CVE-2025-3xxx

There are 885 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-3000 PyTorch torch.jit.script memory corruption
E
CVE-2025-3001 PyTorch torch.lstm_cell memory corruption
E
CVE-2025-3002 Digital China DCME-520 mon_merge_stat_hist.php os command injection
E
CVE-2025-3003 ESAFENET CDG UserAjax sql injection
E
CVE-2025-3004 Sayski ForestBlog search cross site scripting
E
CVE-2025-3005 Sayski ForestBlog Friend Link cross site scripting
E
CVE-2025-3006 PHPGurukul e-Diary Management System edit-category.php sql injection
E
CVE-2025-3007 Novastar CX40 NetFilter Utility netconfig getopt stack-based overflow
CVE-2025-3008 Novastar CX40 NetFilter Utility netconfig popen command injection
CVE-2025-3009 Jinher Network OA NetDiskProperty.aspx sql injection
E
CVE-2025-3010 Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference
E
CVE-2025-3011 PiExtract SOOP-CLM - SQL Injection
S
CVE-2025-3013 Insecure direct object references (IDOR) in NightWolf Penetration Platform
CVE-2025-3014 Insecure direct object references (IDOR) in NightWolf Penetration Platform
CVE-2025-3015 Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds
E S
CVE-2025-3016 Open Asset Import Library Assimp MDL File MDLMaterialLoader.cpp ParseTextureColorData resource consumption
E S
CVE-2025-3017 TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write
E S
CVE-2025-3018 SourceCodester Online Eyewear Shop Users.php sql injection
E
CVE-2025-3019 Cross-site scripting vulnerabilities in KNIME Business Hub web pages
CVE-2025-3020 Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
CVE-2025-3021 Path Traversal vulnerability in e-management of e-solutions
S
CVE-2025-3022 OS Command Injection vulnerability in e-management of e-solutions
S
CVE-2025-3023 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3026 Improper Neutralization of Special Elements vulnerability in EJBCA
S
CVE-2025-3027 Open Redirect vulnerability in EJBCA
S
CVE-2025-3028 JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-aft...
E
CVE-2025-3029 A crafted URL containing specific Unicode characters could have hidden the true origin of the page, ...
CVE-2025-3030 Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8...
CVE-2025-3031 An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vul...
CVE-2025-3032 Leaking of file descriptors from the fork server to web content processes could allow for privilege ...
CVE-2025-3033 After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file co...
CVE-2025-3034 Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of...
CVE-2025-3035 By first using the AI chatbot in one tab and later activating it in another tab, the document title ...
CVE-2025-3036 yzk2356911358 StudentServlet-JSP Student Management cross site scripting
E
CVE-2025-3037 yzk2356911358 StudentServlet-JSP cross-site request forgery
E
CVE-2025-3038 code-projects Payroll Management System view_account.php sql injection
E
CVE-2025-3039 code-projects Payroll Management System add_employee.php sql injection
E
CVE-2025-3040 Project Worlds Online Time Table Generator add_student.php unrestricted upload
E
CVE-2025-3041 Project Worlds Online Time Table Generator updatestudent.php unrestricted upload
E
CVE-2025-3042 Project Worlds Online Time Table Generator updateprofile.php unrestricted upload
E
CVE-2025-3043 GuoMinJim PersonManage login preHandle path traversal
E
CVE-2025-3044 MD5 Hash Collision in run-llama/llama_index
E
CVE-2025-3045 oretnom23/SourceCodester Apartment Visitor Management System remove-apartment.php sql injection
E
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index
E
CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container
CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache
CVE-2025-3050 IBM Db2 denial of service
S
CVE-2025-3051 Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
S
CVE-2025-3052 An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.
CVE-2025-3053 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution
CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-3057 Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
CVE-2025-3058 Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3059 Profile Private - Critical - Unsupported - SA-CONTRIB-2025-002
CVE-2025-3060 Flattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005
CVE-2025-3061 Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006
CVE-2025-3062 Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010
CVE-2025-3063 Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function
CVE-2025-3065 Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion
CVE-2025-3066 Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker t...
CVE-2025-3067 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allow...
CVE-2025-3068 Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a...
CVE-2025-3069 Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote ...
CVE-2025-3070 Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 all...
CVE-2025-3071 Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote...
CVE-2025-3072 Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote...
CVE-2025-3073 Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote at...
CVE-2025-3074 Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote a...
CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3077 Betheme <= 28.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3078 A passback vulnerability which relates to production printers and office multifunction printers....
M
CVE-2025-3079 A passback vulnerability which relates to office/small office multifunction printers and laser print...
M
CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command
CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked
CVE-2025-3086 User in anonymous role could create and delete views
CVE-2025-3087 Stored XSS Vulnerability in M-Files Web
CVE-2025-3090 MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24
CVE-2025-3091 MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24
CVE-2025-3092 MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24
CVE-2025-3094 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3096 Clinics Patient Management System SQL Injection
CVE-2025-3097 wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting
CVE-2025-3099 Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-3101 Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3102 SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
CVE-2025-3103 CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read
CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function
CVE-2025-3105 Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget
CVE-2025-3107 Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
CVE-2025-3111 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-3112 CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service w...
CVE-2025-3113 Improper Access Control in Delphix Masking Engine
CVE-2025-3114 Spotfire Code Execution Vulnerability
CVE-2025-3115 Spotfire Data Function Vulnerability
CVE-2025-3116 CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an au...
