrete plugin <= 1.2. - Reflected Cross-Site Scripting vulnerability | | |
| CVE-2025-25100 | WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25101 | WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability | | |
| CVE-2025-25102 | WordPress Yahoo BOSS Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25103 | WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability | | |
| CVE-2025-25104 | WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25105 | WordPress Pop Up Plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25106 | WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability | | |
| CVE-2025-25107 | WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability | | |
| CVE-2025-25108 | WordPress SW Plus Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25109 | WordPress Vehicle Manager plugin <= 3.1 - Local File Inclusion vulnerability | | |
| CVE-2025-25110 | WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability | | |
| CVE-2025-25111 | WordPress WP Spell Check Plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-25112 | WordPress Social Links plugin <= 1.2 - SQL Injection vulnerability | | |
| CVE-2025-25113 | WordPress Implied Cookie Consent plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25114 | WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25115 | WordPress Like dislike plus counter plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25116 | WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability | | |
| CVE-2025-25117 | WordPress Smart Countdown FX plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25118 | WordPress WPOptin plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25119 | WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25120 | WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability | | |
| CVE-2025-25121 | WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-25122 | WordPress WizShop Plugin <= 3.0.2 - Local File Inclusion vulnerability | | |
| CVE-2025-25123 | WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25124 | WordPress Status Updater Plugin <= 9.21 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25125 | WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25126 | WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25127 | WordPress Contact Us By Lord Linus Plugin <= 2.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25128 | WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25129 | WordPress Callback Request plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25130 | WordPress Delete Comments By Status plugin <= 1.5.3 - Local File Inclusion vulnerability | | |
| CVE-2025-25131 | WordPress RJ Quickcharts plugin <= 0.6.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25132 | WordPress Visitor Details plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25133 | WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability | | |
| CVE-2025-25134 | WordPress Theme Demo Bar Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25135 | WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25136 | WordPress Optimate Ads plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2025-25137 | WordPress Social Links plugin <= 1.0.11 - Stored Cross-Site Scripting vulnerability | | |
| CVE-2025-25138 | WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25139 | WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25140 | WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25141 | WordPress Fami Sales Popup plugin <= 2.0.0 - Local File Inclusion vulnerability | | |
| CVE-2025-25142 | WordPress WP Less Compiler plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25143 | WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability | | |
| CVE-2025-25144 | WordPress Theasys plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25145 | WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-25146 | WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-25147 | WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25148 | WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25149 | WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25150 | Directory Listings WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability | S | |
| CVE-2025-25151 | WordPress uListing Plugin <= 2.1.6 - SQL Injection vulnerability | | |
| CVE-2025-25152 | WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25153 | WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25154 | WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25155 | WordPress Music Sheet Viewer plugin <= 4.1 - Arbitrary File Read vulnerability | | |
| CVE-2025-25156 | WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25157 | WordPress WP Church Center Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25158 | WordPress Uncomplicated SEO plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25159 | WordPress WP doodlez plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25160 | WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25161 | WordPress WP Find Your Nearest Plugin <= 0.3.1 - CSRF to Settings Change vulnerability | | |
| CVE-2025-25162 | WordPress Sports Rankings and Lists plugin <= 2.3 - Arbitrary File Download vulnerability | | |
| CVE-2025-25163 | WordPress Plugin A/B Image Optimizer Plugin <= 3.3 - Arbitrary File Download vulnerability | | |
| CVE-2025-25164 | WordPress Meta Accelerator plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25165 | WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25166 | WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25167 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability | | |
| CVE-2025-25168 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-25169 | WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25170 | WordPress Migrate Posts Plugin <=1.0 - Post Based Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-25171 | WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability | | |
