| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-29001 | WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability | | |
| CVE-2025-29002 | WordPress Simen <= 4.6 - Local File Inclusion Vulnerability | | |
| CVE-2025-29003 | WordPress The Holiday Calendar <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-29005 | WordPress HR Management Lite <= 3.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-29006 | WordPress Direct Checkout for WooCommerce Lite <= 1.0.3 - Broken Access Control Vulnerability | | |
| CVE-2025-29007 | WordPress LMSACE Connect plugin <= 3.4 - Broken Access Control Vulnerability | | |
| CVE-2025-29008 | WordPress SocialMark <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-29010 | WordPress Behance Portfolio Manager <= 1.7.4 - Broken Access Control Vulnerability | | |
| CVE-2025-29011 | WordPress YouTube Simple Gallery <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-29012 | WordPress CF7 7 Mailchimp Add-on plugin <= 2.2 - Broken Access Control Vulnerability | | |
| CVE-2025-29013 | WordPress Custom Category/Post Type Post order <= 1.5.9 - Broken Access Control Vulnerability | | |
| CVE-2025-29015 | Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name pa... | E | |
| CVE-2025-29017 | A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due t... | E | |
| CVE-2025-29018 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type... | E | |
| CVE-2025-29029 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.... | E | |
| CVE-2025-29030 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.... | E | |
| CVE-2025-29031 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.... | E | |
| CVE-2025-29032 | Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB func... | E | |
| CVE-2025-29033 | An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges ... | | |
| CVE-2025-29036 | An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.j... | | |
| CVE-2025-29039 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the functio... | E | |
| CVE-2025-29040 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_... | E | |
| CVE-2025-29041 | An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_... | E | |
| CVE-2025-29042 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr... | E | |
| CVE-2025-29043 | An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the functio... | E | |
| CVE-2025-29044 | Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute a... | E | |
| CVE-2025-29045 | Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary c... | E | |
| CVE-2025-29046 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacke... | E | |
| CVE-2025-29047 | Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacke... | E | |
| CVE-2025-29049 | Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0)... | E | |
| CVE-2025-29058 | An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.ph... | | |
| CVE-2025-29062 | An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and ... | E | |
| CVE-2025-29063 | An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the e... | E | |
| CVE-2025-29064 | An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code... | E | |
| CVE-2025-29069 | A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists... | | |
| CVE-2025-29070 | A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16... | | |
| CVE-2025-29072 | An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic... | S | |
| CVE-2025-29085 | SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute... | E | |
| CVE-2025-29087 | In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be w... | | |
| CVE-2025-29088 | In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API)... | S | |
| CVE-2025-29093 | File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to e... | E | |
| CVE-2025-29094 | Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote atta... | E | |
| CVE-2025-29100 | Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the p... | E | |
| CVE-2025-29101 | Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in ... | E | |
| CVE-2025-29118 | Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the funct... | E | |
| CVE-2025-29121 | A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of ... | E | |
| CVE-2025-29135 | A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to ex... | E | |
| CVE-2025-29137 | Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fas... | E | |
| CVE-2025-29149 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the... | E | |
| CVE-2025-29150 | BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del req... | E | |
| CVE-2025-29152 | Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to ... | E | |
| CVE-2025-29153 | SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute... | E | |
| CVE-2025-29154 | HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execut... | | |
| CVE-2025-29180 | In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The u... | | |
| CVE-2025-29181 | FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.... | | |
| CVE-2025-29189 | Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.... | E | |
| CVE-2025-29208 | CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /das... | E | |
| CVE-2025-29209 | TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable p... | E | |
| CVE-2025-29213 | A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows at... | E | |
| CVE-2025-29214 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at... | E | |
| CVE-2025-29215 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at... | E | |
| CVE-2025-29217 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at ... | E | |
| CVE-2025-29218 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /... | E | |
| CVE-2025-29223 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt param... | | |
| CVE-2025-29226 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnera... | | |
| CVE-2025-29227 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnera... | | |
