CVE-2025-3xxx

There are 909 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-3000 PyTorch torch.jit.script memory corruption
E
CVE-2025-3001 PyTorch torch.lstm_cell memory corruption
E
CVE-2025-3002 Digital China DCME-520 mon_merge_stat_hist.php os command injection
E
CVE-2025-3003 ESAFENET CDG UserAjax sql injection
E
CVE-2025-3004 Sayski ForestBlog search cross site scripting
E
CVE-2025-3005 Sayski ForestBlog Friend Link cross site scripting
E
CVE-2025-3006 PHPGurukul e-Diary Management System edit-category.php sql injection
E
CVE-2025-3007 Novastar CX40 NetFilter Utility netconfig getopt stack-based overflow
CVE-2025-3008 Novastar CX40 NetFilter Utility netconfig popen command injection
CVE-2025-3009 Jinher Network OA NetDiskProperty.aspx sql injection
E
CVE-2025-3010 Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference
E
CVE-2025-3011 PiExtract SOOP-CLM - SQL Injection
S
CVE-2025-3013 Insecure direct object references (IDOR) in NightWolf Penetration Platform
CVE-2025-3014 Insecure direct object references (IDOR) in NightWolf Penetration Platform
CVE-2025-3015 Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds
E S
CVE-2025-3016 Open Asset Import Library Assimp MDL File MDLMaterialLoader.cpp ParseTextureColorData resource consumption
E S
CVE-2025-3017 TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write
E S
CVE-2025-3018 SourceCodester Online Eyewear Shop Users.php sql injection
E
CVE-2025-3019 Cross-site scripting vulnerabilities in KNIME Business Hub web pages
CVE-2025-3020 Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
CVE-2025-3021 Path Traversal vulnerability in e-management of e-solutions
S
CVE-2025-3022 OS Command Injection vulnerability in e-management of e-solutions
S
CVE-2025-3023 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3026 Improper Neutralization of Special Elements vulnerability in EJBCA
S
CVE-2025-3027 Open Redirect vulnerability in EJBCA
S
CVE-2025-3028 JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-aft...
E
CVE-2025-3029 A crafted URL containing specific Unicode characters could have hidden the true origin of the page, ...
CVE-2025-3030 Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8...
CVE-2025-3031 An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vul...
CVE-2025-3032 Leaking of file descriptors from the fork server to web content processes could allow for privilege ...
CVE-2025-3033 After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file co...
CVE-2025-3034 Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of...
CVE-2025-3035 By first using the AI chatbot in one tab and later activating it in another tab, the document title ...
CVE-2025-3036 yzk2356911358 StudentServlet-JSP Student Management cross site scripting
E
CVE-2025-3037 yzk2356911358 StudentServlet-JSP cross-site request forgery
E
CVE-2025-3038 code-projects Payroll Management System view_account.php sql injection
E
CVE-2025-3039 code-projects Payroll Management System add_employee.php sql injection
E
CVE-2025-3040 Project Worlds Online Time Table Generator add_student.php unrestricted upload
E
CVE-2025-3041 Project Worlds Online Time Table Generator updatestudent.php unrestricted upload
E
CVE-2025-3042 Project Worlds Online Time Table Generator updateprofile.php unrestricted upload
E
CVE-2025-3043 GuoMinJim PersonManage login preHandle path traversal
E
CVE-2025-3044 MD5 Hash Collision in run-llama/llama_index
E S
CVE-2025-3045 oretnom23/SourceCodester Apartment Visitor Management System remove-apartment.php sql injection
E
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index
E S
CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container
CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache
CVE-2025-3050 IBM Db2 denial of service
S
CVE-2025-3051 Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory
S
CVE-2025-3052 An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.
CVE-2025-3053 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution
CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-3057 Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
CVE-2025-3058 Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3059 Profile Private - Critical - Unsupported - SA-CONTRIB-2025-002
CVE-2025-3060 Flattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005
CVE-2025-3061 Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006
CVE-2025-3062 Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010
CVE-2025-3063 Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function
CVE-2025-3065 Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion
CVE-2025-3066 Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker t...