| CVE-2025-25173 | WordPress FastBook plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-25175 | A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter ... | | |
| CVE-2025-25178 | GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory | | |
| CVE-2025-25179 | GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory | | |
| CVE-2025-25181 | A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows re... | KEV E | |
| CVE-2025-25182 | Stroom Authentication/Authorization Bypass when using AWS ALB | | |
| CVE-2025-25183 | vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache | | |
| CVE-2025-25184 | Possible Log Injection in Rack::CommonLogger | | |
| CVE-2025-25185 | GPT Academic allows arbitary file read by tarfile uncompress within softlink | E S | |
| CVE-2025-25186 | Net::IMAP vulnerable to possible DoS by memory exhaustion | | |
| CVE-2025-25187 | Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin | E S | |
| CVE-2025-25188 | DNSSEC validation may accept broken authentication chains | | |
| CVE-2025-25189 | [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script | E | |
| CVE-2025-25190 | [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server | E | |
| CVE-2025-25191 | Group-Office has a Stored XSS Vulnerability via user's name field | | |
| CVE-2025-25192 | GLPI allows unauthorized access to debug mode | | |
| CVE-2025-25193 | Denial of Service attack on windows app using Netty | E S | |
| CVE-2025-25194 | Server-Side Request Forgery (SSRF) in activitypub_federation | | |
| CVE-2025-25195 | Zulip events can leak private channel names | | |
| CVE-2025-25196 | OpenFGA Authorization Bypass | | |
| CVE-2025-25197 | Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports | | |
| CVE-2025-25198 | mailcow: dockerized vulnerable to password reset poisoning | | |
| CVE-2025-25199 | BCryptGenerateSymmetricKey memory leak | | |
| CVE-2025-25200 | Koa has Inefficient Regular Expression Complexity | | |
| CVE-2025-25201 | Improper Validation of Admin Key in PIV Smartcard | | |
| CVE-2025-25202 | Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` | | |
| CVE-2025-25203 | Ctrlpanel has stored XSS vulnerability in TicketsController priority field | | |
| CVE-2025-25204 | `gh attestation verify` returns incorrect exit code during verification if no attestations are present | | |
| CVE-2025-25205 | Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching | E S | |
| CVE-2025-25206 | Incorrect input validation could allow an authenticated user to read sensitive information | | |
| CVE-2025-25207 | Rhcl: authpolicy callbacks result in denial of service in authorino severity | | |
| CVE-2025-25208 | Rhcl: authorino denial of service through authpolicy with sharedsecretref severity | | |
| CVE-2025-25209 | Rhcl: sharedsecretref can be used to leak secrets severity | M | |
| CVE-2025-25211 | Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this ... | | |
| CVE-2025-25213 | Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac seri... | | |
| CVE-2025-25215 | Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability | | |
| CVE-2025-25217 | arkui_ace_enginehas a NULL pointer dereference vulnerability | | |
| CVE-2025-25218 | third_party_mksh has a NULL pointer dereference vulnerability | | |
| CVE-2025-25220 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2025-25221 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain... | | |
| CVE-2025-25222 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain... | | |
| CVE-2025-25223 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain... | | |
| CVE-2025-25224 | The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain... | | |
| CVE-2025-25225 | Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla | | |
| CVE-2025-25226 | [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package | | |
| CVE-2025-25227 | [20250402] - Joomla Core - MFA Authentication Bypass | | |
| CVE-2025-25228 | Extension - virtuemart.net - SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla | | |
| CVE-2025-25230 | Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local acces... | | |
| CVE-2025-25234 | Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor ... | | |
| CVE-2025-25241 | Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests) | | |
| CVE-2025-25242 | Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP | | |
| CVE-2025-25243 | Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) | | |
| CVE-2025-25244 | Missing Authorization Check in SAP Business Warehouse (Process Chains) | | |
| CVE-2025-25245 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | | |
| CVE-2025-25246 | NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote co... | | |
| CVE-2025-25247 | Apache Felix Webconsole: XSS in services console | | |
| CVE-2025-25250 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS ver... | S | |
| CVE-2025-25251 | An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 thr... | S | |
| CVE-2025-25254 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE... | S | |
| CVE-2025-25264 | Overly Permissive CORS Policy in WAGO Device Manager | | |
| CVE-2025-25265 | Unauthenticated File Read via Web Interface | | |
| CVE-2025-25266 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021)... | | |
| CVE-2025-25267 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021)... | | |
| CVE-2025-25268 | Unauthenticated Configuration Access via Exposed API Endpoint | | |
| CVE-2025-25269 | Local Privilege Escalation via Unauthenticated Command Injection | | |
| CVE-2025-25270 | Remote Code Execution via Unauthenticated Configuration Manipulation | | |
| CVE-2025-25271 | OCPP Backend Configuration via Insecure Defaults | | |
| CVE-2025-25274 | Unauthorized Command Execution in Archived Channels | S | |
| CVE-2025-25276 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-25279 | Arbitrary file read in Mattermost Boards via import & export board archive | S | |