CVE-2025-3117 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2025-3118 SourceCodester Online Tutor Portal view_course.php sql injection
E
CVE-2025-3119 SourceCodester Online Tutor Portal manage_course.php sql injection
E
CVE-2025-3120 SourceCodester Apartment Visitors Management System add-apartment.php sql injection
E
CVE-2025-3121 PyTorch torch.jit.jit_module_from_flatbuffer memory corruption
E
CVE-2025-3122 WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
E
CVE-2025-3123 WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload
E
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names
CVE-2025-3129 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028
CVE-2025-3130 Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029
CVE-2025-3131 ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
CVE-2025-3134 code-projects Payroll Management System add_overtime.php sql injection
E
CVE-2025-3135 fcba_zzm ics-park Smart Park Management System update sql injection
E
CVE-2025-3136 PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruption
E
CVE-2025-3137 PHPGurukul Online Security Guards Hiring System changeimage.php sql injection
E
CVE-2025-3138 PHPGurukul Online Security Guards Hiring System edit-guard-detail.php sql injection
E
CVE-2025-3139 code-projects Bus Reservation System Login Form login buffer overflow
E
CVE-2025-3140 SourceCodester Online Medicine Ordering System view_category.php sql injection
E
CVE-2025-3141 SourceCodester Online Medicine Ordering System manage_category.php sql injection
E
CVE-2025-3142 SourceCodester Apartment Visitor Management System add-apartment.php sql injection
E
CVE-2025-3143 SourceCodester Apartment Visitor Management System visitor-entry.php sql injection
E
CVE-2025-3144 MindSpore mindspore.numpy.fft.hfftn memory corruption
E
CVE-2025-3145 MindSpore mindspore.numpy.fft.rfft2 memory corruption
E
CVE-2025-3146 PHPGurukul Bus Pass Management System view-pass-detail.php sql injection
E
CVE-2025-3147 PHPGurukul Boat Booking System add-subadmin.php sql injection
E
CVE-2025-3148 codeprojects Product Management System Login buffer overflow
E
CVE-2025-3149 itning Student Homework Management System Edit Job Page fileupload cross site scripting
E
CVE-2025-3150 itning Student Homework Management System cross-site request forgery
E
CVE-2025-3151 SourceCodester Gym Management System signup.php sql injection
E
CVE-2025-3152 caipeichao ThinkOX Search search.html cross site scripting
E
CVE-2025-3153 Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute
CVE-2025-3154 Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05
CVE-2025-3155 Yelp: arbitrary file read
E M
CVE-2025-3156 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3157 Intelbras WRN 150 Wireless Menu cross site scripting
CVE-2025-3158 Open Asset Import Library Assimp LWO File LWOAnimation.cpp UpdateAnimRangeSetup heap-based overflow
E
CVE-2025-3159 Open Asset Import Library Assimp ASE File ASEParser.cpp ParseLV4MeshBonesVertices heap-based overflow
E S
CVE-2025-3160 Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds
E S
CVE-2025-3161 Tenda AC10 ShutdownSetAdd stack-based overflow
E
CVE-2025-3162 InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization
E
CVE-2025-3163 InternLM LMDeploy conf.py open code injection
E
CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
E
CVE-2025-3165 thu-pacman chitu backend.py torch.load deserialization
CVE-2025-3166 code-projects Product Management System Search Product Menu search_item stack-based overflow
E
CVE-2025-3167 Tenda AC23 API Interface VerAPIMant denial of service
E
CVE-2025-3168 PHPGurukul Time Table Generator System edit-class.php sql injection
E
CVE-2025-3169 Projeqtor saveAttachment.php unrestricted upload
E
CVE-2025-3170 Project Worlds Online Lawyer Management System admin_user.php sql injection
E
CVE-2025-3171 Project Worlds Online Lawyer Management System approve_lawyer.php sql injection
E
CVE-2025-3172 Project Worlds Online Lawyer Management System lawyer_booking.php sql injection
E
CVE-2025-3173 Project Worlds Online Lawyer Management System save_booking.php sql injection
E
CVE-2025-3174 Project Worlds Online Lawyer Management System searchLawyer.php sql injection
E
CVE-2025-3175 Project Worlds Online Lawyer Management System save_user_edit_profile.php sql injection
E
CVE-2025-3176 Project Worlds Online Lawyer Management System single_lawyer.php sql injection
E
CVE-2025-3177 FastCMS JWT hard-coded key
E
CVE-2025-3178 projectworlds Online Doctor Appointment Booking System deleteappointment.php sql injection
E
CVE-2025-3179 projectworlds Online Doctor Appointment Booking System deletepatient.php sql injection
E
CVE-2025-3180 projectworlds Online Doctor Appointment Booking System deleteschedule.php sql injection
E
CVE-2025-3181 projectworlds Online Doctor Appointment Booking System appointment.php sql injection
E
CVE-2025-3182 projectworlds Online Doctor Appointment Booking System getschedule.php sql injection
E
CVE-2025-3183 projectworlds Online Doctor Appointment Booking System patientupdateprofile.php sql injection
E
CVE-2025-3184 projectworlds Online Doctor Appointment Booking System profile.php sql injection
E
CVE-2025-3185 projectworlds Online Doctor Appointment Booking System patientupdateprofile.php sql injection
E
CVE-2025-3186 projectworlds Online Doctor Appointment Booking System invoice.php sql injection
E
CVE-2025-3187 PHPGurukul e-Diary Management System login.php sql injection
E
CVE-2025-3188 PHPGurukul e-Diary Management System add-notes.php sql injection
E
CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP
S
CVE-2025-3190 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-3191 All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the...
E
CVE-2025-3192 Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery ...
E
CVE-2025-3194 Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE...
E
CVE-2025-3195 itsourcecode Online Blood Bank Management System bbms.php sql injection
E
CVE-2025-3196 Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow
E S
CVE-2025-3197 Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand...
E
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
E S
CVE-2025-3199 ageerle ruoyi-ai API Interface SysModelController.java improper authorization
E S
CVE-2025-3200 Com-Server Exposed via Weak TLS
CVE-2025-3201 Kali Forms < 2.4.3 - Contributor+ Stored XSS
E
CVE-2025-3202 ageerle ruoyi-ai SysNoticeController.java improper authorization
E S
CVE-2025-3203 Tenda W18E setModules formSetAccountList stack-based overflow
E
CVE-2025-3204 CodeAstro Car Rental System returncar.php sql injection
E
CVE-2025-3205 CodeAstro Student Grading System studentsubject.php sql injection
E
CVE-2025-3206 code-projects Hospital Management System doctor-specilization.php sql injection
E
CVE-2025-3207 code-projects Patient Record Management System birthing_form.php sql injection
E
CVE-2025-3208 code-projects Patient Record Management System xray_print.php sql injection
E
CVE-2025-3209 code-projects Patient Record Management System add_patient.php sql injection
E
CVE-2025-3210 code-projects Patient Record Management System birthing_pending.php sql injection
E
CVE-2025-3211 code-projects Patient Record Management System birthing_print.php sql injection
E
CVE-2025-3213 PHPGurukul e-Diary Management System view-note.php sql injection
E
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal
E
CVE-2025-3215 PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection
E
CVE-2025-3216 PHPGurukul e-Diary Management System password-recovery.php sql injection
E