CVE-2025-3067 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allow...
CVE-2025-3068 Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a...
CVE-2025-3069 Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote ...
CVE-2025-3070 Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 all...
CVE-2025-3071 Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote...
CVE-2025-3072 Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote...
CVE-2025-3073 Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote at...
CVE-2025-3074 Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote a...
CVE-2025-3075 Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3077 Betheme <= 28.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3078 A passback vulnerability which relates to production printers and office multifunction printers....
M
CVE-2025-3079 A passback vulnerability which relates to office/small office multifunction printers and laser print...
M
CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command
CVE-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked
CVE-2025-3086 User in anonymous role could create and delete views
CVE-2025-3087 Stored XSS Vulnerability in M-Files Web
CVE-2025-3089 Broken Access Control in ServiceNow AI Platform
CVE-2025-3090 MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24
CVE-2025-3091 MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24
CVE-2025-3092 MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24
CVE-2025-3094 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3096 Clinics Patient Management System SQL Injection
CVE-2025-3097 wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting
CVE-2025-3099 Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
S
CVE-2025-3101 Configurator Theme Core <= 1.4.7 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3102 SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
CVE-2025-3103 CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read
CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function
CVE-2025-3105 Vehica Core <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget
CVE-2025-3107 Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
E S
CVE-2025-3111 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-3112 CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service w...
CVE-2025-3113 Improper Access Control in Delphix Masking Engine
CVE-2025-3114 Spotfire Code Execution Vulnerability
CVE-2025-3115 Spotfire Data Function Vulnerability
CVE-2025-3116 CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an au...
CVE-2025-3117 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2025-3118 SourceCodester Online Tutor Portal view_course.php sql injection
E
CVE-2025-3119 SourceCodester Online Tutor Portal manage_course.php sql injection
E
CVE-2025-3120 SourceCodester Apartment Visitors Management System add-apartment.php sql injection
E
CVE-2025-3121 PyTorch torch.jit.jit_module_from_flatbuffer memory corruption
E
CVE-2025-3122 WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
E
CVE-2025-3123 WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload
E
CVE-2025-3124 Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names
CVE-2025-3128 Mitsubishi Electric Europe smartRTU OS Command Injection
M
CVE-2025-3129 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028
CVE-2025-3130 Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029
CVE-2025-3131 ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
CVE-2025-3134 code-projects Payroll Management System add_overtime.php sql injection
E
CVE-2025-3135 fcba_zzm ics-park Smart Park Management System update sql injection
E
CVE-2025-3136 PyTorch CUDACachingAllocator.cpp torch.cuda.memory.caching_allocator_delete memory corruption
E
CVE-2025-3137 PHPGurukul Online Security Guards Hiring System changeimage.php sql injection
E
CVE-2025-3138 PHPGurukul Online Security Guards Hiring System edit-guard-detail.php sql injection
E
CVE-2025-3139 code-projects Bus Reservation System Login Form login buffer overflow
E
CVE-2025-3140 SourceCodester Online Medicine Ordering System view_category.php sql injection
E
CVE-2025-3141 SourceCodester Online Medicine Ordering System manage_category.php sql injection
E
CVE-2025-3142 SourceCodester Apartment Visitor Management System add-apartment.php sql injection
E
CVE-2025-3143 SourceCodester Apartment Visitor Management System visitor-entry.php sql injection