| CVE-2025-25280 | Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Prot... | | |
| CVE-2025-25281 | Outback Power Mojave Inverter Exposure of Sensitive Information to an Unauthorized Actor | M | |
| CVE-2025-25282 | Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow | E | |
| CVE-2025-25283 | parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory | | |
| CVE-2025-25284 | Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation | | |
| CVE-2025-25285 | @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking | | |
| CVE-2025-25286 | Crayfish allows Remote Code Execution via Homarus Authorization header | | |
| CVE-2025-25287 | Lakeus vulnerable to stored XSS via system messages | | |
| CVE-2025-25288 | @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking | | |
| CVE-2025-25289 | @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking | | |
| CVE-2025-25290 | @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking | | |
| CVE-2025-25291 | ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential) | | |
| CVE-2025-25292 | Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential) | | |
| CVE-2025-25293 | ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses | | |
| CVE-2025-25294 | Envoy Gateway Log Injection Vulnerability | | |
| CVE-2025-25295 | Label Studio has a Path Traversal Vulnerability via image Field | | |
| CVE-2025-25296 | Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint | | |
| CVE-2025-25297 | Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint | | |
| CVE-2025-25299 | Cross-site scripting (XSS) in the real-time collaboration package | | |
| CVE-2025-25300 | smartbanner.js rel noopener XSS vulnerability | | |
| CVE-2025-25301 | Rembg allows SSRF via /api/remove | E | |
| CVE-2025-25302 | Rembg CORS misconfiguration | E | |
| CVE-2025-25303 | Server-Side Request Forgery (SSRF) in MouseTooltipTranslator | | |
| CVE-2025-25304 | Vega allows Cross-site Scripting via the vlSelectionTuples function | | |
| CVE-2025-25305 | SSL validation for outgoing requests in Home Assistant Core and used libs not correct | | |
| CVE-2025-25306 | Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes | | |
| CVE-2025-25323 | An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows atta... | E | |
| CVE-2025-25324 | An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sens... | E | |
| CVE-2025-25325 | An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers t... | E | |
| CVE-2025-25326 | An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allo... | E | |
| CVE-2025-25329 | An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows atta... | E | |
| CVE-2025-25330 | An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user in... | E | |
| CVE-2025-25331 | An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user infor... | E | |
| CVE-2025-25333 | An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a... | | |
| CVE-2025-25334 | An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user... | E | |
| CVE-2025-25343 | Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.... | E | |
| CVE-2025-25349 | PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php... | E | |
| CVE-2025-25351 | PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php... | E | |
| CVE-2025-25352 | A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0,... | E | |
| CVE-2025-25354 | A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which a... | E | |
| CVE-2025-25355 | A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Rec... | E | |
| CVE-2025-25356 | A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Rec... | E | |
| CVE-2025-25357 | A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.... | E | |
| CVE-2025-25361 | An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of Publi... | E | |
| CVE-2025-25362 | A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execut... | | |
| CVE-2025-25363 | An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mai... | | |
| CVE-2025-25370 | An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximat... | | |
| CVE-2025-25371 | NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing th... | E | |
| CVE-2025-25372 | NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious tel... | E | |
| CVE-2025-25373 | The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which... | E | |
| CVE-2025-25374 | In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that ... | E | |
| CVE-2025-25379 | Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arb... | E | |
| CVE-2025-25381 | Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.... | E | |
| CVE-2025-25382 | An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows att... | E | |
| CVE-2025-25387 | A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record ... | E | |
| CVE-2025-25388 | A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record Sy... | E | |
| CVE-2025-25389 | A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record Syst... | E | |
| CVE-2025-25403 | Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/m... | E | |
| CVE-2025-25426 | yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.... | E | |
| CVE-2025-25427 | XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page | E | |
| CVE-2025-25428 | TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/sh... | E | |
| CVE-2025-25429 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_na... | E | |
| CVE-2025-25430 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the conf... | E | |
| CVE-2025-25431 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ... | E | |
| CVE-2025-25450 | An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate p... | | |
| CVE-2025-25451 | An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker... | | |
| CVE-2025-25452 | An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate p... | | |
| CVE-2025-25453 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.... | E | |
| CVE-2025-25454 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.... | E | |
