| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-27000 | WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability | S | |
| CVE-2025-27001 | WordPress Shipmondo plugin <= 5.0.3 - Authenticated Arbitrary WordPress Option Disclosure vulnerability | S | |
| CVE-2025-27007 | WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability | S | |
| CVE-2025-27008 | WordPress Unlimited Timeline < 1.6.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-27009 | WordPress My auctions allegro plugin <= 3.6.20 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27010 | WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability | S | |
| CVE-2025-27011 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Local File Inclusion vulnerability | S | |
| CVE-2025-27012 | WordPress A1POST.BG Shipping for Woo plugin <= 1.5.1 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2025-27013 | WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-27014 | WordPress Hostiko Theme < 30.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-27015 | WordPress Hostiko Theme < 30.1 - Local File Inclusion vulnerability | S | |
| CVE-2025-27016 | WordPress Drivr Lite – Google Drive Plugin plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27017 | Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record | | |
| CVE-2025-27018 | Apache Airflow MySQL Provider: SQL injection in MySQL provider core function | S | |
| CVE-2025-27021 | Operating System Misconfiguration in Infinera G42 | | |
| CVE-2025-27022 | Path Traversal Vulnerability in Infinera G42 | | |
| CVE-2025-27023 | Improper Input Validation in Infinera G42 | | |
| CVE-2025-27024 | Improper File Access in Infinera G42 | | |
| CVE-2025-27025 | Improper File Access in Infinera G42 | | |
| CVE-2025-27026 | Improper Access Control Granularity impacting Infinera G42 | | |
| CVE-2025-27027 | Restricted shell evasion in Radiflow iSAP Smart Collector | | |
| CVE-2025-27028 | Read access of deprivileged Radiflow iSAP Smart Collector user | | |
| CVE-2025-27029 | Buffer Over-read in WLAN HAL | | |
| CVE-2025-27031 | Use After Free in Bluetooth HOST | | |
| CVE-2025-27038 | Use After Free in Graphics | KEV | |
| CVE-2025-27042 | Incorrect Calculation of Buffer Size in Video | | |
| CVE-2025-27043 | Buffer Copy Without Checking Size of Input in Video | | |
| CVE-2025-27044 | Out-of-bounds Write in Video | | |
| CVE-2025-27046 | Double Free in Display | | |
| CVE-2025-27047 | Use After Free in Display | | |
| CVE-2025-27050 | Use After Free in Camera | | |
| CVE-2025-27051 | Double Free in Windows WLAN Host | | |
| CVE-2025-27052 | Buffer Copy Without Checking Size of Input in Core Services | | |
| CVE-2025-27055 | Buffer Over-read in Camera | | |
| CVE-2025-27056 | Use After Free in DSP Service | | |
| CVE-2025-27057 | Buffer Over-read in WLAN Host | | |
| CVE-2025-27058 | Buffer Copy Without Checking Size of Input in Computer Vision | | |
| CVE-2025-27061 | Out-of-bounds Write in Video | | |
| CVE-2025-27078 | Authenticated Remote Command Execution caused by Insecure Function Usage in System Binary | | |
| CVE-2025-27079 | Arbitrary File Creation vulnerability allows for Authenticated Remote Code Execution in CLI Interface | | |
| CVE-2025-27080 | Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface | | |
| CVE-2025-27081 | HPE NonStop OSM Service Connection Suite, Denial of Service vulnerability | | |
| CVE-2025-27082 | Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write | | |
| CVE-2025-27083 | Authenticated Command Injection Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface | | |
| CVE-2025-27084 | Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal (CP) of an AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-based Management Interface | | |
| CVE-2025-27085 | Arbitrary File Download Vulnerabilities in Web-Based Management Interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor | | |
| CVE-2025-27086 | A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass ... | | |
| CVE-2025-27087 | A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform ... | | |
| CVE-2025-27088 | Reflected Cross-site Scripting (XSS) in template implementation in oxyno-zeta/s3-proxy | E S | |
| CVE-2025-27089 | Overlapping policies allow update to non-allowed fields in directus | | |
| CVE-2025-27090 | Server-Side Request Forgery (SSRF) in sliver teamserver | E S | |
| CVE-2025-27091 | OpenH264 Decoding Functions Heap Overflow Vulnerability | | |
| CVE-2025-27092 | Path Traversal Vulnerability in GHOSTS Photo Retrieval Endpoint | E S | |
| CVE-2025-27094 | Tuleap allows default values to be cleared from field configuration | E S | |
| CVE-2025-27095 | JumpServer has a Kubernetes Token Leak Vulnerability | | |
| CVE-2025-27096 | SQL Injection endpoint 'html/personalizacao_upload.php' parameter 'id_campo' in WeGIA | E | |
| CVE-2025-27097 | Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation | | |
| CVE-2025-27098 | Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh | E | |
| CVE-2025-27099 | Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message | E S | |
| CVE-2025-27100 | An authenticated user can crash lakeFS by exhausting server memory | | |
| CVE-2025-27101 | Broken Access Control in Opal filesystem's copy functionality exposes all user data | E | |
| CVE-2025-27102 | Agate vulnerable to HTML injection in user signup - Administrator phishing risk | E | |
| CVE-2025-27103 | Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability | E | |
| CVE-2025-27104 | double eval in For List Iter in Vyper | E S | |
| CVE-2025-27105 | AugAssign evaluation order causing OOB write within the object in Vyper | E | |
| CVE-2025-27106 | Code injection in binance-trading-bot | | |
| CVE-2025-27107 | Integrated Scripting vulnerable to arbitrary code execution via Java reflection | | |
| CVE-2025-27108 | Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions | S | |
| CVE-2025-27109 | Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js | E | |
| CVE-2025-27110 | Libmodsecurity3 has possible bypass of encoded HTML entities | E | |
| CVE-2025-27111 | Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection | | |
| CVE-2025-27112 | Navidrome has authentication bypass in Subsonic API with non-existent username | E S | |
| CVE-2025-27113 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pat... | E | |
| CVE-2025-27127 | A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Serve... | | |
| CVE-2025-27130 | Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerabil... | | |
| CVE-2025-27131 | kernel_liteos_m has an improper input vulnerability | | |
| CVE-2025-27132 | arkcompiler_ets_runtime has an out-of-bounds write vulnerability | | |