E
CVE-2025-3144 MindSpore mindspore.numpy.fft.hfftn memory corruption
E
CVE-2025-3145 MindSpore mindspore.numpy.fft.rfft2 memory corruption
E
CVE-2025-3146 PHPGurukul Bus Pass Management System view-pass-detail.php sql injection
E
CVE-2025-3147 PHPGurukul Boat Booking System add-subadmin.php sql injection
E
CVE-2025-3148 codeprojects Product Management System Login buffer overflow
E
CVE-2025-3149 itning Student Homework Management System Edit Job Page fileupload cross site scripting
E
CVE-2025-3150 itning Student Homework Management System cross-site request forgery
E
CVE-2025-3151 SourceCodester Gym Management System signup.php sql injection
E
CVE-2025-3152 caipeichao ThinkOX Search search.html cross site scripting
E
CVE-2025-3153 Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute
CVE-2025-3154 Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05
CVE-2025-3155 Yelp: arbitrary file read
E M
CVE-2025-3156 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3157 Intelbras WRN 150 Wireless Menu cross site scripting
CVE-2025-3158 Open Asset Import Library Assimp LWO File LWOAnimation.cpp UpdateAnimRangeSetup heap-based overflow
E
CVE-2025-3159 Open Asset Import Library Assimp ASE File ASEParser.cpp ParseLV4MeshBonesVertices heap-based overflow
E S
CVE-2025-3160 Open Asset Import Library Assimp File SceneCombiner.cpp AddNodeHashes out-of-bounds
E S
CVE-2025-3161 Tenda AC10 ShutdownSetAdd stack-based overflow
E
CVE-2025-3162 InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization
E
CVE-2025-3163 InternLM LMDeploy conf.py open code injection
E
CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
E
CVE-2025-3165 thu-pacman chitu backend.py torch.load deserialization
CVE-2025-3166 code-projects Product Management System Search Product Menu search_item stack-based overflow
E
CVE-2025-3167 Tenda AC23 API Interface VerAPIMant denial of service
E
CVE-2025-3168 PHPGurukul Time Table Generator System edit-class.php sql injection
E
CVE-2025-3169 Projeqtor saveAttachment.php unrestricted upload
E
CVE-2025-3170 Project Worlds Online Lawyer Management System admin_user.php sql injection
E
CVE-2025-3171 Project Worlds Online Lawyer Management System approve_lawyer.php sql injection
E
CVE-2025-3172 Project Worlds Online Lawyer Management System lawyer_booking.php sql injection
E
CVE-2025-3173 Project Worlds Online Lawyer Management System save_booking.php sql injection
E
CVE-2025-3174 Project Worlds Online Lawyer Management System searchLawyer.php sql injection
E
CVE-2025-3175 Project Worlds Online Lawyer Management System save_user_edit_profile.php sql injection
E
CVE-2025-3176 Project Worlds Online Lawyer Management System single_lawyer.php sql injection
E
CVE-2025-3177 FastCMS JWT hard-coded key
E
CVE-2025-3178 projectworlds Online Doctor Appointment Booking System deleteappointment.php sql injection
E
CVE-2025-3179 projectworlds Online Doctor Appointment Booking System deletepatient.php sql injection
E
CVE-2025-3180 projectworlds Online Doctor Appointment Booking System deleteschedule.php sql injection
E
CVE-2025-3181 projectworlds Online Doctor Appointment Booking System appointment.php sql injection
E
CVE-2025-3182 projectworlds Online Doctor Appointment Booking System getschedule.php sql injection
E
CVE-2025-3183 projectworlds Online Doctor Appointment Booking System patientupdateprofile.php sql injection
E
CVE-2025-3184 projectworlds Online Doctor Appointment Booking System profile.php sql injection
E
CVE-2025-3185 projectworlds Online Doctor Appointment Booking System patientupdateprofile.php sql injection
E
CVE-2025-3186 projectworlds Online Doctor Appointment Booking System invoice.php sql injection
E
CVE-2025-3187 PHPGurukul e-Diary Management System login.php sql injection
E
CVE-2025-3188 PHPGurukul e-Diary Management System add-notes.php sql injection
E
CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP
S
CVE-2025-3190 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-3191 All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the...
E
CVE-2025-3192 Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery ...
E
CVE-2025-3194 Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE...
E
CVE-2025-3195 itsourcecode Online Blood Bank Management System bbms.php sql injection
E
CVE-2025-3196 Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow
E S
CVE-2025-3197 Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand...