| CVE-2025-29230 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.e... | | |
| CVE-2025-29266 | Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root wi... | | |
| CVE-2025-29267 | SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a r... | | |
| CVE-2025-29280 | Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of... | E | |
| CVE-2025-29281 | In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in ... | E | |
| CVE-2025-29287 | An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to e... | E | |
| CVE-2025-29294 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2025-29306 | An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display p... | E | |
| CVE-2025-29310 | An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying ... | | |
| CVE-2025-29311 | Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key ... | | |
| CVE-2025-29312 | An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to... | E | |
| CVE-2025-29313 | Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subpro... | | |
| CVE-2025-29314 | Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC ... | E | |
| CVE-2025-29315 | An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Funct... | E | |
| CVE-2025-29316 | An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically ... | E | |
| CVE-2025-29322 | A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers ... | | |
| CVE-2025-29331 | An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary c... | E S | |
| CVE-2025-29339 | An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in P... | E | |
| CVE-2025-29357 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and... | E | |
| CVE-2025-29358 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn ... | E | |
| CVE-2025-29359 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId pa... | E | |
| CVE-2025-29360 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and ti... | E | |
| CVE-2025-29361 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parame... | E | |
| CVE-2025-29362 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parame... | E | |
| CVE-2025-29363 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartT... | E | |
| CVE-2025-29369 | Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /view_profile.php?id=1.... | E | |
| CVE-2025-29384 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack ov... | E | |
| CVE-2025-29385 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack... | E | |
| CVE-2025-29386 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overf... | E | |
| CVE-2025-29387 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack ... | E | |
| CVE-2025-29389 | PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.... | E | |
| CVE-2025-29390 | jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/contro... | E | |
| CVE-2025-29391 | horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.... | E | |
| CVE-2025-29394 | An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary... | | |
| CVE-2025-29401 | An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows... | E | |
| CVE-2025-29405 | An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and p... | E | |
| CVE-2025-29410 | A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management Syst... | E | |
| CVE-2025-29411 | An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBank... | E | |
| CVE-2025-29412 | A cross-site scripting (XSS) vulnerability in the Client Profile Update section of Mart Developers i... | E | |
| CVE-2025-29425 | Code-projects Online Class and Exam Scheduling System 1.0 is vulnerable to SQL Injection in exam_sav... | E | |
| CVE-2025-29426 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XS... | E | |
| CVE-2025-29427 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XS... | E | |
| CVE-2025-29429 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XS... | E | |
| CVE-2025-29430 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XS... | E | |
| CVE-2025-29431 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XS... | E | |
| CVE-2025-29446 | open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.... | E | |
| CVE-2025-29448 | Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointmen... | S | |
| CVE-2025-29449 | An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via th... | E | |
| CVE-2025-29450 | An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via th... | E | |
| CVE-2025-29451 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail S... | E | |
| CVE-2025-29452 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy ... | E | |
| CVE-2025-29453 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to... | E | |
| CVE-2025-29454 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to... | E | |
| CVE-2025-29455 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to... | E | |
| CVE-2025-29456 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to... | E | |
| CVE-2025-29457 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Th... | E M | |
| CVE-2025-29458 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avat... | E M | |
| CVE-2025-29459 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail functi... | E | |
| CVE-2025-29460 | An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode ... | | |
| CVE-2025-29461 | An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1... | E | |
| CVE-2025-29462 | A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability oc... | E | |
| CVE-2025-29471 | Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to exe... | E | |
| CVE-2025-29476 | Buffer Overflow vulnerability in compress_chunk_fuzzer with oss-fuzz on commit 16450518afddcb3139de6... | | |
| CVE-2025-29477 | An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function... | E | |
| CVE-2025-29478 | An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list... | | |
| CVE-2025-29479 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-29480 | Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service vi... | E | |