| CVE-2025-27133 | WeGIA has SQL Injection endpoint at 'dao/pet/adicionar_tipo_exame.php' parameter 'tipo_exame' | E S | |
| CVE-2025-27134 | Privilege escalation in Joplin server via user patch endpoint | E S | |
| CVE-2025-27135 | RAGFlow SQL Injection vulnerability | E | |
| CVE-2025-27136 | LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection | | |
| CVE-2025-27137 | Dependency-Track vulnerable to local file inclusion via custom notification templates | | |
| CVE-2025-27138 | DataEase has an improper authentication vulnerability | E | |
| CVE-2025-27139 | Combodo iTop vulnerable to stored self Cross-site Scripting in preferences | | |
| CVE-2025-27140 | WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE) | E S | |
| CVE-2025-27141 | Metabase Enterprise Edition allows cached questions to leak data to impersonated users | | |
| CVE-2025-27142 | LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands | S | |
| CVE-2025-27143 | Beter Auth has an Open Redirect via Scheme-Less Callback Parameter | S | |
| CVE-2025-27144 | Go JOSE's Parsing Vulnerable to Denial of Service | | |
| CVE-2025-27145 | copyparty renders unsanitized filenames as HTML when user uploads empty files | E | |
| CVE-2025-27146 | Matrix IRC Bridge allows IRC command injection to own puppeted user | S | |
| CVE-2025-27147 | GLPI Inventory plugin has Improper Access Control Vulnerability | | |
| CVE-2025-27148 | Gradle vulnerable to local privilege escalation through system temporary directory | | |
| CVE-2025-27149 | Zulip exports can leak private data | | |
| CVE-2025-27150 | Tuleap dumps the Redis password into the generated troubleshooting archives | | |
| CVE-2025-27151 | redis-check-aof may lead to stack overflow and potential RCE | | |
| CVE-2025-27152 | Possible SSRF and Credential Leakage via Absolute URL in axios Requests | E | |
| CVE-2025-27153 | Escalade GLPI Plugin Vulnerable to Improper Access Control | | |
| CVE-2025-27154 | Spotipy's cache file, containing spotify auth token, is created with overly broad permissions | E S | |
| CVE-2025-27155 | In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim | | |
| CVE-2025-27156 | Tuleap allows content injection via emails sent by the mass emailing features | | |
| CVE-2025-27157 | Mastodon's rate-limits are missing on `/auth/setup` | | |
| CVE-2025-27158 | Acrobat Reader | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-27159 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-27160 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-27161 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27162 | Acrobat Reader | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-27163 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27164 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27165 | Substance3D - Stager | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27166 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27167 | Illustrator | Untrusted Search Path (CWE-426) | | |
| CVE-2025-27168 | Illustrator | Stack-based Buffer Overflow (CWE-121) | | |
| CVE-2025-27169 | Illustrator | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27170 | Illustrator | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-27171 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27172 | Substance3D - Designer | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27173 | Substance3D - Modeler | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27174 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-27175 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27176 | InDesign Desktop | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-27177 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27178 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27179 | InDesign Desktop | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-27180 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27181 | Substance3D - Modeler | Use After Free (CWE-416) | | |
| CVE-2025-27182 | After Effects | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27183 | After Effects | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27184 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27185 | After Effects | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-27186 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27187 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27188 | Adobe Commerce | Incorrect Authorization (CWE-863) | S | |
| CVE-2025-27189 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | S | |
| CVE-2025-27190 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-27191 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-27192 | Adobe Commerce | Insufficiently Protected Credentials (CWE-522) | S | |
| CVE-2025-27193 | Bridge | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27194 | Media Encoder | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27195 | Media Encoder | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27196 | Premiere Pro | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27197 | Lightroom Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-27198 | Photoshop Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27199 | Animate | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-27200 | Animate | Use After Free (CWE-416) | | |
| CVE-2025-27201 | Animate | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27202 | Animate | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27203 | Adobe Connect | Deserialization of Untrusted Data (CWE-502) | | |
| CVE-2025-27204 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-27205 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-27206 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-27207 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-27218 | Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote cod... | | |
| CVE-2025-27219 | In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a pot... | | |
| CVE-2025-27220 | In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability e... | | |
| CVE-2025-27221 | In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an ... | | |
| CVE-2025-27241 | multimedia_av_codec has a NULL pointer dereference vulnerability | | |
| CVE-2025-27242 | Ssecurity_component_manager has an improper input vulnerability | | |
| CVE-2025-27244 | AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data t... | | |
| CVE-2025-27247 | Pasteboard has an improper preservation of permissions vulnerability | | |
| CVE-2025-27248 | ai_neural_network_runtime has a NULL pointer dereference vulnerability | | |
| CVE-2025-27253 | An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows ... | | |