E
CVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leak
E S
CVE-2025-3199 ageerle ruoyi-ai API Interface SysModelController.java improper authorization
E S
CVE-2025-3200 Com-Server Exposed via Weak TLS
CVE-2025-3201 Kali Forms < 2.4.3 - Contributor+ Stored XSS
E
CVE-2025-3202 ageerle ruoyi-ai SysNoticeController.java improper authorization
E S
CVE-2025-3203 Tenda W18E setModules formSetAccountList stack-based overflow
E
CVE-2025-3204 CodeAstro Car Rental System returncar.php sql injection
E
CVE-2025-3205 CodeAstro Student Grading System studentsubject.php sql injection
E
CVE-2025-3206 code-projects Hospital Management System doctor-specilization.php sql injection
E
CVE-2025-3207 code-projects Patient Record Management System birthing_form.php sql injection
E
CVE-2025-3208 code-projects Patient Record Management System xray_print.php sql injection
E
CVE-2025-3209 code-projects Patient Record Management System add_patient.php sql injection
E
CVE-2025-3210 code-projects Patient Record Management System birthing_pending.php sql injection
E
CVE-2025-3211 code-projects Patient Record Management System birthing_print.php sql injection
E
CVE-2025-3213 PHPGurukul e-Diary Management System view-note.php sql injection
E
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal
E
CVE-2025-3215 PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection
E
CVE-2025-3216 PHPGurukul e-Diary Management System password-recovery.php sql injection
E
CVE-2025-3217 PHPGurukul e-Diary Management System registration.php sql injection
E
CVE-2025-3218 IBM i improper certificate validation
S
CVE-2025-3219 CodeCanyon Perfex CRM Project Discussions Module 2 cross site scripting
E
CVE-2025-3220 PHPGurukul e-Diary Management System dashboard.php sql injection
E
CVE-2025-3221 IBM InfoSphere Information Server denial of service
S
CVE-2025-3223 WorkstationST EGD Configuration Server Path Traversal Vulnerability
CVE-2025-3224 Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index
E S
CVE-2025-3227 Unauthorized channel member management through playbook runs
S
CVE-2025-3228 Unauthorized Guest user access to Playbook
S
CVE-2025-3229 PHPGurukul Restaurant Table Booking System edit-subadmin.php sql injection
E
CVE-2025-3230 Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server
S
CVE-2025-3231 PHPGurukul Zoo Management System aboutus.php sql injection
E
CVE-2025-3234 File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload
CVE-2025-3235 PHPGurukul Old Age Home Management System profile.php sql injection
E
CVE-2025-3236 Tenda FH1202 Web Management Interface VirSerDMZ access control
E
CVE-2025-3237 Tenda FH1202 wrlwpsset access control
E
CVE-2025-3238 PHPGurukul Online Fire Reporting System search-request.php sql injection
E
CVE-2025-3239 PHPGurukul Online Fire Reporting System edit-guard-detail.php sql injection
E
CVE-2025-3240 PHPGurukul Online Fire Reporting System search.php sql injection
E
CVE-2025-3241 zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference
E
CVE-2025-3242 PHPGurukul e-Diary Management System search-result.php sql injection
E
CVE-2025-3243 code-projects Patient Record Management System dental_form.php sql injection
E
CVE-2025-3244 SourceCodester Web-based Pharmacy Product Management System Create User Page add-admin.php unrestricted upload
E
CVE-2025-3245 itsourcecode Library Management System Forgot.java search sql injection
E
CVE-2025-3246 Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers
CVE-2025-3247 Contact Form 7 <= 6.0.5 - Order Replay Vulnerability
S
CVE-2025-3248 Langflow Unauth RCE
KEV E S
CVE-2025-3249 TOTOLINK A6000R mtkwifi.lua apcli_cancel_wps command injection
E
CVE-2025-3250 elunez eladmin Maintenance Management Module testConnect deserialization
E
CVE-2025-3251 xujiangfei admintwo updateSet cross site scripting
E
CVE-2025-3252 xujiangfei admintwo add cross site scripting
E
CVE-2025-3253 xujiangfei admintwo insertTree cross site scripting
E
CVE-2025-3254 xujiangfei admintwo add server-side request forgery
E
CVE-2025-3255 xujiangfei admintwo home access control
E
CVE-2025-3256 xujiangfei admintwo updateSet access control
E
CVE-2025-3257 xujiangfei admintwo updateSet cross-site request forgery
E
CVE-2025-3258 PHPGurukul Old Age Home Management System search.php sql injection
E
CVE-2025-3259 Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow
E
CVE-2025-3260 A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users t...