CVE-2025-3217 PHPGurukul e-Diary Management System registration.php sql injection
E
CVE-2025-3218 IBM i improper certificate validation
S
CVE-2025-3219 CodeCanyon Perfex CRM Project Discussions Module 2 cross site scripting
E
CVE-2025-3220 PHPGurukul e-Diary Management System dashboard.php sql injection
E
CVE-2025-3221 IBM InfoSphere Information Server denial of service
S
CVE-2025-3223 WorkstationST EGD Configuration Server Path Traversal Vulnerability
CVE-2025-3224 Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index
CVE-2025-3227 Unauthorized channel member management through playbook runs
S
CVE-2025-3228 Unauthorized Guest user access to Playbook
S
CVE-2025-3229 PHPGurukul Restaurant Table Booking System edit-subadmin.php sql injection
E
CVE-2025-3230 Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server
S
CVE-2025-3231 PHPGurukul Zoo Management System aboutus.php sql injection
E
CVE-2025-3234 File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload
CVE-2025-3235 PHPGurukul Old Age Home Management System profile.php sql injection
E
CVE-2025-3236 Tenda FH1202 Web Management Interface VirSerDMZ access control
E
CVE-2025-3237 Tenda FH1202 wrlwpsset access control
E
CVE-2025-3238 PHPGurukul Online Fire Reporting System search-request.php sql injection
E
CVE-2025-3239 PHPGurukul Online Fire Reporting System edit-guard-detail.php sql injection
E
CVE-2025-3240 PHPGurukul Online Fire Reporting System search.php sql injection
E
CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference
E
CVE-2025-3242 PHPGurukul e-Diary Management System search-result.php sql injection
E
CVE-2025-3243 code-projects Patient Record Management System dental_form.php sql injection
E
CVE-2025-3244 SourceCodester Web-based Pharmacy Product Management System Create User Page add-admin.php unrestricted upload
E
CVE-2025-3245 itsourcecode Library Management System Forgot.java search sql injection
E
CVE-2025-3246 Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers
CVE-2025-3247 Contact Form 7 <= 6.0.5 - Order Replay Vulnerability
S
CVE-2025-3248 Langflow Unauth RCE
KEV E S
CVE-2025-3249 TOTOLINK A6000R mtkwifi.lua apcli_cancel_wps command injection
E
CVE-2025-3250 elunez eladmin Maintenance Management Module testConnect deserialization
E
CVE-2025-3251 xujiangfei admintwo updateSet cross site scripting
E
CVE-2025-3252 xujiangfei admintwo add cross site scripting
E
CVE-2025-3253 xujiangfei admintwo insertTree cross site scripting
E
CVE-2025-3254 xujiangfei admintwo add server-side request forgery
E
CVE-2025-3255 xujiangfei admintwo home access control
E
CVE-2025-3256 xujiangfei admintwo updateSet access control
E
CVE-2025-3257 xujiangfei admintwo updateSet cross-site request forgery
E
CVE-2025-3258 PHPGurukul Old Age Home Management System search.php sql injection
E
CVE-2025-3259 Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow
E
CVE-2025-3260 A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users t...
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E
CVE-2025-3263 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
CVE-2025-3265 PHPGurukul e-Diary Management System add-category.php sql injection
E
CVE-2025-3266 qinguoyi TinyWebServer http_conn.cpp stack-based overflow
E
CVE-2025-3267 qinguoyi TinyWebServer http_conn.cpp sql injection
E
CVE-2025-3268 qinguoyi TinyWebServer http_conn.cpp improper authentication
E
CVE-2025-3269 Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed....
R
CVE-2025-3272 Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager.
S
CVE-2025-3275 Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3276 SKT Blocks – Gutenberg based Page Builder <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-3277 An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated in...
CVE-2025-3278 UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation
CVE-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-3280 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification
S
CVE-2025-3283 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion
CVE-2025-3285 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3286 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3287 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3288 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3289 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update
S
CVE-2025-3294 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
S
CVE-2025-3295 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
S
CVE-2025-3296 SourceCodester Online Eyewear Shop Users.php sql injection
E
CVE-2025-3297 SourceCodester Online Eyewear Shop Master.php cross site scripting
E
CVE-2025-3298 SourceCodester Online Eyewear Shop Registration Master.php access control
E
CVE-2025-3299 PHPGurukul Men Salon Management System appointment.php sql injection
E
CVE-2025-3300 WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write
CVE-2025-3301 DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices
CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER'
CVE-2025-3303 code-projects Patient Record Management System birthing_record.php sql injection
E
CVE-2025-3304 code-projects Patient Record Management System dental_not.php sql injection
E
CVE-2025-3305 1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control
E
CVE-2025-3306 code-projects Blood Bank Management System don.php sql injection
E
CVE-2025-3307 code-projects Blood Bank Management System reset.php sql injection
E
CVE-2025-3308 code-projects Blood Bank Management System viewrequest.php sql injection
E
CVE-2025-3309 code-projects Blood Bank Management System campsdetails.php sql injection
E
CVE-2025-3310 code-projects Blood Bank Management System delete.php sql injection
E
CVE-2025-3311 PHPGurukul Men Salon Management System about-us.php sql injection
E
CVE-2025-3312 PHPGurukul Men Salon Management System add-customer-services.php sql injection
E
CVE-2025-3313 PHPGurukul Men Salon Management System add-customer.php sql injection
E
CVE-2025-3314 SourceCodester Apartment Visitor Management System forgotpw.php sql injection
E
CVE-2025-3315 SourceCodester Apartment Visitor Management System view-report.php sql injection
E
CVE-2025-3316 PHPGurukul Men Salon Management System search-invoices.php sql injection
E
CVE-2025-3317 fumiao opencms dataPage.jsp path traversal
E
CVE-2025-3318 Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 ShangpinleixingController.java page sql injection
E
CVE-2025-3319 IBM Spectrum Protect Server authentication bypass
S
CVE-2025-3321 Use of Hard-coded Credentials in OnlineSuite
S
CVE-2025-3322 Improper Neutralization of Special Elements in OnlineSuite
S
CVE-2025-3323 godcheese/code-projects Nimrod ViewMenuCategoryRestController.java sql injection
E
CVE-2025-3324 godcheese/code-projects Nimrod FileRestController.java unrestricted upload
E
CVE-2025-3325 iteaj iboot 物联网网关 Admin Password pwd access control
E
CVE-2025-3326 iteaj iboot 物联网网关 File Upload upload cross site scripting
E
CVE-2025-3327 iteaj iboot 物联网网关 File Upload batch cross site scripting
E
CVE-2025-3328 Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow
E
CVE-2025-3329 Consumer Comanda Mobile Restaurant Order cleartext transmission
E
CVE-2025-3330 codeprojects Online Restaurant Management System reservation_save.php sql injection
E
CVE-2025-3331 codeprojects Online Restaurant Management System payment_save.php sql injection
E
CVE-2025-3332 codeprojects Online Restaurant Management System menu_save.php sql injection
E
CVE-2025-3333 codeprojects Online Restaurant Management System menu_update.php sql injection
E