| CVE-2025-27254 | Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.... | | |
| CVE-2025-27255 | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escala... | | |
| CVE-2025-27256 | Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup applicat... | | |
| CVE-2025-27257 | Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices all... | | |
| CVE-2025-27263 | WordPress Doctor Appointment Booking Plugin <= 1.0.0 - SQL Injection vulnerability | | |
| CVE-2025-27264 | WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability | | |
| CVE-2025-27265 | WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27266 | WordPress Hover Image Button plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27267 | WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27268 | WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability | S | |
| CVE-2025-27269 | WordPress .htaccess Login block Plugin <= 0.9a - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27270 | WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2025-27271 | WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27272 | WordPress VG PostCarousel plugin <= 1.1 - Local File Inclusion vulnerability | | |
| CVE-2025-27273 | WordPress Affiliate Links Manager Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27274 | WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability | | |
| CVE-2025-27275 | WordPress WOO Codice Fiscale plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27276 | WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2025-27277 | WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-27278 | WordPress AcuGIS Leaflet Maps Plugin <= 5.1.1.0 - Multiple Cross Site Scripting (XSS) vulnerabilities | | |
| CVE-2025-27279 | WordPress Flashfader Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27280 | WordPress Archive Page plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27281 | WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability | | |
| CVE-2025-27282 | WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability | | |
| CVE-2025-27283 | WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Download vulnerability | | |
| CVE-2025-27284 | WordPress Flagged Content Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27285 | WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-27286 | WordPress Saoshyant Slider Plugin <= 3.0 - PHP Object Injection vulnerability | | |
| CVE-2025-27287 | WordPress SS Quiz Plugin <= 2.0.5 - PHP Object Injection vulnerability | | |
| CVE-2025-27288 | WordPress File Icons Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27289 | WordPress Restrict Taxonomies Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27290 | WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27291 | WordPress Photo Gallery – Image Gallery Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27292 | WordPress WPYog Documents Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27293 | WordPress Shipmozo Courier Tracking plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27294 | WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability | | |
| CVE-2025-27295 | WordPress Live css plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27296 | WordPress Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settings Change vulnerability | | |
| CVE-2025-27297 | WordPress Bravo Search & Replace Plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2025-27298 | WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability | | |
| CVE-2025-27299 | WordPress MyTicket Events plugin <= 1.2.4 - Non-Arbitrary File Read vulnerability | | |
| CVE-2025-27300 | WordPress ADFO plugin <= 1.9.1 - Deserialization of untrusted data vulnerability | | |
| CVE-2025-27301 | WordPress NHR Options Table Manager Plugin <= 1.1.2 - Deserialization of untrusted data vulnerability | | |
| CVE-2025-27302 | WordPress CHATLIVE plugin <= 2.0.1 - SQL Injection vulnerability | | |
| CVE-2025-27303 | WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27304 | WordPress Contact Form 7 Star Rating with font Awesome plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27305 | WordPress Table of Contents Block plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27306 | WordPress Pathomation plugin <= 2.5.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27307 | WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27308 | WordPress WP Video Posts plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27309 | WordPress flickr-slideshow-wrapper Plugin <= 5.4.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27310 | WordPress Page and Post Lister plugin <= 1.2.1 - Arbitrary Content Deletion vulnerability | | |
| CVE-2025-27311 | WordPress Bulk Content Creator Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27312 | WordPress WP Sitemap plugin <= 1.0 - SQL Injection vulnerability | | |
| CVE-2025-27313 | WordPress Google Maps GPX Viewer Plugin <= 3.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27314 | WordPress Kush Micro News Plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27315 | WordPress All-In-One Cufon Plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27316 | WordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27317 | WordPress RAYS Grid Plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27318 | WordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27319 | WordPress User List plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27320 | WordPress Profile Widget Ninja plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27321 | WordPress Blightly Explorer plugin <= 2.3.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-27322 | WordPress QR Code for WooCommerce Plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27323 | WordPress WP About Author plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27324 | WordPress 17TRACK for WooCommerce Plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27325 | WordPress Video.js HLS Player plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27326 | WordPress Video Gallery Block – Display your videos as a gallery in a professional way plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-27327 | WordPress Live Streaming Video Player – by SRS Player plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27328 | WordPress WP-PostRatings Cheater Plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27329 | WordPress EZ InLinkz linkup plugin <= 0.18 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27330 | WordPress PlayerJS plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27331 | WordPress WooCommerce Display Products by Tags plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27332 | WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-27333 | WordPress Protected wp-login Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27334 | WordPress Simple Google Static Map <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-27335 | WordPress Auto Tag Links Plugin <= 1.0.13 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27336 | WordPress Just Variables Plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27337 | WordPress Fontsampler Plugin <= 0.4.14 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27338 | WordPress List Urls Plugin <= 0.