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E S
CVE-2025-3263 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E S
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E S
CVE-2025-3265 PHPGurukul e-Diary Management System add-category.php sql injection
E
CVE-2025-3266 qinguoyi TinyWebServer http_conn.cpp stack-based overflow
E
CVE-2025-3267 qinguoyi TinyWebServer http_conn.cpp sql injection
E
CVE-2025-3268 qinguoyi TinyWebServer http_conn.cpp improper authentication
E
CVE-2025-3269 Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed....
R
CVE-2025-3272 Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager.
S
CVE-2025-3275 Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3276 SKT Blocks – Gutenberg based Page Builder <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-3277 An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated in...
S
CVE-2025-3278 UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation
CVE-2025-3279 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-3280 ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification
S
CVE-2025-3283 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion
CVE-2025-3285 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3286 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3287 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3288 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3289 Local Code Execution Vulnerability in Arena®
S
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update
S
CVE-2025-3294 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update
S
CVE-2025-3295 WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
S
CVE-2025-3296 SourceCodester Online Eyewear Shop Users.php sql injection
E
CVE-2025-3297 SourceCodester Online Eyewear Shop Master.php cross site scripting
E
CVE-2025-3298 SourceCodester Online Eyewear Shop Registration Master.php access control
E
CVE-2025-3299 PHPGurukul Men Salon Management System appointment.php sql injection
E
CVE-2025-3300 WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write
CVE-2025-3301 DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices
CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER'
CVE-2025-3303 code-projects Patient Record Management System birthing_record.php sql injection
E
CVE-2025-3304 code-projects Patient Record Management System dental_not.php sql injection
E
CVE-2025-3305 1902756969/code-projects IKUN_Library Borrow MvcConfig.java addInterceptors access control
E
CVE-2025-3306 code-projects Blood Bank Management System don.php sql injection
E
CVE-2025-3307 code-projects Blood Bank Management System reset.php sql injection
E
CVE-2025-3308 code-projects Blood Bank Management System viewrequest.php sql injection
E
CVE-2025-3309 code-projects Blood Bank Management System campsdetails.php sql injection
E
CVE-2025-3310 code-projects Blood Bank Management System delete.php sql injection
E
CVE-2025-3311 PHPGurukul Men Salon Management System about-us.php sql injection
E
CVE-2025-3312 PHPGurukul Men Salon Management System add-customer-services.php sql injection
E
CVE-2025-3313 PHPGurukul Men Salon Management System add-customer.php sql injection
E
CVE-2025-3314 SourceCodester Apartment Visitor Management System forgotpw.php sql injection
E
CVE-2025-3315 SourceCodester Apartment Visitor Management System view-report.php sql injection
E
CVE-2025-3316 PHPGurukul Men Salon Management System search-invoices.php sql injection
E
CVE-2025-3317 fumiao opencms dataPage.jsp path traversal
E
CVE-2025-3318 Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 ShangpinleixingController.java page sql injection
E
CVE-2025-3319 IBM Spectrum Protect Server authentication bypass
S
CVE-2025-3320 IBM Tivoli Monitoring code execution
S
CVE-2025-3321 Use of Hard-coded Credentials in OnlineSuite
S
CVE-2025-3322 Improper Neutralization of Special Elements in OnlineSuite
S
CVE-2025-3323 godcheese/code-projects Nimrod ViewMenuCategoryRestController.java searchAllByName sql injection
E
CVE-2025-3324 godcheese/code-projects Nimrod FileRestController.java unrestricted upload
E
CVE-2025-3325 iteaj iboot 物联网网关 Admin Password pwd access control
E
CVE-2025-3326 iteaj iboot 物联网网关 File Upload upload cross site scripting
E
CVE-2025-3327 iteaj iboot 物联网网关 File Upload batch cross site scripting
E
CVE-2025-3328 Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow
E
CVE-2025-3329 Consumer Comanda Mobile Restaurant Order cleartext transmission
E
CVE-2025-3330 codeprojects Online Restaurant Management System reservation_save.php sql injection
E
CVE-2025-3331 codeprojects Online Restaurant Management System payment_save.php sql injection