CVE-2025-3334 codeprojects Online Restaurant Management System category_save.php sql injection
E
CVE-2025-3335 codeprojects Online Restaurant Management System category_update.php sql injection
E
CVE-2025-3336 codeprojects Online Restaurant Management System member_save.php sql injection
E
CVE-2025-3337 codeprojects Online Restaurant Management System member_update.php sql injection
E
CVE-2025-3338 codeprojects Online Restaurant Management System user_save.php sql injection
E
CVE-2025-3339 codeprojects Online Restaurant Management System user_update.php sql injection
E
CVE-2025-3340 codeprojects Online Restaurant Management System combo_update.php sql injection
E
CVE-2025-3341 codeprojects Online Restaurant Management System reservation_view.php sql injection
E
CVE-2025-3342 codeprojects Online Restaurant Management System payment_save.php sql injection
E
CVE-2025-3343 codeprojects Online Restaurant Management System reservation_update.php sql injection
E
CVE-2025-3344 codeprojects Online Restaurant Management System assign_save.php sql injection
E
CVE-2025-3345 codeprojects Online Restaurant Management System combo.php sql injection
E
CVE-2025-3346 Tenda AC7 SetPptpServerCfg formSetPPTPServer buffer overflow
E
CVE-2025-3347 code-projects Patient Record Management System dental_pending.php sql injection
E
CVE-2025-3348 code-projects Patient Record Management System edit_dpatient.php sql injection
E
CVE-2025-3349 PCMan FTP Server SYST Command buffer overflow
E
CVE-2025-3350 PHPGurukul Old Age Home Management System view-enquiry.php sql injection
E
CVE-2025-3351 PHPGurukul Old Age Home Management System login.php sql injection
E
CVE-2025-3352 PHPGurukul Old Age Home Management System edit-scdetails.php sql injection
E
CVE-2025-3353 PHPGurukul Men Salon Management System add-services.php sql injection
E
CVE-2025-3357 IBM Tivoli Monitoring code execution
S
CVE-2025-3358 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3359 Gnuplot: segmentation fault via io_str_init_static_internal function
M
CVE-2025-3360 Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
M
CVE-2025-3361 HGiga iSherlock - OS Command Injection
S
CVE-2025-3362 HGiga iSherlock - OS Command Injection
S
CVE-2025-3363 HGiga iSherlock - OS Command Injection
S
CVE-2025-3364 HGiga PowerStation - Chroot Escape
S
CVE-2025-3365 Relative Path Traversal in OnlineSuite
S
CVE-2025-3369 xxyopen Novel-Plus list sql injection
E
CVE-2025-3370 PHPGurukul Men Salon Management System admin-profile.php sql injection
E
CVE-2025-3371 PCMan FTP Server DELETE Command buffer overflow
E
CVE-2025-3372 PCMan FTP Server MKDIR Command buffer overflow
E
CVE-2025-3373 PCMan FTP Server SITE CHMOD Command buffer overflow
E
CVE-2025-3374 PCMan FTP Server CCC Command buffer overflow
E
CVE-2025-3375 PCMan FTP Server CDUP Command buffer overflow
E
CVE-2025-3376 PCMan FTP Server CONF Command buffer overflow
E
CVE-2025-3377 PCMan FTP Server ENC Command buffer overflow
E
CVE-2025-3378 PCMan FTP Server EPRT Command buffer overflow
E
CVE-2025-3379 PCMan FTP Server EPSV Command buffer overflow
E
CVE-2025-3380 PCMan FTP Server FEAT Command buffer overflow
E
CVE-2025-3381 zhangyanbo2007 youkefu File Upload WebIMController.java path traversal
E
CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection
E
CVE-2025-3383 SourceCodester Web-based Pharmacy Product Management System search_sales.php sql injection
E
CVE-2025-3384 1000 Projects Human Resource Management System employee.php sql injection
E
CVE-2025-3385 LinZhaoguan pb-cms Classification Management Page cross site scripting
E
CVE-2025-3386 LinZhaoguan pb-cms Friendship Link admin#links cross site scripting
E
CVE-2025-3387 renrenio renren-security JSON cross site scripting
E
CVE-2025-3388 hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting
E
CVE-2025-3389 hailey888 oa_system Backend InformManageController.java testMess cross site scripting
E
CVE-2025-3390 hailey888 oa_system Backend DaymanageController.java addandchangeday cross site scripting
E
CVE-2025-3391 hailey888 oa_system Backend AddrController. java outAddress cross site scripting
E
CVE-2025-3392 hailey888 oa_system Backend MailController.java save cross site scripting
E
CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting
E
CVE-2025-3394 Vulnerability in user management of Automation Builder
M
CVE-2025-3395 Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vu...
M
CVE-2025-3396 Incorrect Authorization in GitLab
E S
CVE-2025-3397 YzmCMS message.tpl cross site scripting
E
CVE-2025-3398 lenve VBlog WebSecurityConfig.java configure access control
E
CVE-2025-3399 ESAFENET CDG updateNotice.jsp sql injection
E
CVE-2025-3400 ESAFENET CDG UnChkMailApplication.jsp sql injection
E
CVE-2025-3401 ESAFENET CDG getLimitIPList.jsp sql injection
E
CVE-2025-3402 Seeyon Zhiyuan Interconnect FE Collaborative Office Platform check.js%70 sql injection
E
CVE-2025-3403 Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source
E
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
CVE-2025-3405 FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection
E
CVE-2025-3406 Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds
CVE-2025-3407 Nothings stb stbhw_build_tileset_from_image out-of-bounds
CVE-2025-3408 Nothings stb stb_dupreplace integer overflow
E
CVE-2025-3409 Nothings stb stb_include_string stack-based overflow
CVE-2025-3410 mymagicpower AIAS LocalStorageController.java unrestricted upload
E
CVE-2025-3411 mymagicpower AIAS AsrController.java server-side request forgery
E
CVE-2025-3412 mymagicpower AIAS InferController.java server-side request forgery
E
CVE-2025-3413 opplus springboot-admin SysGeneratorController.java code deserialization
E
CVE-2025-3416 Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
M
CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read
S
CVE-2025-3421 Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting
S
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
S
CVE-2025-3423 IBM Aspera Faspex 5 cross-site scripting
CVE-2025-3424 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel
CVE-2025-3425 Unauthenticated Remote Code Execution via .NET Deserialization
CVE-2025-3426 Use of default hardcoded credentials
CVE-2025-3427 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'
S
CVE-2025-3428 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text'
S
CVE-2025-3429 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'
S
CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'
S
CVE-2025-3431 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download
CVE-2025-3432 AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2025-3433 Advanced Advertising System <= 1.3.1 - Open Redirect
CVE-2025-3434 SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVE-2025-3435 MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer
CVE-2025-3436 coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection
CVE-2025-3437 Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up
CVE-2025-3438 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation
S
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection
S
CVE-2025-3440 IBM Security Guardium cross-site scripting
CVE-2025-3441 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3442 Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
S
CVE-2025-3444 Local File Inclusion
CVE-2025-3445 A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerab...
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams
S
CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
S
CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure
CVE-2025-3454 This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by a...
CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-3457 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id'
S
CVE-2025-3459 ON Semiconductor Quantenna transmit_file Argument Injection
CVE-2025-3460 ON Semiconductor Quantenna set_tx_pow Argument Injection
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication
CVE-2025-3462 "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endp...
CVE-2025-3463 "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endp...
CVE-2025-3464 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-che...
CVE-2025-3466 Unsanitized Input in langgenius/dify
E S
CVE-2025-3467 XSS Vulnerability in langgenius/dify
E S
CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting
CVE-2025-3469 i18n XSS vulnerability in HTMLMultiSelectField when sections are used
CVE-2025-3470 TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter
CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update
E
CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2025-3473 IBM Security Guardium privilege escalation
S
CVE-2025-3474 Panels - Critical - Access bypass - SA-CONTRIB-2025-033
CVE-2025-3475 WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030
CVE-2025-3476 Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability coul...
S
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability
S
CVE-2025-3480 MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability
CVE-2025-3481 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3482 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3483 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3484 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3485 Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability
CVE-2025-3486 Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability
CVE-2025-3487 Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'
S
CVE-2025-3488 WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode
CVE-2025-3489 Nababur Simple-User-Management-System register.php cross site scripting
E
CVE-2025-3491 Add custom page template <= 2.0.1 - Authenticated (Administrator+) PHP Code Injection to Remote Code Execution
CVE-2025-3493 Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue....
R
CVE-2025-3494 Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue....
R
CVE-2025-3495 COMMGR - Insufficient Randomization Authentication Bypass
CVE-2025-3496 AUMA Riester: Buffer overflow in service telegram
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
CVE-2025-3501 Org.keycloak.protocol.services: keycloak hostname verification
M
CVE-2025-3502 WP Maps < 4.7.2 - Admin+ Stored XSS
E
CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS
E
CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS
E
CVE-2025-3506 Potentially senitive path exposed via unauthenticated http route
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation
CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
CVE-2025-3511 Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation ...
CVE-2025-3512 Buffer overflow in QTextMarkdownImporter
CVE-2025-3513 SureForms < 1.4.4 - Admin+ Stored XSS
E
CVE-2025-3514 SureForms < 1.4.4 - Admin+ Stored XSS
E
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks
CVE-2025-3516 Simple Lightbox < 2.9.4 - Contributor+ Stored XSS
E
CVE-2025-3517 Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and ear...
CVE-2025-3518 File upload functionality possible even when disabled
CVE-2025-3519 Replace uploaded files knowing the file upload ID
CVE-2025-3520 Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-3521 Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3522 Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can b...
CVE-2025-3523 When an email contains multiple attachments with external links via the X-Mozilla-External-Attachmen...
CVE-2025-3524 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3526 SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3...
CVE-2025-3527 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-3528 Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
M
CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter
CVE-2025-3530 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation
CVE-2025-3531 YouDianCMS index.html cross site scripting
E
CVE-2025-3532 YouDianCMS index.html.Attackers cross site scripting
E
CVE-2025-3533 YouDianCMS index.html.Attackers cross site scripting
E
CVE-2025-3534 PowerCreator CMS OpenPublicCourse.aspx sql injection
E
CVE-2025-3535 shuanx BurpAPIFinder BurpApiFinder.db denial of service
E
CVE-2025-3536 Tutorials-Website Employee Management System delete-user.php improper authorization
E
CVE-2025-3537 Tutorials-Website Employee Management System update-user.php improper authorization
E
CVE-2025-3538 D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow
E
CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection
E S
CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection
E S
CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection
E S
CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection
E S
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3547 frdel Agent-Zero get_work_dir_files path traversal
CVE-2025-3548 Open Asset Import Library Assimp File types.h Set heap-based overflow
E S
CVE-2025-3549 Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow
E
CVE-2025-3550 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System detail improper authorization
E
CVE-2025-3551 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-3552 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-3553 phpshe admin.php pe_delete sql injection
E
CVE-2025-3554 phpshe api.php cross site scripting
E
CVE-2025-3555 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
E
CVE-2025-3556 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
E
CVE-2025-3557 ScriptAndTools eCommerce-website-in-PHP cross-site request forgery
E
CVE-2025-3558 ghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted upload
E
CVE-2025-3559 ghostxbh uzy-ssm-mall 20 ForeProductListController sql injection
E
CVE-2025-3560 ghostxbh uzy-ssm-mall product cross site scripting
E
CVE-2025-3561 ghostxbh uzy-ssm-mall cross-site request forgery
E
CVE-2025-3562 Yonyou YonBIP userfile FileInputStream path traversal
E
CVE-2025-3563 WuzhiCMS Setting index.php set code injection
E
CVE-2025-3564 huanfenz/code-projects StudentManager Teacher String improper authorization
E
CVE-2025-3565 huanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestricted upload
E
CVE-2025-3566 veal98 小牛肉 Echo 开源社区系统 uploadMdPic unrestricted upload
E
CVE-2025-3567 veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization
E
CVE-2025-3568 Webkul Krayin CRM SVG File edit cross site scripting
E
CVE-2025-3569 JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization
E
CVE-2025-3570 JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
E
CVE-2025-3571 Fannuo Enterprise Content Management System 凡诺企业网站管理系统 cms_chip.php sql injection
E
CVE-2025-3572 INTUMIT SmartRobot - Server-Side Request Forgery
S
CVE-2025-3573 Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS)...
CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA
S
CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA
S
CVE-2025-3576 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
M
CVE-2025-3577 **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the ...
E
CVE-2025-3578 Adversarial Input Handling Vulnerability in AiDex
S
CVE-2025-3579 Code Injection Vulnerability in AiDex
S
CVE-2025-3580 An access control vulnerability was discovered in Grafana OSS where an Organization administrator co...
CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget
E
CVE-2025-3582 Newsletter < 8.8.5 - Admin+ Stored XSS via Form
E
CVE-2025-3583 Newsletter < 8.7.1 - Admin+ Stored XSS
E
CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription
E
CVE-2025-3585 westboy CicadasCMS JSP Parser upload unrestricted upload
E
CVE-2025-3587 ZeroWdd/code-projects studentmanager getTeacherList improper authorization
E
CVE-2025-3588 joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow
E
CVE-2025-3589 SourceCodester Music Class Enrollment System manage_class.php sql injection
E
CVE-2025-3590 Adianti Framework deserialization
E
CVE-2025-3591 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
E
CVE-2025-3592 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
E
CVE-2025-3593 ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload
E
CVE-2025-3594 Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0....
CVE-2025-3597 Firelight Lightbox < 2.3.15 - Contributor+ Stored XSS
E
CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter
CVE-2025-3599 Symantec Endpoint Protection Elevation of Privilege
CVE-2025-3600 Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX
CVE-2025-3602 Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through u...
CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
CVE-2025-3604 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
CVE-2025-3605 Frontend Login and Registration Blocks <= 1.0.7 - Unauthenticated Privilege Escalation via Account Takeover
CVE-2025-3606 Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere
S
CVE-2025-3607 Frontend Login and Registration Blocks <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset
CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corrupt...
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration
CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update
CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions
S
CVE-2025-3612 Demtec Graphytics HTTP GET Parameter visualization cross site scripting
E
CVE-2025-3613 Demtec Graphytics visualization cross site scripting
E
CVE-2025-3615 Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3616 Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2025-3617 Local Privilege Escalation in ThinManager®
S
CVE-2025-3618 Local Privilege Escalation Vulnerability
S
CVE-2025-3619 Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote a...
CVE-2025-3620 Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potential...
CVE-2025-3622 Xorbits Inference model.py load deserialization
E M
CVE-2025-3623 Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function
CVE-2025-3624 Missing Authorization Vulnerability in Hitachi Ops Center Analyzer
CVE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action
CVE-2025-3626 OS Command Injection via Config Upload in WebUI
CVE-2025-3627 Moodle: partial data exposure in moodle before completing multi-factor authentication
CVE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities
CVE-2025-3629 IBM InfoSphere Information Server file manipulation
S
CVE-2025-3630 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
S
CVE-2025-3631 IBM MQ denial of service
S
CVE-2025-3632 IBM 4769 Developers Toolkit denial of service
S
CVE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa
CVE-2025-3635 Moodle: csrf risk in moodle user tours manager allows tour duplication
CVE-2025-3636 Moodle: idor in moodle rss block allows unauthorized access to rss feeds
CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module
CVE-2025-3638 Moodle: csrf risk in brickfield tool's analysis request action
CVE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users
CVE-2025-3641 Moodle: authenticated remote code execution risk in the moodle lms dropbox repository
CVE-2025-3642 Moodle: authenticated remote code execution risk in the moodle lms equella repository
CVE-2025-3643 Moodle: reflected xss risk in policy tool
CVE-2025-3644 Moodle: ajax section delete does not respect course_can_delete_section()
CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details
CVE-2025-3647 Moodle: idor when accessing the cohorts report
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs
CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
E
CVE-2025-3651 Command Injection in iManage Work Desktop for Mac's Agent Service
CVE-2025-3659 Improper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAP
S
CVE-2025-3661 SB Chart block <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
E
CVE-2025-3663 TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control
E
CVE-2025-3664 TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control
E
CVE-2025-3665 TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control
E
CVE-2025-3666 TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control
E
CVE-2025-3667 TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control
E
CVE-2025-3668 TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control
E
CVE-2025-3670 KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2025-3673 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3092.. Reason:...
R
CVE-2025-3674 TOTOLINK A3700R cstecgi.cgi setUrlFilterRules access control
E
CVE-2025-3675 TOTOLINK A3700R cstecgi.cgi setL2tpServerCfg access control
E
CVE-2025-3676 xxyopen Novel-Plus books sql injection
E
CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization
CVE-2025-3678 PCMan FTP Server HELP Command buffer overflow
E
CVE-2025-3679 PCMan FTP Server HOST Command buffer overflow
E
CVE-2025-3680 PCMan FTP Server LANG Command buffer overflow
E
CVE-2025-3681 PCMan FTP Server MODE Command buffer overflow
E
CVE-2025-3682 PCMan FTP Server PASV Command buffer overflow
E
CVE-2025-3683 PCMan FTP Server SIZE Command buffer overflow
E
CVE-2025-3684 Xianqi Kindergarten Management System Child Management stu_list.php sql injection
E S
CVE-2025-3685 code-projects Patient Record Management System edit_fpatient.php sql injection
E
CVE-2025-3686 misstt123 oasys show image path traversal
E
CVE-2025-3687 misstt123 oasys Sticky Notes cross-site request forgery
E
CVE-2025-3688 mirweiye Seven Bears Library CMS Background Management Page cross site scripting
E
CVE-2025-3689 PHPGurukul Men Salon Management System edit-customer-detailed.php sql injection
E
CVE-2025-3690 PHPGurukul Men Salon Management System edit-services.php sql injection
E
CVE-2025-3691 mirweiye Seven Bears Library CMS Add Link server-side request forgery
E
CVE-2025-3692 SourceCodester Online Eyewear Shop Master.php cross site scripting
E
CVE-2025-3693 Tenda W12 httpd cgiWifiRadioSet stack-based overflow
E
CVE-2025-3694 SourceCodester Web-based Pharmacy Product Management System Login sql injection
E
CVE-2025-3696 SourceCodester Web-based Pharmacy Product Management System search_stock. php sql injection
E
CVE-2025-3697 SourceCodester Web-based Pharmacy Product Management System edit-product.php sql injection
E
CVE-2025-3698 Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to inf...
CVE-2025-3699 Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 V...
CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability
S
CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-3705 OS Command Injection via USB Config Load
CVE-2025-3706 104 Corporation eHRMS - Reflected Cross-Site Scripting
S
CVE-2025-3707 Sunnet eHRD CTMS - SQL Injection
S
CVE-2025-3708 Le-show Medical Practice Management System - SQL Injection
S
CVE-2025-3709 Flowring Technology Agentflow - Account Lockout Bypass
S
CVE-2025-3710 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
S
CVE-2025-3711 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
S
CVE-2025-3712 ATEN LCD KVM over IP Switch CL5708IM - Heap-based Buffer Overflow
S
CVE-2025-3713 ATEN LCD KVM over IP Switch CL5708IM - Heap-based Buffer Overflow
S
CVE-2025-3714 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
S
CVE-2025-3715 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter
CVE-2025-3722 A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an auth...