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27339 | WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27340 | WordPress F12-Profiler Plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27341 | WordPress Reactive Mortgage Calculator plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27342 | WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27343 | WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27344 | WordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27345 | WordPress Booking Ultra Pro Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-27346 | WordPress Rebuild Permalinks Plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27347 | WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27348 | WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27349 | WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27350 | WordPress Vice Versa plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27351 | WordPress Local Search SEO Contact Page plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27352 | WordPress 无觅相关文章插件 plugin <= 1.0.5.7 - CSRF to Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27353 | WordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27354 | WordPress Simple Email Subscriber plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27355 | WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-27356 | WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability | | |
| CVE-2025-27357 | WordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-27358 | WordPress Frontend File Manager plugin <= 23.2 - Content Injection Vulnerability | | |
| CVE-2025-27359 | WordPress WP Media File Type Manager plugin <= 2.3.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-27360 | WordPress Quick Event Calendar <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-27361 | WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-27362 | WordPress Petito <= 1.6.2 - Local File Inclusion Vulnerability | | |
| CVE-2025-27363 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are ... | KEV | |
| CVE-2025-27364 | In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability... | E | |
| CVE-2025-27365 | IBM MQ Operator denial of service | S | |
| CVE-2025-27367 | IBM OpenPages with Watson improper input validation | S | |
| CVE-2025-27369 | IBM OpenPages with Watson information disclosure | S | |
| CVE-2025-27370 | OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When t... | | |
| CVE-2025-27371 | In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Clie... | | |
| CVE-2025-27387 | OPPPO Clone Phone uses weak WPA passphrase as only means of security | | |
| CVE-2025-27391 | Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log | | |
| CVE-2025-27392 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27393 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27394 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27395 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27396 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27397 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27398 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). ... | | |
| CVE-2025-27399 | Mastodon's domain blocks & rationales ignore user approval when visibility set as "users" | | |
| CVE-2025-27400 | Magento vulnerable to stored XSS in theme config fields | | |
| CVE-2025-27401 | In Tuleap, deleting a report can delete criteria filters in other reports | | |
| CVE-2025-27402 | Tuleap is missing CSRF protections on tracker fields administrative operations | | |
| CVE-2025-27403 | Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries | | |
| CVE-2025-27404 | Icinga Web 2 DOM-based XSS vulnerability | | |
| CVE-2025-27405 | Icinga Web 2 has XSS in embedded content | | |
| CVE-2025-27406 | Icinga Reporting Stored XSS leads to SSRF | | |
| CVE-2025-27407 | Remote code execution when loading a crafted GraphQL schema | | |
| CVE-2025-27408 | Manifest Uses a One-Way Hash without a Salt | | |
| CVE-2025-27409 | Joplin Server Vulnerable to Path Traversal | E S | |
| CVE-2025-27410 | PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin | E S | |
| CVE-2025-27411 | REDAXO allows Arbitrary File Upload in the mediapool page | E S | |
| CVE-2025-27412 | REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation | E | |
| CVE-2025-27413 | PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json | E S | |
| CVE-2025-27414 | MinIO SFTP authentication bypass due to improperly trusted SSH key | | |
| CVE-2025-27415 | Nuxt allows DOS via cache poisoning with payload rendering response | | |
| CVE-2025-27416 | Asking For Scratch Username And Password | | |
| CVE-2025-27417 | WeGIA Contains a Stored Cross-Site Scripting (XSS) in 'adicionar_status_atendido.php' via the 'status' parameter | E S | |
| CVE-2025-27418 | WeGIA contains a Stored Cross-Site Scripting (XSS) in 'adicionar_tipo_atendido.php' via the 'tipo' parameter | E S | |
| CVE-2025-27419 | Denial of Service (DoS) in WeGIA due to Recursive Crawling of Dynamic URLs | E S | |
| CVE-2025-27420 | WeGIA contains a Stored Cross-Site Scripting (XSS) in 'atendido_parentesco_adicionar.php' via the 'descricao' parameter | E S | |
| CVE-2025-27421 | Goroutine Leak in Abacus SSE Implementation | | |
| CVE-2025-27422 | FACTION Allows Authentication Bypass via User Creation | | |
| CVE-2025-27423 | Improper Input Validation in Vim | | |
| CVE-2025-27424 | Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a mali... | | |
| CVE-2025-27425 | Scanning certain QR codes that included text with a website URL could allow the URL to be opened wit... | | |
| CVE-2025-27426 | Malicious websites utilizing a server-side redirect to an internal error page could result in a spoo... | | |
| CVE-2025-27427 | Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission | | |
| CVE-2025-27428 | Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) | | |
| CVE-2025-27429 | Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise) | | |
| CVE-2025-27430 | Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center) | | |
| CVE-2025-27431 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java | | |