E
CVE-2025-3332 codeprojects Online Restaurant Management System menu_save.php sql injection
E
CVE-2025-3333 codeprojects Online Restaurant Management System menu_update.php sql injection
E
CVE-2025-3334 codeprojects Online Restaurant Management System category_save.php sql injection
E
CVE-2025-3335 codeprojects Online Restaurant Management System category_update.php sql injection
E
CVE-2025-3336 codeprojects Online Restaurant Management System member_save.php sql injection
E
CVE-2025-3337 codeprojects Online Restaurant Management System member_update.php sql injection
E
CVE-2025-3338 codeprojects Online Restaurant Management System user_save.php sql injection
E
CVE-2025-3339 codeprojects Online Restaurant Management System user_update.php sql injection
E
CVE-2025-3340 codeprojects Online Restaurant Management System combo_update.php sql injection
E
CVE-2025-3341 codeprojects Online Restaurant Management System reservation_view.php sql injection
E
CVE-2025-3342 codeprojects Online Restaurant Management System payment_save.php sql injection
E
CVE-2025-3343 codeprojects Online Restaurant Management System reservation_update.php sql injection
E
CVE-2025-3344 codeprojects Online Restaurant Management System assign_save.php sql injection
E
CVE-2025-3345 codeprojects Online Restaurant Management System combo.php sql injection
E
CVE-2025-3346 Tenda AC7 SetPptpServerCfg formSetPPTPServer buffer overflow
E
CVE-2025-3347 code-projects Patient Record Management System dental_pending.php sql injection
E
CVE-2025-3348 code-projects Patient Record Management System edit_dpatient.php sql injection
E
CVE-2025-3349 PCMan FTP Server SYST Command buffer overflow
E
CVE-2025-3350 PHPGurukul Old Age Home Management System view-enquiry.php sql injection
E
CVE-2025-3351 PHPGurukul Old Age Home Management System login.php sql injection
E
CVE-2025-3352 PHPGurukul Old Age Home Management System edit-scdetails.php sql injection
E
CVE-2025-3353 PHPGurukul Men Salon Management System add-services.php sql injection
E
CVE-2025-3354 IBM Tivoli Monitoring code execution
S
CVE-2025-3357 IBM Tivoli Monitoring code execution
S
CVE-2025-3358 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3359 Gnuplot: segmentation fault via io_str_init_static_internal function
M
CVE-2025-3360 Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
M
CVE-2025-3361 HGiga iSherlock - OS Command Injection
S
CVE-2025-3362 HGiga iSherlock - OS Command Injection
S
CVE-2025-3363 HGiga iSherlock - OS Command Injection
S
CVE-2025-3364 HGiga PowerStation - Chroot Escape
S
CVE-2025-3365 Relative Path Traversal in OnlineSuite
S
CVE-2025-3369 xxyopen Novel-Plus list sql injection
E
CVE-2025-3370 PHPGurukul Men Salon Management System admin-profile.php sql injection
E
CVE-2025-3371 PCMan FTP Server DELETE Command buffer overflow
E
CVE-2025-3372 PCMan FTP Server MKDIR Command buffer overflow
E
CVE-2025-3373 PCMan FTP Server SITE CHMOD Command buffer overflow
E
CVE-2025-3374 PCMan FTP Server CCC Command buffer overflow
E
CVE-2025-3375 PCMan FTP Server CDUP Command buffer overflow
E
CVE-2025-3376 PCMan FTP Server CONF Command buffer overflow
E
CVE-2025-3377 PCMan FTP Server ENC Command buffer overflow
E
CVE-2025-3378 PCMan FTP Server EPRT Command buffer overflow
E
CVE-2025-3379 PCMan FTP Server EPSV Command buffer overflow
E
CVE-2025-3380 PCMan FTP Server FEAT Command buffer overflow
E
CVE-2025-3381 zhangyanbo2007 youkefu File Upload WebIMController.java path traversal
E
CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection
E
CVE-2025-3383 SourceCodester Web-based Pharmacy Product Management System search_sales.php sql injection
E
CVE-2025-3384 1000 Projects Human Resource Management System employee.php sql injection
E
CVE-2025-3385 LinZhaoguan pb-cms Classification Management Page cross site scripting
E
CVE-2025-3386 LinZhaoguan pb-cms Friendship Link admin#links cross site scripting
E
CVE-2025-3387 renrenio renren-security JSON cross site scripting
E
CVE-2025-3388 hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting
E
CVE-2025-3389 hailey888 oa_system Backend InformManageController.java testMess cross site scripting
E
CVE-2025-3390 hailey888 oa_system Backend DaymanageController.java addandchangeday cross site scripting
E
CVE-2025-3391 hailey888 oa_system Backend AddrController. java outAddress cross site scripting
E
CVE-2025-3392 hailey888 oa_system Backend MailController.java save cross site scripting
E
CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting
E
CVE-2025-3394 Vulnerability in user management of Automation Builder
M
CVE-2025-3395 Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vu...