CVE-2025-3723 PCMan FTP Server MDTM Command buffer overflow
E
CVE-2025-3724 PCMan FTP Server DIR Command buffer overflow
E
CVE-2025-3725 PCMan FTP Server MIC Command buffer overflow
E
CVE-2025-3726 PCMan FTP Server CD Command buffer overflow
E
CVE-2025-3727 PCMan FTP Server STATUS Command buffer overflow
E
CVE-2025-3728 SourceCodester Simple Hotel Booking System login buffer overflow
E
CVE-2025-3729 SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection
E
CVE-2025-3730 PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service
E S
CVE-2025-3733 baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034
CVE-2025-3734 Stage File Proxy - Moderately critical - Denial of Service - SA-CONTRIB-2025-035
CVE-2025-3735 Panelizer (obsolete) - Critical - Unsupported - SA-CONTRIB-2025-036
CVE-2025-3736 Simple GTM - Critical - Unsupported - SA-CONTRIB-2025-037
CVE-2025-3737 Google Maps: Store Locator - Critical - Unsupported - SA-CONTRIB-2025-038
CVE-2025-3738 Google Optimize - Critical - Unsupported - SA-CONTRIB-2025-039
CVE-2025-3739 Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040
CVE-2025-3742 Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS
E
CVE-2025-3743 Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation
CVE-2025-3744 Nomad Vulnerable To Violation Of Mandatory Sentinel Policies in Nomad Job Submissions via Policy Override
CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS
E
CVE-2025-3746 OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation
CVE-2025-3748 Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode
S
CVE-2025-3749 Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter
CVE-2025-3750 Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter
CVE-2025-3751 TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability
CVE-2025-3752 Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter
CVE-2025-3755 Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
CVE-2025-3757 Authentication Bypass in OpenPubKey
CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220
CVE-2025-3759 Missing Authentication for Changing Device Configuration in WF2220
CVE-2025-3760 A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Lif...
CVE-2025-3761 My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3762 PCMan FTP Server MPUT Command buffer overflow
E
CVE-2025-3763 SourceCodester Phone Management System Password main buffer overflow
E
CVE-2025-3764 SourceCodester Web-based Pharmacy Product Management System edit-product.php unrestricted upload
E
CVE-2025-3765 SourceCodester Web-based Pharmacy Product Management System edit-photo.php unrestricted upload
E
CVE-2025-3766 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting
CVE-2025-3767 SQL Injection in Centreon BAM boolean KPI listing
CVE-2025-3768 Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlie...
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference
CVE-2025-3771 A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authent...
CVE-2025-3773 A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior...
CVE-2025-3774 Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header
CVE-2025-3775 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter
CVE-2025-3776 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution
CVE-2025-3777 Improper Input Validation in huggingface/transformers
CVE-2025-3779 Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter
CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification
CVE-2025-3781 Raisely Donation Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode
CVE-2025-3782 Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-3783 SourceCodester Web-based Pharmacy Product Management System add-product.php unrestricted upload
E
CVE-2025-3785 D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow
E
CVE-2025-3786 Tenda AC15 WifiExtraSet fromSetWirelessRepeat buffer overflow
E
CVE-2025-3787 PbootCMS Image server-side request forgery
E
CVE-2025-3788 baseweb JSite save cross site scripting
E
CVE-2025-3789 baseweb JSite save cross site scripting
E
CVE-2025-3790 baseweb JSite Apache Druid Monitoring Console index.html access control
E
CVE-2025-3791 symisc UnQLite unqlite.c jx9MemObjStore heap-based overflow
E
CVE-2025-3792 SeaCMS admin_link.php sql injection
E
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
CVE-2025-3795 DaiCuo SEO Optimization Settings Section cross site scripting
E
CVE-2025-3796 PHPGurukul Men Salon Management System contact-us.php sql injection
E
CVE-2025-3797 SeaCMS admin_topic.php sql injection
E
CVE-2025-3798 WCMS Advertisement Image AdvadminController.php sub unrestricted upload
E
CVE-2025-3799 WCMS AnonymousController.php sql injection
E
CVE-2025-3800 WCMS AnonymousController.php sql injection
E
CVE-2025-3801 songquanpeng one-api System Setting cross site scripting
E
CVE-2025-3802 Tenda W12/i24 httpd cgiPingSet stack-based overflow
E
CVE-2025-3803 Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow
E
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
E
CVE-2025-3805 sarrionandia tournatrack Jinja2 Template check_id.py injection
E
CVE-2025-3806 dazhouda lecms Edit Profile admin cross site scripting
E
CVE-2025-3807 zhenfeng13 My-BBS Endpoint UploadController.java upload unrestricted upload
E
CVE-2025-3808 zhenfeng13 My-BBS cross-site request forgery
E
CVE-2025-3809 Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover
S
CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update
S
CVE-2025-3812 WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3814 Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter
CVE-2025-3815 SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-3816 westboy CicadasCMS Scheduled Task save os command injection
E
CVE-2025-3817 SourceCodester Online Eyewear Shop Master.php sql injection
E
CVE-2025-3818 webpy web.py db.py PostgresDB._process_insert_query sql injection
E
CVE-2025-3819 PHPGurukul Men Salon Management System search-appointment.php sql injection
E
CVE-2025-3820 Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow
E
CVE-2025-3821 SourceCodester Web-based Pharmacy Product Management System add-admin.php cross site scripting
E
CVE-2025-3822 SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting
E
CVE-2025-3823 SourceCodester Web-based Pharmacy Product Management System add-stock.php cross site scripting
E
CVE-2025-3824 SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting
E
CVE-2025-3825 SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting
E
CVE-2025-3826 SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting
E
CVE-2025-3827 PHPGurukul Men Salon Management System forgot-password.php sql injection
E
CVE-2025-3828 PHPGurukul Men Salon Management System view-appointment.php sql injection
E
CVE-2025-3829 PHPGurukul Men Salon Management System sales-reports-detail.php sql injection
E
CVE-2025-3830 kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload
E
CVE-2025-3832 FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter
CVE-2025-3833 SQL Injection
CVE-2025-3834 SQL Injection
CVE-2025-3835 Remote Code Execution
CVE-2025-3836 SQL Injection
CVE-2025-3837 Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component
S
CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component
S
CVE-2025-3840 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2025-3841 wix-incubator jam Jinja2 Template jam.py special elements used in a template engine
E
CVE-2025-3842 panhainan DS-Java FileUpload.java uploadUserPic.action code injection
E
CVE-2025-3843 panhainan DS-Java cross-site request forgery
E
CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover
CVE-2025-3845 markparticle WebServer buffer.cpp HasWritten buffer overflow
E
CVE-2025-3846 markparticle WebServer Registration httprequest.cpp sql injection
E
CVE-2025-3847 markparticle WebServer Login httprequest.cpp sql injection
E
CVE-2025-3848 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVE-2025-3849 YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change
E
CVE-2025-3850 YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication
E
CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure
CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
CVE-2025-3854 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow
E S
CVE-2025-3855 CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection
E
CVE-2025-3856 xxyopen Novel-Plus searchByPage sql injection
E
CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet
CVE-2025-3858 Formality <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
S
CVE-2025-3859 Websites directing users to long URLs that caused eliding to occur in the location view could levera...
CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
CVE-2025-3862 Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
S
CVE-2025-3863 Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function
S
CVE-2025-3864 Connection pool exhaustion in hackney
CVE-2025-3866 Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3868 Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Site Scripting
CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3870 1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3872 Privilege escalation by altering payload in contact form
CVE-2025-3874 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference
S
CVE-2025-3875 Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an in...