| CVE-2025-25455 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.... | E | |
| CVE-2025-25456 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.... | E | |
| CVE-2025-25457 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.... | E | |
| CVE-2025-25458 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.... | E | |
| CVE-2025-25460 | A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add ... | E | |
| CVE-2025-25461 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin wi... | E | |
| CVE-2025-25462 | A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record Sys... | E | |
| CVE-2025-25467 | Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers ... | | |
| CVE-2025-25468 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component liba... | | |
| CVE-2025-25469 | FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component liba... | | |
| CVE-2025-25471 | FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the ... | | |
| CVE-2025-25472 | A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS... | | |
| CVE-2025-25473 | FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the ... | | |
| CVE-2025-25474 | DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.... | | |
| CVE-2025-25475 | A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attacker... | | |
| CVE-2025-25476 | A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elev... | E | |
| CVE-2025-25477 | A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files ... | E | |
| CVE-2025-25478 | The account file upload functionality in Syspass 3.2.x fails to properly handle special characters i... | E | |
| CVE-2025-25497 | An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7)... | | |
| CVE-2025-25500 | An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchai... | E | |
| CVE-2025-25504 | An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86... | E | |
| CVE-2025-25505 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.... | E | |
| CVE-2025-25507 | There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the par... | E | |
| CVE-2025-25510 | Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.... | E | |
| CVE-2025-25513 | Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.... | E | |
| CVE-2025-25514 | Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.... | E | |
| CVE-2025-25515 | Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attac... | E | |
| CVE-2025-25516 | Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.... | E | |
| CVE-2025-25517 | Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.... | E | |
| CVE-2025-25519 | Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.... | E | |
| CVE-2025-25520 | Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.... | E | |
| CVE-2025-25521 | Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.... | E | |
| CVE-2025-25522 | Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification,... | | |
| CVE-2025-25523 | Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of... | | |
| CVE-2025-25524 | Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of l... | | |
| CVE-2025-25525 | Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length... | | |
| CVE-2025-25526 | Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to the lack of length verification... | | |
| CVE-2025-25527 | Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length ver... | | |
| CVE-2025-25528 | Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by no... | | |
| CVE-2025-25529 | Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length veri... | | |
| CVE-2025-25530 | Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length... | | |
| CVE-2025-25535 | HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate priv... | | |
| CVE-2025-25539 | Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensi... | | |
| CVE-2025-25565 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert an... | E | |
| CVE-2025-25566 | Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service ... | E | |
| CVE-2025-25567 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChar... | E | |
| CVE-2025-25568 | SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcc... | E | |
| CVE-2025-25570 | Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded creden... | E | |
| CVE-2025-25579 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.... | E | |
| CVE-2025-25580 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBy... | E | |
| CVE-2025-25582 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoti... | E | |
| CVE-2025-25585 | Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.0... | E | |
| CVE-2025-25586 | yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the ... | E | |
| CVE-2025-25589 | An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of y... | | |
| CVE-2025-25590 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component ... | E | |
| CVE-2025-25595 | A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass auth... | E | |
| CVE-2025-25598 | Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.75... | | |
| CVE-2025-25604 | Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable functi... | E | |
| CVE-2025-25605 | Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pinc... | E | |
| CVE-2025-25609 | TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability ar... | | |
| CVE-2025-25610 | TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability ar... | | |
| CVE-2025-25612 | FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (X... | | |
| CVE-2025-25614 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teacher... | E | |
| CVE-2025-25615 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list ... | | |
| CVE-2025-25616 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rule... | | |
| CVE-2025-25617 | Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to ... | E | |
| CVE-2025-25618 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change o... | | |
| CVE-2025-25620 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.... | | |