| CVE-2025-27432 | Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit) | | |
| CVE-2025-27433 | Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) | | |
| CVE-2025-27434 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI) | | |
| CVE-2025-27435 | Information Disclosure Vulnerability in SAP Commerce Cloud | | |
| CVE-2025-27436 | Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) | | |
| CVE-2025-27437 | Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface) | | |
| CVE-2025-27438 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T... | | |
| CVE-2025-27439 | Zoom Apps - Buffer Underflow | | |
| CVE-2025-27440 | Zoom Apps - Heap-based Buffer Overflow | | |
| CVE-2025-27441 | Zoom Workplace Apps - Cross Site Scripting | | |
| CVE-2025-27442 | Zoom Workplace Apps - Cross Site Scripting | | |
| CVE-2025-27443 | Zoom Workplace Apps for Windows - Insecure Default Variable Initialization | | |
| CVE-2025-27444 | Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla | | |
| CVE-2025-27445 | Extension - rsjoomla.com - A path traversal vulnerability RSFirewall component 2.9.7 - 3.1.5 for Joomla | | |
| CVE-2025-27446 | Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges | | |
| CVE-2025-27447 | CVE-2025-27447 | S | |
| CVE-2025-27448 | CVE-2025-27448 | S | |
| CVE-2025-27449 | CVE-2025-27449 | S | |
| CVE-2025-27450 | CVE-2025-27450 | S | |
| CVE-2025-27451 | CVE-2025-27451 | S | |
| CVE-2025-27452 | CVE-2025-27452 | S | |
| CVE-2025-27453 | CVE-2025-27453 | S | |
| CVE-2025-27454 | CVE-2025-27454 | S | |
| CVE-2025-27455 | CVE-2025-27455 | S | |
| CVE-2025-27456 | CVE-2025-27456 | M | |
| CVE-2025-27457 | CVE-2025-27457 | M | |
| CVE-2025-27458 | CVE-2025-27458 | M | |
| CVE-2025-27459 | CVE-2025-27459 | M | |
| CVE-2025-27460 | CVE-2025-27460 | M | |
| CVE-2025-27461 | CVE-2025-27461 | M | |
| CVE-2025-27467 | Windows Digital Media Elevation of Privilege Vulnerability | | |
| CVE-2025-27468 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-27469 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | | |
| CVE-2025-27470 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | | |
| CVE-2025-27471 | Microsoft Streaming Service Denial of Service Vulnerability | | |
| CVE-2025-27472 | Windows Mark of the Web Security Feature Bypass Vulnerability | | |
| CVE-2025-27473 | HTTP.sys Denial of Service Vulnerability | | |
| CVE-2025-27474 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-27475 | Windows Update Stack Elevation of Privilege Vulnerability | | |
| CVE-2025-27476 | Windows Digital Media Elevation of Privilege Vulnerability | | |
| CVE-2025-27477 | Windows Telephony Service Remote Code Execution Vulnerability | | |
| CVE-2025-27478 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | | |
| CVE-2025-27479 | Kerberos Key Distribution Proxy Service Denial of Service Vulnerability | | |
| CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2025-27481 | Windows Telephony Service Remote Code Execution Vulnerability | | |
| CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2025-27483 | NTFS Elevation of Privilege Vulnerability | | |
| CVE-2025-27484 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | | |
| CVE-2025-27485 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | | |
| CVE-2025-27486 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | | |
| CVE-2025-27487 | Remote Desktop Client Remote Code Execution Vulnerability | | |
| CVE-2025-27488 | Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability | | |
| CVE-2025-27489 | Azure Local Elevation of Privilege Vulnerability | | |
| CVE-2025-27490 | Windows Bluetooth Service Elevation of Privilege Vulnerability | | |
| CVE-2025-27491 | Windows Hyper-V Remote Code Execution Vulnerability | | |
| CVE-2025-27492 | Windows Secure Channel Elevation of Privilege Vulnerability | | |
| CVE-2025-27493 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), Si... | | |
| CVE-2025-27494 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), Si... | | |
| CVE-2025-27495 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec... | | |
| CVE-2025-27496 | Snowflake JDBC Driver client-side encryption key in DEBUG logs | | |
| CVE-2025-27497 | OpenDJ Denial of Service (Dos) using alias loop | | |
| CVE-2025-27498 | AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure | | |
| CVE-2025-27499 | WeGIA has a stored Cross-Site Scripting (XSS) in 'processa_edicao_socio.php' via the 'socio_nome' parameter | E S | |
| CVE-2025-27500 | Cross Site Scripting potential in Ziti Console | | |
| CVE-2025-27501 | Server Side Request Forgery in Ziti Console | | |
| CVE-2025-27505 | GeoServer Missing Authorization on REST API Index | | |
| CVE-2025-27506 | NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page | | |
| CVE-2025-27507 | IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations | | |
| CVE-2025-27508 | Emissary Use of a Broken or Risky Cryptographic Algorithm | E | |
| CVE-2025-27509 | SAML authentication vulnerability due to improper SAML response validation | | |
| CVE-2025-27510 | RCE in the package conda-forge-metadata | E | |
| CVE-2025-27512 | Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods | | |
| CVE-2025-27513 | OpenTelemetry .NET has a Denial of Service (DoS) Vulnerability in API Package | | |
| CVE-2025-27515 | Laravel has a File Validation Bypass | | |
| CVE-2025-27516 | Jinja sandbox breakout through attr filter selecting format method | | |
| CVE-2025-27517 | Volt Allows RCE Via User-Crafted Requests | | |
| CVE-2025-27518 | Cognita CORS misconfiguration in backend API server | | |
| CVE-2025-27519 | Cognita Arbitrary File Write | | |
| CVE-2025-27520 | BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization | E S | |
| CVE-2025-27521 | Vulnerability of improper access permission in the process management module Impact: Successful expl... | | |
| CVE-2025-27522 | Apache InLong: JDBC Vulnerability during verification processing | S | |
| CVE-2025-27523 | XXE vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager | | |
| CVE-2025-27524 | Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager | | |
| CVE-2025-27525 | Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager | | |
| CVE-2025-27526 | Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass | S | |
| CVE-2025-27528 | Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read | S | |
| CVE-2025-27531 | Apache InLong: An arbitrary file read vulnerability for JDBC | | |
| CVE-2025-27532 | A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a ... | | |
| CVE-2025-27533 | Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation | | |
| CVE-2025-27534 | arkcompiler_ets_runtime has an out-of-bounds read vulnerability | | |