CVE-2025-3876 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function
S
CVE-2025-3877 Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixe...
R
CVE-2025-3878 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode
S
CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
CVE-2025-3880 Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update
S
CVE-2025-3881 eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability
CVE-2025-3882 eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability
CVE-2025-3883 eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability
CVE-2025-3884 Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability
CVE-2025-3885 Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability
CVE-2025-3886 CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition
CVE-2025-3887 GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3888 Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG
S
CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'
S
CVE-2025-3890 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
CVE-2025-3893 SQL Injection in MegaBIP
CVE-2025-3894 Stored XSS in MegaBIP
CVE-2025-3895 Low token entropy in MegaBIP
CVE-2025-3896 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3897 EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read
CVE-2025-3898 CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an au...
CVE-2025-3899 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041
CVE-2025-3901 Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042
CVE-2025-3902 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043
CVE-2025-3903 UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044
CVE-2025-3904 Sportsleague - Critical - Unsupported - SA-CONTRIB-2025-045
CVE-2025-3905 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2025-3906 Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046
CVE-2025-3908 The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local att...
CVE-2025-3909 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute J...
CVE-2025-3910 Org.keycloak.authentication: two factor authentication bypass
M
CVE-2025-3911 Exposure in Docker Desktop logs of environment variables configured for running containers
CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure
CVE-2025-3913 Team Privacy Settings Authorization Bypass in Mattermost Server
S
CVE-2025-3914 Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2025-3915 Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
S
CVE-2025-3916 CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being abl...
CVE-2025-3917 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload
CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-3920 Hard-coded Password in SUR-FBD CMMS
CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function
CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure
CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration
CVE-2025-3925 BrightSign Players Execution with Unnecessary Privileges
S
CVE-2025-3927 CVE-2025-3927
CVE-2025-3928 Commvault Web Server unspecified vulnerability
KEV
CVE-2025-3929 Stored XSS vulnerability in MDaemon Email Server
CVE-2025-3931 Yggdrasil: local privilege escalation in yggdrasil
M
CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempte...
CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection
KEV S
CVE-2025-3936 Incorrect Permission Assignment for Critical Resource
CVE-2025-3937 Use of Password Hash with Insufficient Computational Effort
CVE-2025-3938 Missing Cryptographic Step
CVE-2025-3939 Observable Response Discrepancy
CVE-2025-3940 Improper Use of Validation Framework
CVE-2025-3941 Improper Handling of Windows: DATA Alternate Data Stream
CVE-2025-3942 Improper Output Neutralization for Logs
CVE-2025-3943 Use of GET Request Method With sensitive Query Strings
CVE-2025-3944 Incorrect Permission Assignment for Critical Resource
CVE-2025-3945 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
CVE-2025-3946 Incorrect response generation during FTEB protocol processing
CVE-2025-3947 Integer underflow during processing of short network packets in CDA FTEB responder
CVE-2025-3949 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi
E
CVE-2025-3952 Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion
S
CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update
CVE-2025-3954 ChurchCRM Referer server-side request forgery
E
CVE-2025-3955 codeprojects Patient Record Management System edit_rpatient.php.php sql injection
E
CVE-2025-3956 201206030 novel-cloud BookInfoMapper.xml RestResp sql injection
E
CVE-2025-3957 opplus springboot-admin SysLogDao.xml sql injection
E
CVE-2025-3958 withstars Books-Management-System Book Edit Page book_edit_do.html cross site scripting
E
CVE-2025-3959 withstars Books-Management-System reader_delete.html cross-site request forgery
E
CVE-2025-3960 withstars Books-Management-System Background Interface allreaders.html authorization
E
CVE-2025-3961 withstars Books-Management-System do cross site scripting
E
CVE-2025-3962 withstars Books-Management-System Comment add cross site scripting
E
CVE-2025-3963 withstars Books-Management-System Background Interface list authorization
E
CVE-2025-3964 withstars Books-Management-System Article del cross-site request forgery
E
CVE-2025-3965 itwanger paicoding post cross site scripting
E
CVE-2025-3966 itwanger paicoding Browsing History home information disclosure
E
CVE-2025-3967 itwanger paicoding Article post improper authorization
E
CVE-2025-3968 codeprojects News Publishing Site Dashboard api.php sql injection
E
CVE-2025-3969 codeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted upload
E
CVE-2025-3970 baseweb JSite save cross site scripting
E
CVE-2025-3971 PHPGurukul COVID19 Testing Management System add-phlebotomist.php sql injection
E
CVE-2025-3972 PHPGurukul COVID19 Testing Management System bwdates-report-result.php sql injection
E
CVE-2025-3973 PHPGurukul COVID19 Testing Management System check_availability.php sql injection
E
CVE-2025-3974 PHPGurukul COVID19 Testing Management System edit-phlebotomist.php sql injection
E
CVE-2025-3975 ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure
E
CVE-2025-3976 PHPGurukul COVID19 Testing Management System new-user-testing.php sql injection
E
CVE-2025-3977 iteachyou Dreamer CMS Attachment download improper authorization
E
CVE-2025-3978 dazhouda lecms user_set.htm information disclosure
E
CVE-2025-3979 dazhouda lecms Password Change index.php cross-site request forgery
E
CVE-2025-3980 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System list improper authorization
E
CVE-2025-3981 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorization
E
CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution
E
CVE-2025-3983 AMTT Hotel Broadband Operation System nlog_down.php command injection
E
CVE-2025-3984 Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection
E
CVE-2025-3985 Apereo CAS ResponseEntity redos
E
CVE-2025-3986 Apereo CAS CasConfigurationMetadataServerController.java redos
E
CVE-2025-3987 TOTOLINK N150RT formWsc command injection
E
CVE-2025-3988 TOTOLINK N150RT formPortFw buffer overflow
E
CVE-2025-3989 TOTOLINK N150RT formStaticDHCP buffer overflow
E
CVE-2025-3990 TOTOLINK N150RT formVlan buffer overflow
E
CVE-2025-3991 TOTOLINK N150RT formWdsEncrypt buffer overflow
E
CVE-2025-3992 TOTOLINK N150RT formWlwds buffer overflow
E
CVE-2025-3993 TOTOLINK N150RT formWsc buffer overflow
E
CVE-2025-3994 TOTOLINK N150RT IP Port Filtering home.htm cross site scripting
E
CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting
E
CVE-2025-3996 TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting
E
CVE-2025-3997 dazhouda lecms Personal Information Page index.php cross-site request forgery
E
CVE-2025-3998 CodeAstro Membership Management System renew.php sql injection
E
CVE-2025-3999 Seeyon Zhiyuan OA Web Application System URL Parameter date.jsp cross site scripting
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.