| CVE-2025-25621 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attend... | | |
| CVE-2025-25625 | A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware ... | | |
| CVE-2025-25632 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telne... | E | |
| CVE-2025-25634 | A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the... | E | |
| CVE-2025-25635 | TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability ar... | | |
| CVE-2025-25650 | An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows... | | |
| CVE-2025-25662 | Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of t... | | |
| CVE-2025-25663 | A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the ... | E | |
| CVE-2025-25664 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in ... | E | |
| CVE-2025-25667 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the fu... | E | |
| CVE-2025-25668 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in ... | E | |
| CVE-2025-25674 | Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the ... | | |
| CVE-2025-25675 | Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand fu... | | |
| CVE-2025-25676 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the ... | | |
| CVE-2025-25678 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in... | | |
| CVE-2025-25679 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the... | | |
| CVE-2025-25680 | LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direc... | E | |
| CVE-2025-25683 | AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF fil... | | |
| CVE-2025-25684 | A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows a... | | |
| CVE-2025-25685 | An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitra... | E | |
| CVE-2025-25686 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.... | E | |
| CVE-2025-25709 | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the... | | |
| CVE-2025-25711 | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the... | | |
| CVE-2025-25723 | Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.... | E | |
| CVE-2025-25724 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value,... | | |
| CVE-2025-25725 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25724. Reason: This candidat... | R | |
| CVE-2025-25726 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidat... | R | |
| CVE-2025-25727 | Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were disc... | | |
| CVE-2025-25728 | Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were disc... | | |
| CVE-2025-25729 | An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000... | | |
| CVE-2025-25730 | An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.U... | E | |
| CVE-2025-25740 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability vi... | E | |
| CVE-2025-25741 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability vi... | E | |
| CVE-2025-25742 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability vi... | E | |
| CVE-2025-25743 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVi... | E | |
| CVE-2025-25744 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability vi... | E | |
| CVE-2025-25745 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability vi... | E | |
| CVE-2025-25746 | D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability vi... | E | |
| CVE-2025-25747 | Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute ... | E | |
| CVE-2025-25748 | A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to per... | | |
| CVE-2025-25749 | An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack ... | E M | |
| CVE-2025-25758 | An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via t... | E | |
| CVE-2025-25759 | An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory t... | | |
| CVE-2025-25760 | A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attac... | | |
| CVE-2025-25761 | HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component... | E | |
| CVE-2025-25763 | crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDat... | | |
| CVE-2025-25765 | MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file... | E | |
| CVE-2025-25766 | An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows att... | E | |
| CVE-2025-25767 | A vertical privilege escalation vulnerability in the component /controller/UserController.java of MR... | E | |
| CVE-2025-25768 | MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the ... | E | |
| CVE-2025-25769 | Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the compo... | | |
| CVE-2025-25770 | Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the compo... | E | |
| CVE-2025-25772 | A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9... | E | |
| CVE-2025-25774 | An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover ... | E S | |
| CVE-2025-25775 | Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter ... | E | |
| CVE-2025-25776 | Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features o... | E | |
| CVE-2025-25777 | Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthori... | E | |
| CVE-2025-25783 | An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows ... | E | |
| CVE-2025-25784 | An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4... | E | |
| CVE-2025-25785 | JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\... | | |
| CVE-2025-25789 | FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() ... | E | |
| CVE-2025-25790 | An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2... | E | |
| CVE-2025-25791 | An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows at... | E | |
| CVE-2025-25792 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen pa... | E | |
| CVE-2025-25793 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-25794 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-25796 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-25797 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-25799 | SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents ... | E | |