| CVE-2025-27538 | MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users | S | |
| CVE-2025-27539 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec... | | |
| CVE-2025-27540 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec... | | |
| CVE-2025-27551 | DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm | | |
| CVE-2025-27552 | DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm | | |
| CVE-2025-27553 | Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT | | |
| CVE-2025-27554 | ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remo... | | |
| CVE-2025-27556 | An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is ... | | |
| CVE-2025-27558 | IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks usin... | | |
| CVE-2025-27561 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27563 | security_access_token has an improper preservation of permissions vulnerability | | |
| CVE-2025-27565 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27566 | Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior t... | | |
| CVE-2025-27567 | Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 00... | | |
| CVE-2025-27568 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27571 | Channel metadata visible in archived channels despite configuration setting | S | |
| CVE-2025-27574 | Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM V... | | |
| CVE-2025-27575 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27578 | Pixmeo OsiriX MD Use After Free | S | |
| CVE-2025-27579 | In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the pa... | E | |
| CVE-2025-27580 | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predict... | | |
| CVE-2025-27581 | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who ... | | |
| CVE-2025-27583 | Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solu... | | |
| CVE-2025-27584 | A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Inf... | | |
| CVE-2025-27585 | A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Inf... | | |
| CVE-2025-27587 | OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitab... | | |
| CVE-2025-27590 | In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticate... | S | |
| CVE-2025-27591 | A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creatio... | E S | |
| CVE-2025-27593 | RCE due to Device Driver | M | |
| CVE-2025-27594 | Unencrypted transmission of password hash | M | |
| CVE-2025-27595 | Weak hashing alghrythm | M | |
| CVE-2025-27597 | Vue I18n Prototype Pollution in `handleFlatJson` | E | |
| CVE-2025-27598 | Out-of-bounds Write in SixLabors ImageSharp | E S | |
| CVE-2025-27599 | Element X Android vulnerable to loading malicious web pages via received intent | | |
| CVE-2025-27600 | FastGPT SSRF | | |
| CVE-2025-27601 | Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality | | |
| CVE-2025-27602 | Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content | | |
| CVE-2025-27603 | XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations | E | |
| CVE-2025-27604 | XWiki Confluence Migrator Pro's homepage is public | S | |
| CVE-2025-27606 | Element Android PIN autologout bypass | | |
| CVE-2025-27607 | Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency | E S | |
| CVE-2025-27608 | Self Cross-Site Scripting in Arduino IDE | | |
| CVE-2025-27609 | Icinga Web 2 Vulnerable to Reflected XSS | | |
| CVE-2025-27610 | Local File Inclusion in Rack::Static | | |
| CVE-2025-27611 | base-x homograph attack allows Unicode lookalike characters to bypass validation. | | |
| CVE-2025-27612 | Libcontainer is affected by capabilities elevation | | |
| CVE-2025-27613 | Gitk can create and truncate files in the user's home directory | | |
| CVE-2025-27614 | Gitk allows arbitrary command execution | | |
| CVE-2025-27615 | umatiGateway's UI publicly accessible in provided docker-compose file | | |
| CVE-2025-27616 | Vela Server has Insufficient Webhook Payload Data Verification | | |
| CVE-2025-27617 | Pimcore Vulnerable to SQL Injection in getRelationFilterCondition | | |
| CVE-2025-27622 | Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when ... | | |
| CVE-2025-27623 | Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when ... | | |
| CVE-2025-27624 | A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earl... | | |
| CVE-2025-27625 | In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) chara... | | |
| CVE-2025-27631 | The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attack... | | |
| CVE-2025-27632 | A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying t... | | |
| CVE-2025-27633 | The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The applicati... | | |
| CVE-2025-27636 | Apache Camel: Camel Message Header Injection via Improper Filtering | | |
| CVE-2025-27637 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 a... | E | |
| CVE-2025-27638 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 a... | | |
| CVE-2025-27639 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 a... | | |
| CVE-2025-27640 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 a... | | |
| CVE-2025-27641 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 al... | | |
| CVE-2025-27642 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 al... | | |
| CVE-2025-27643 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 al... | | |
| CVE-2025-27644 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 al... | | |
| CVE-2025-27645 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 al... | | |
| CVE-2025-27646 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 al... | | |
| CVE-2025-27647 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 al... | | |
| CVE-2025-27648 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 al... | | |
| CVE-2025-27649 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 al... | | |
| CVE-2025-27650 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | | |
| CVE-2025-27651 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | | |
| CVE-2025-27652 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | | |
| CVE-2025-27653 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | E | |
| CVE-2025-27654 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | E | |
| CVE-2025-27655 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | | |
| CVE-2025-27656 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 al... | | |