| CVE-2025-29481 | Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via ... | E | |
| CVE-2025-29482 | Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code vi... | E | |
| CVE-2025-29483 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function.... | E | |
| CVE-2025-29484 | An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to ca... | E | |
| CVE-2025-29485 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This... | E | |
| CVE-2025-29486 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function.... | E | |
| CVE-2025-29487 | An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to ca... | E | |
| CVE-2025-29488 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function.... | E | |
| CVE-2025-29489 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function.... | E | |
| CVE-2025-29490 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. ... | E | |
| CVE-2025-29491 | An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows a... | E | |
| CVE-2025-29492 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function.... | E | |
| CVE-2025-29493 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function.... | E | |
| CVE-2025-29494 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. T... | E | |
| CVE-2025-29496 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP functio... | E | |
| CVE-2025-29497 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function.... | E | |
| CVE-2025-29504 | Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges... | | |
| CVE-2025-29509 | Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a render... | | |
| CVE-2025-29512 | Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to stor... | | |
| CVE-2025-29513 | Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to stor... | | |
| CVE-2025-29526 | A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platf... | E | |
| CVE-2025-29529 | ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection ... | | |
| CVE-2025-29547 | In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a deni... | E | |
| CVE-2025-29568 | A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0... | E | |
| CVE-2025-29570 | An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escal... | | |
| CVE-2025-29573 | Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature... | E | |
| CVE-2025-29594 | A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-c... | | |
| CVE-2025-29602 | flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage catego... | E | |
| CVE-2025-29621 | Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in th... | | |
| CVE-2025-29625 | A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or caus... | E | |
| CVE-2025-29627 | An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate pr... | | |
| CVE-2025-29632 | Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of servi... | | |
| CVE-2025-29635 | A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker... | E | |
| CVE-2025-29640 | Phpgurukul Human Metapneumovirus (HMPV) – Testing Management System v1.0 is vulnerable to SQL Inject... | E | |
| CVE-2025-29641 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via th... | E | |
| CVE-2025-29646 | An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service v... | E | |
| CVE-2025-29647 | SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.... | E | |
| CVE-2025-29648 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-29649 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-29650 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-29651 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-29652 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-29653 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-29659 | Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function loc... | E | |
| CVE-2025-29660 | A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP s... | | |
| CVE-2025-29661 | Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.... | E | |
| CVE-2025-29662 | A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacke... | E | |
| CVE-2025-29686 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execu... | E | |
| CVE-2025-29688 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execu... | E | |
| CVE-2025-29689 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execu... | E | |
| CVE-2025-29690 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execu... | E | |
| CVE-2025-29691 | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execu... | E | |
| CVE-2025-29705 | code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission con... | E | |
| CVE-2025-29708 | SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services... | E | |
| CVE-2025-29709 | SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" fi... | E | |
| CVE-2025-29710 | SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Se... | E | |
| CVE-2025-29719 | SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in ... | E | |
| CVE-2025-29720 | Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controlle... | E | |
| CVE-2025-29722 | A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on b... | E | |
| CVE-2025-29743 | D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.... | E | |
| CVE-2025-29744 | pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers... | E | |
| CVE-2025-29746 | Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate priv... | E | |
| CVE-2025-29756 | MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters | S | |
| CVE-2025-29763 | Rejected reason: “This CVE ID is Rejected and will not be used. The issue was determined to not be ... | R | |
| CVE-2025-29766 | Tuleap has missing CSRF protections on artifact submission & edition from the tracker view | | |
| CVE-2025-29768 | Vim vulnerable to potential data loss with zip.vim and special crafted zip files | | |
| CVE-2025-29769 | libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output | | |