| CVE-2025-25800 | SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents ... | E | |
| CVE-2025-25802 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-25813 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-25818 | A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary... | | |
| CVE-2025-25823 | A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary... | | |
| CVE-2025-25825 | A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary... | | |
| CVE-2025-25827 | A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers ... | | |
| CVE-2025-25871 | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissio... | E | |
| CVE-2025-25872 | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissio... | E | |
| CVE-2025-25873 | Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to... | E | |
| CVE-2025-25875 | A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unkno... | E | |
| CVE-2025-25876 | A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unkno... | E | |
| CVE-2025-25877 | A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unkno... | E | |
| CVE-2025-25878 | A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unkno... | E | |
| CVE-2025-25891 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destinatio... | E | |
| CVE-2025-25892 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, ds... | E | |
| CVE-2025-25893 | An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort,... | E | |
| CVE-2025-25894 | An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and s... | E | |
| CVE-2025-25895 | An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type pa... | E | |
| CVE-2025-25896 | A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask... | E | |
| CVE-2025-25897 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /... | E | |
| CVE-2025-25898 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter... | E | |
| CVE-2025-25899 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /... | | |
| CVE-2025-25900 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and passwo... | | |
| CVE-2025-25901 | A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver... | E | |
| CVE-2025-25905 | Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to i... | E | |
| CVE-2025-25907 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/aj... | E | |
| CVE-2025-25908 | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitra... | E | |
| CVE-2025-25914 | SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execut... | E | |
| CVE-2025-25916 | wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\mem... | E | |
| CVE-2025-25925 | A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to exec... | E | |
| CVE-2025-25927 | A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitr... | E | |
| CVE-2025-25928 | A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0... | E | |
| CVE-2025-25929 | A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet o... | E | |
| CVE-2025-25939 | Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_pro... | E | |
| CVE-2025-25940 | VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of Visi... | E | |
| CVE-2025-25942 | An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4frag... | E | |
| CVE-2025-25943 | Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary cod... | E | |
| CVE-2025-25944 | Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary cod... | E | |
| CVE-2025-25945 | An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Frag... | E | |
| CVE-2025-25946 | An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Pro... | E | |
| CVE-2025-25947 | An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, sp... | E | |
| CVE-2025-25948 | Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd A... | | |
| CVE-2025-25949 | A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Inf... | | |
| CVE-2025-25950 | Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd A... | | |
| CVE-2025-25951 | An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Sol... | | |
| CVE-2025-25952 | An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX ... | | |
| CVE-2025-25953 | Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered ... | | |
| CVE-2025-25957 | Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to esc... | E | |
| CVE-2025-25958 | Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privil... | E | |
| CVE-2025-25960 | Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileg... | E | |
| CVE-2025-25962 | An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate... | | |
| CVE-2025-25967 | Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attac... | | |
| CVE-2025-25968 | DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An ... | | |
| CVE-2025-25973 | A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0... | | |
| CVE-2025-25975 | An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expa... | E | |
| CVE-2025-25977 | An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the cl... | E | |
| CVE-2025-25983 | An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro androi... | E | |
| CVE-2025-25984 | An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows... | E | |
| CVE-2025-25985 | An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows... | E | |
| CVE-2025-25988 | Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of s... | E | |
| CVE-2025-25990 | Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive ... | E | |
| CVE-2025-25991 | SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive informa... | E | |
| CVE-2025-25992 | SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive informat... | E | |
| CVE-2025-25993 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive info... | E | |
| CVE-2025-25994 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive info... | E | |
| CVE-2025-25997 | Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive ... | E |