| CVE-2025-27657 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27658 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27659 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27660 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27661 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27662 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27663 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27664 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27665 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27666 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27667 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27668 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27669 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27670 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27671 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27672 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27673 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27674 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27675 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27676 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | E | |
| CVE-2025-27677 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27678 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27679 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 al... | | |
| CVE-2025-27680 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 all... | | |
| CVE-2025-27681 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mis... | | |
| CVE-2025-27682 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 all... | | |
| CVE-2025-27683 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 all... | | |
| CVE-2025-27684 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 all... | | |
| CVE-2025-27685 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 all... | | |
| CVE-2025-27686 | Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax ... | | |
| CVE-2025-27688 | Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacke... | | |
| CVE-2025-27689 | Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability.... | | |
| CVE-2025-27690 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnera... | M | |
| CVE-2025-27692 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with ... | | |
| CVE-2025-27693 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input ... | | |
| CVE-2025-27694 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulne... | | |
| CVE-2025-27695 | Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing v... | | |
| CVE-2025-27696 | Apache Superset: Improper authorization leading to resource ownership takeover | | |
| CVE-2025-27700 | There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to ... | | |
| CVE-2025-27701 | In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is ... | | |
| CVE-2025-27702 | Permissions bypass in the management console of Absolute Secure Access prior to version 13.54 | | |
| CVE-2025-27703 | Privilege escalation in the management console of Absolute Secure Access prior to version 13.54 | | |
| CVE-2025-27704 | There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolut... | | |
| CVE-2025-27705 | There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolut... | S | |
| CVE-2025-27706 | Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54 | | |
| CVE-2025-27709 | SQL Injection | | |
| CVE-2025-27715 | Auto-Enrollment of Team Admins into Private Channels without explicit consent | S | |
| CVE-2025-27716 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f... | | |
| CVE-2025-27718 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f... | | |
| CVE-2025-27719 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27720 | Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information | S | |
| CVE-2025-27722 | Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. ... | | |
| CVE-2025-27726 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f... | | |
| CVE-2025-27727 | Windows Installer Elevation of Privilege Vulnerability | | |
| CVE-2025-27728 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-27729 | Windows Shell Remote Code Execution Vulnerability | | |
| CVE-2025-27730 | Windows Digital Media Elevation of Privilege Vulnerability | | |
| CVE-2025-27731 | Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability | | |
| CVE-2025-27732 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2025-27733 | NTFS Elevation of Privilege Vulnerability | | |
| CVE-2025-27735 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | | |
| CVE-2025-27736 | Windows Power Dependency Coordinator Information Disclosure Vulnerability | | |
| CVE-2025-27737 | Windows Security Zone Mapping Security Feature Bypass Vulnerability | | |
| CVE-2025-27738 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | | |
| CVE-2025-27739 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability | | |
| CVE-2025-27741 | NTFS Elevation of Privilege Vulnerability | | |
| CVE-2025-27742 | NTFS Information Disclosure Vulnerability | | |
| CVE-2025-27743 | Microsoft System Center Elevation of Privilege Vulnerability | | |
| CVE-2025-27744 | Microsoft Office Elevation of Privilege Vulnerability | | |
| CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-27746 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-27747 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-27750 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-27751 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-27753 | Extension - rsjoomla.com - A SQLi vulnerability RSMediaGallery component 1.7.4 - 2.1.6 for Joomla | | |
| CVE-2025-27754 | Extension - rsjoomla.com - A stored XSS vulnerability RSBlog! component 1.11.6 - 1.14.4 for Joomla | | |
| CVE-2025-27760 | Rejected reason: Not used... | R | |
| CVE-2025-27761 | Rejected reason: Not used... | R | |
| CVE-2025-27762 | Rejected reason: Not used... | R | |
| CVE-2025-27763 | Rejected reason: Not used... | R | |
| CVE-2025-27764 | Rejected reason: Not used... | R | |
| CVE-2025-27765 | Rejected reason: Not used... | R | |
| CVE-2025-27766 | Rejected reason: Not used... | R | |
| CVE-2025-27767 | Rejected reason: Not used... | R | |
| CVE-2025-27768 | Rejected reason: Not used... | R | |
| CVE-2025-27773 | SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding | | |
| CVE-2025-27774 | Applio allows SSRF and file write in model_download.py | | |
| CVE-2025-27775 | Applio allows SSRF and file write in model_download.py | | |
| CVE-2025-27776 | Applio allows SSRF and file write in model_download.py | | |
| CVE-2025-27777 | Applio allows SSRF and file write in model_download.py | | |
| CVE-2025-27778 | Applio allows unsafe deserialization in infer.py | | |
| CVE-2025-27779 | Applio allows unsafe deserialization in model_blender.py | | |
| CVE-2025-27780 | Applio allows unsafe deserialization in model_information.py | | |
| CVE-2025-27781 | Applio allows unsafe deserialization in inference.py | | |