| CVE-2025-29770 | vLLM denial of service via outlines unbounded cache on disk | | |
| CVE-2025-29771 | HtmlSanitizer vulnerable to XSS when used with contentEditable | | |
| CVE-2025-29772 | OpenEMR allows Reflected XSS in CAMOS new.php | E S | |
| CVE-2025-29773 | Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover | E S | |
| CVE-2025-29774 | xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References | | |
| CVE-2025-29775 | xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment | | |
| CVE-2025-29776 | Azle calling `setTimer` causes infinite loop of timers | | |
| CVE-2025-29778 | Kyverno ignores subjectRegExp and IssuerRegExp | | |
| CVE-2025-29779 | Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution` | | |
| CVE-2025-29780 | Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations | | |
| CVE-2025-29781 | Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD | E | |
| CVE-2025-29782 | WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tipo` | E | |
| CVE-2025-29783 | vLLM Allows Remote Code Execution via Mooncake Integration | S | |
| CVE-2025-29784 | NamelessMC Has Lack of Length Validation for s Parameter in GET Requests | E S | |
| CVE-2025-29785 | quic-go Has Panic in Path Probe Loss Recovery Handling | | |
| CVE-2025-29786 | Memory Exhaustion in Expr Parser with Unrestricted Input | | |
| CVE-2025-29787 | zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write | | |
| CVE-2025-29788 | Sylius PayPal Plugin Payment Amount Manipulation Vulnerability | | |
| CVE-2025-29789 | OpenEMR Has Directory Traversal in Load Code feature | E S | |
| CVE-2025-29790 | Contao allows cross-site scripting through SVG uploads | | |
| CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-29792 | Microsoft Office Elevation of Privilege Vulnerability | | |
| CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability | | |
| CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability | | |
| CVE-2025-29795 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | | |
| CVE-2025-29796 | Microsoft Edge for iOS Spoofing Vulnerability | | |
| CVE-2025-29800 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | | |
| CVE-2025-29801 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | | |
| CVE-2025-29802 | Visual Studio Elevation of Privilege Vulnerability | | |
| CVE-2025-29803 | Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability | | |
| CVE-2025-29804 | Visual Studio Elevation of Privilege Vulnerability | | |
| CVE-2025-29805 | Outlook for Android Information Disclosure Vulnerability | | |
| CVE-2025-29806 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | | |
| CVE-2025-29807 | Microsoft Dataverse Remote Code Execution Vulnerability | | |
| CVE-2025-29808 | Windows Cryptographic Services Information Disclosure Vulnerability | | |
| CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability | | |
| CVE-2025-29810 | Active Directory Domain Services Elevation of Privilege Vulnerability | | |
| CVE-2025-29811 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-29812 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-29813 | Azure DevOps Elevation of Privilege Vulnerability | | |
| CVE-2025-29814 | Microsoft Partner Center Elevation of Privilege Vulnerability | | |
| CVE-2025-29815 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | | |
| CVE-2025-29816 | Microsoft Word Security Feature Bypass Vulnerability | | |
| CVE-2025-29817 | Microsoft Power Automate Desktop Information Disclosure Vulnerability | | |
| CVE-2025-29819 | Windows Admin Center in Azure Portal Information Disclosure Vulnerability | | |
| CVE-2025-29820 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-29821 | Microsoft Dynamics Business Central Information Disclosure Vulnerability | | |
| CVE-2025-29822 | Microsoft OneNote Security Feature Bypass Vulnerability | | |
| CVE-2025-29823 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV E | |
| CVE-2025-29825 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2025-29826 | Microsoft Dataverse Elevation of Privilege Vulnerability | | |
| CVE-2025-29827 | Azure Automation Elevation of Privilege Vulnerability | | |
| CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability | | |
| CVE-2025-29829 | Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability | | |
| CVE-2025-29830 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29831 | Windows Remote Desktop Services Remote Code Execution Vulnerability | | |
| CVE-2025-29832 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29833 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | | |
| CVE-2025-29834 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | | |
| CVE-2025-29835 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2025-29836 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29837 | Windows Installer Information Disclosure Vulnerability | | |
| CVE-2025-29838 | Windows ExecutionContext Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-29839 | Windows Multiple UNC Provider Driver Information Disclosure Vulnerability | | |
| CVE-2025-29840 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-29841 | Universal Print Management Service Elevation of Privilege Vulnerability | | |
| CVE-2025-29842 | UrlMon Security Feature Bypass Vulnerability | | |
| CVE-2025-29868 | Apache Answer: Using externally referenced images can leak user privacy. | | |
| CVE-2025-29870 | Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac seri... | | |
| CVE-2025-29871 | File Station 5 | S | |
| CVE-2025-29872 | File Station 5 | S | |
| CVE-2025-29873 | File Station 5 | S | |
| CVE-2025-29876 | File Station 5 | S | |
| CVE-2025-29877 | File Station 5 | S | |
| CVE-2025-29883 | File Station 5 | S | |
| CVE-2025-29884 | File Station 5 | S | |
| CVE-2025-29885 | File Station 5 | S | |
| CVE-2025-29891 | Apache Camel: Camel Message Header Injection through request parameters | E | |
| CVE-2025-29892 | Qsync Central | S | |
| CVE-2025-29902 | Remote code execution that allows unauthorized users to execute arbitrary code on the server machine... | | |
| CVE-2025-29903 | In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS ... | | |
| CVE-2025-29904 | In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible... | | |
| CVE-2025-29905 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec... | | |
| CVE-2025-29906 | Finit bundled getty can bypass /bin/login | | |
| CVE-2025-29907 | jsPDF Bypass Regular Expression Denial of Service (ReDoS) | | |
| CVE-2025-29908 | Netty QUIC hash collision DoS attack | | |
| CVE-2025-29909 | CryptoLib's Crypto_TC_ApplySecurity() Has a Heap Buffer Overflow Vulnerability | E S | |
| CVE-2025-29910 | CryptoLib's crypto_handle_incrementing_nontransmitted_counter Function has Memory Leak | E | |
| CVE-2025-29911 | CryptoLib Has Heap Buffer Overflow in Crypto_AOS_ProcessSecurity Function | E | |
| CVE-2025-29912 | CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity | E S | |
| CVE-2025-29913 | CryptoLib's Crypto_TC_Prep_AAD Has Buffer Overflow Due to Integer Underflow | E | |
| CVE-2025-29914 | OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` | | |
| CVE-2025-29915 | Suricata af-packet: defrag option can lead to truncated packets affecting visibility | S | |
| CVE-2025-29916 | Suricata datasets: ruleset declared settings can lead to resource starvation | S | |
| CVE-2025-29917 | Suricata decode_base64: signature can do large memory allocation | S | |
| CVE-2025-29918 | Suricata pcre: negated pcr can cause infinite loop | S | |
| CVE-2025-29922 | kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace | | |
| CVE-2025-29923 | go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment | | |
| CVE-2025-29924 | XWiki uses the wrong wiki reference in AuthorizationManager | E S | |
| CVE-2025-29925 | XWiki allows unregistered users to access private pages information through REST endpoint | E S | |
| CVE-2025-29926 | The WikiManager REST API allows any user to create wikis | E S | |
| CVE-2025-29927 | Authorization Bypass in Next.js Middleware | | |
| CVE-2025-29928 | authentik's deletion of sessions did not revoke sessions when using database session storage | | |
| CVE-2025-29929 | Tuleap is missing CSRF protection on tracker hierarchy administration | | |
| CVE-2025-29930 | imFAQ allows local file inclusion in seo.php | | |
| CVE-2025-29931 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec... | | |
| CVE-2025-29932 | In JetBrains GoLand before 2025.1 an XXE during debugging was possible... | | |
| CVE-2025-29953 | Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass | | |
| CVE-2025-29954 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | | |
| CVE-2025-29955 | Windows Hyper-V Denial of Service Vulnerability | | |
| CVE-2025-29956 | Windows SMB Information Disclosure Vulnerability | | |
| CVE-2025-29957 | Windows Deployment Services Denial of Service Vulnerability | | |
| CVE-2025-29958 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29959 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29960 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29961 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-29962 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-29963 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-29964 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-29966 | Remote Desktop Client Remote Code Execution Vulnerability | | |
| CVE-2025-29967 | Remote Desktop Client Remote Code Execution Vulnerability | | |
| CVE-2025-29968 | Active Directory Certificate Services (AD CS) Denial of Service Vulnerability | | |
| CVE-2025-29969 | MS-EVEN RPC Remote Code Execution Vulnerability | | |
| CVE-2025-29970 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2025-29971 | Web Threat Defense (WTD.sys) Denial of Service Vulnerability | | |
| CVE-2025-29972 | Azure Storage Resource Provider Spoofing Vulnerability | | |
| CVE-2025-29973 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | | |
| CVE-2025-29974 | Windows Kernel Information Disclosure Vulnerability | | |
| CVE-2025-29975 | Microsoft PC Manager Elevation of Privilege Vulnerability | | |
| CVE-2025-29976 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | | |
| CVE-2025-29977 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-29978 | Microsoft PowerPoint Remote Code Execution Vulnerability | | |
| CVE-2025-29979 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-29980 | Blind SQL Injection vulnerability in eTRAKiT.Net | | |
| CVE-2025-29981 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information... | | |
| CVE-2025-29982 | Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vu... | | |
| CVE-2025-29983 | Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Acce... | M | |
| CVE-2025-29984 | Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerabil... | M | |
| CVE-2025-29985 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with a... | | |
| CVE-2025-29986 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communicati... | | |
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 c... | | |
| CVE-2025-29988 | Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged at... | | |
| CVE-2025-29989 | Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability... | | |
| CVE-2025-29991 | Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two ... | | |
| CVE-2025-29993 | The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged t... | | |
| CVE-2025-29994 | Improper Authentication Vulnerability in CAP back office application | S | |
| CVE-2025-29995 | Account Takeover Vulnerability in CAP back office application | S | |
| CVE-2025-29996 | Authentication Bypass Vulnerability in CAP back office application | S | |
| CVE-2025-29997 | Improper Access Control Vulnerability in CAP back office application | S | |
| CVE-2025-29998 | No Rate Limiting Vulnerability in CAP back office application | S | |
| CVE-2025-29999 | A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affec... | |