| CVE-2025-27782 | Applio allows arbitrary file write in inference.py | | |
| CVE-2025-27783 | Applio allows arbitrary file write in train.py | | |
| CVE-2025-27784 | Applio allows arbitrary file read in train.py export_pth function | | |
| CVE-2025-27785 | Applio allows arbitrary file read in train.py export_index function | | |
| CVE-2025-27786 | Applio allows arbitrary file removal in core.py | | |
| CVE-2025-27787 | Applio allows a DoS in restart.py | | |
| CVE-2025-27788 | Ruby JSON Parser has Out-of-bounds Read | S | |
| CVE-2025-27789 | Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups | | |
| CVE-2025-27791 | Collabora Online Vulnerable to Arbitrary File Write | | |
| CVE-2025-27792 | Opal vulnerable to CSRF protection bypass | E | |
| CVE-2025-27793 | Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] | | |
| CVE-2025-27794 | Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite | S | |
| CVE-2025-27795 | ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.... | | |
| CVE-2025-27796 | ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting ... | | |
| CVE-2025-27797 | OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac seri... | | |
| CVE-2025-27803 | Missing Authentication in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-27804 | OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-27809 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted ... | | |
| CVE-2025-27810 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware ... | | |
| CVE-2025-27811 | A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.25... | | |
| CVE-2025-27812 | MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.... | | |
| CVE-2025-27813 | MSI Center before 2.0.52.0 has Missing PE Signature Validation.... | | |
| CVE-2025-27816 | A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endp... | | |
| CVE-2025-27817 | Apache Kafka Client: Arbitrary file read and SSRF vulnerability | | |
| CVE-2025-27818 | Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration | | |
| CVE-2025-27819 | Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration | | |
| CVE-2025-27820 | Apache HttpComponents: PSL (Public Suffix List) validation bypass | S | |
| CVE-2025-27822 | An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people... | | |
| CVE-2025-27823 | An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a ... | | |
| CVE-2025-27824 | An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. I... | | |
| CVE-2025-27825 | An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It does... | | |
| CVE-2025-27826 | An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn'... | | |
| CVE-2025-27827 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 cou... | | |
| CVE-2025-27828 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10... | | |
| CVE-2025-27829 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast stre... | | |
| CVE-2025-27830 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during seria... | S | |
| CVE-2025-27831 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a t... | S | |
| CVE-2025-27832 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buf... | S | |
| CVE-2025-27833 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long T... | S | |
| CVE-2025-27834 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an overs... | S | |
| CVE-2025-27835 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when convert... | S | |
| CVE-2025-27836 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer o... | S | |
| CVE-2025-27837 | An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur t... | S | |
| CVE-2025-27839 | operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic fl... | | |
| CVE-2025-27840 | Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).... | E | |
| CVE-2025-27867 | Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin | | |
| CVE-2025-27888 | Apache Druid: Server-Side Request Forgery and Cross-Site Scripting | | |
| CVE-2025-27889 | Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downlo... | E | |
| CVE-2025-27891 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, ... | | |
| CVE-2025-27892 | Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/o... | E | |
| CVE-2025-27893 | In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges... | E | |
| CVE-2025-27907 | IBM WebSphere Application Server server-side request forgery | | |
| CVE-2025-27910 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/aj... | E | |
| CVE-2025-27911 | An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message tem... | | |
| CVE-2025-27912 | An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lea... | | |
| CVE-2025-27913 | Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and di... | M | |
| CVE-2025-27914 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site ... | | |
| CVE-2025-27915 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scr... | | |
| CVE-2025-27920 | Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file ... | KEV M | |
| CVE-2025-27921 | A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.6... | | |
| CVE-2025-27924 | Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a U... | | |
| CVE-2025-27925 | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.... | | |
| CVE-2025-27926 | In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration fil... | | |
| CVE-2025-27927 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27929 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27932 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f... | | |
| CVE-2025-27933 | Unauthorized Private-to-Public Channel Conversion | S | |
| CVE-2025-27934 | Information disclosure of authentication information in the specific service vulnerability exists in... | | |
| CVE-2025-27936 | Webhook Secret Exposure via Timing attack in MSteams plugin | S | |
| CVE-2025-27937 | Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restr... | | |
| CVE-2025-27938 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27939 | Growatt Cloud portal Authorization Bypass Through User-Controlled Key | S | |
| CVE-2025-27953 | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive in... | | |
| CVE-2025-27954 | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive in... | | |
| CVE-2025-27955 | Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains va... | | |
| CVE-2025-27956 | Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitiv... | E | |
| CVE-2025-27980 | cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.... | E | |
| CVE-2025-27997 | An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a ... | | |
| CVE-2025-27998 | An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileg... | |