M
CVE-2025-3396 Incorrect Authorization in GitLab
E S
CVE-2025-3397 YzmCMS message.tpl cross site scripting
E
CVE-2025-3398 lenve VBlog WebSecurityConfig.java configure access control
E
CVE-2025-3399 ESAFENET CDG updateNotice.jsp sql injection
E
CVE-2025-3400 ESAFENET CDG UnChkMailApplication.jsp sql injection
E
CVE-2025-3401 ESAFENET CDG getLimitIPList.jsp sql injection
E
CVE-2025-3402 Seeyon Zhiyuan Interconnect FE Collaborative Office Platform check.js%70 sql injection
E
CVE-2025-3403 Vivotek NVR ND8422P/NVR ND9525P/NVR ND9541P HTML Form sensitive information in source
E
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
CVE-2025-3405 FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection
E
CVE-2025-3406 Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds
CVE-2025-3407 Nothings stb stbhw_build_tileset_from_image out-of-bounds
CVE-2025-3408 Nothings stb stb_dupreplace integer overflow
E
CVE-2025-3409 Nothings stb stb_include_string stack-based overflow
CVE-2025-3410 mymagicpower AIAS LocalStorageController.java unrestricted upload
E
CVE-2025-3411 mymagicpower AIAS AsrController.java server-side request forgery
E
CVE-2025-3412 mymagicpower AIAS InferController.java server-side request forgery
E
CVE-2025-3413 opplus springboot-admin SysGeneratorController.java code deserialization
E
CVE-2025-3414 Structured Content < 1.7.0 - Contributor Stored XSS
E
CVE-2025-3415 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing i...
CVE-2025-3416 Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
M
CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read
S
CVE-2025-3421 Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting
S
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
S
CVE-2025-3423 IBM Aspera Faspex 5 cross-site scripting
CVE-2025-3424 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel
CVE-2025-3425 Unauthenticated Remote Code Execution via .NET Deserialization
CVE-2025-3426 Use of default hardcoded credentials
CVE-2025-3427 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'
S
CVE-2025-3428 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text'
S
CVE-2025-3429 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'
S
CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'
S
CVE-2025-3431 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download
CVE-2025-3432 AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2025-3433 Advanced Advertising System <= 1.3.1 - Open Redirect
CVE-2025-3434 SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVE-2025-3435 MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer
CVE-2025-3436 coreActivity: Activity Logging for WordPress <= 2.7 - Authenticated (Subscriber+) SQL Injection
CVE-2025-3437 Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up
S
CVE-2025-3438 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.4 - Unauthenticated Limited Privilege Escalation
S
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection
S
CVE-2025-3440 IBM Security Guardium cross-site scripting
S
CVE-2025-3441 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3442 Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
S
CVE-2025-3444 Local File Inclusion
CVE-2025-3445 A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerab...
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams
S
CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
S
CVE-2025-3453 Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure
CVE-2025-3454 This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by a...
CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-3456 On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c
S
CVE-2025-3457 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id'
S
CVE-2025-3459 ON Semiconductor Quantenna transmit_file Argument Injection
CVE-2025-3460 ON Semiconductor Quantenna set_tx_pow Argument Injection
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication
CVE-2025-3462 "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endp...
CVE-2025-3463 "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endp...
CVE-2025-3464 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-che...
CVE-2025-3466 Unsanitized Input in langgenius/dify
E S
CVE-2025-3467 XSS Vulnerability in langgenius/dify
E S
CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting
CVE-2025-3469 i18n XSS vulnerability in HTMLMultiSelectField when sections are used
CVE-2025-3470 TS Poll – Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter
CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update
E
CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution
S
CVE-2025-3473 IBM Security Guardium privilege escalation
S
CVE-2025-3474 Panels - Critical - Access bypass - SA-CONTRIB-2025-033
CVE-2025-3475 WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030
CVE-2025-3476 Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability coul...
S
CVE-2025-3478 OpenText Enterprise Security Manager Stored XSS
CVE-2025-3479 Forminator <= 1.42.0 - Order Replay Vulnerability
S
CVE-2025-3480 MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability
CVE-2025-3481 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3482 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3483 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3484 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3485 Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability
CVE-2025-3486 Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability
CVE-2025-3487 Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'
S
CVE-2025-3488 WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode
CVE-2025-3489 Nababur Simple-User-Management-System register.php cross site scripting
E
CVE-2025-3491 Add custom page template <= 2.0.1 - Authenticated (Administrator+) PHP Code Injection to Remote Code Execution
CVE-2025-3493 Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue....
R
CVE-2025-3494 Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue....
R
CVE-2025-3495 COMMGR - Insufficient Randomization Authentication Bypass
S
CVE-2025-3496 AUMA Riester: Buffer overflow in service telegram
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
CVE-2025-3501 Org.keycloak.protocol.services: keycloak hostname verification
M
CVE-2025-3502 WP Maps < 4.7.2 - Admin+ Stored XSS
E
CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS
E
CVE-2025-3504 WP Maps < 4.7.2 - Admin+ Stored XSS
E
CVE-2025-3506 Potentially senitive path exposed via unauthenticated http route
CVE-2025-3508 Certain HP DesignJet products – Information disclosure
CVE-2025-3509 Pre-Receive Hook Remote Code Execution vulnerability was identified in GitHub Enterprise Server that allowing Privilege Escalation
CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
CVE-2025-3511 Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation ...
CVE-2025-3512 Buffer overflow in QTextMarkdownImporter
CVE-2025-3513 SureForms < 1.4.4 - Admin+ Stored XSS
E
CVE-2025-3514 SureForms < 1.4.4 - Admin+ Stored XSS
E
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks
S
CVE-2025-3516 Simple Lightbox < 2.9.4 - Contributor+ Stored XSS
E
CVE-2025-3517 Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and ear...
CVE-2025-3518 File upload functionality possible even when disabled
CVE-2025-3519 Replace uploaded files knowing the file upload ID
CVE-2025-3520 Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-3521 Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3522 Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can b...
CVE-2025-3523 When an email contains multiple attachments with external links via the X-Mozilla-External-Attachmen...
CVE-2025-3524 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3526 SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3...
CVE-2025-3527 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-3528 Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
M
CVE-2025-3529 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter
CVE-2025-3530 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation
CVE-2025-3531 YouDianCMS index.html cross site scripting
E
CVE-2025-3532 YouDianCMS index.html.Attackers cross site scripting
E
CVE-2025-3533 YouDianCMS index.html.Attackers cross site scripting
E
CVE-2025-3534 PowerCreator CMS OpenPublicCourse.aspx sql injection
E
CVE-2025-3535 shuanx BurpAPIFinder BurpApiFinder.db denial of service
E
CVE-2025-3536 Tutorials-Website Employee Management System delete-user.php improper authorization
E
CVE-2025-3537 Tutorials-Website Employee Management System update-user.php improper authorization
E
CVE-2025-3538 D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow
E
CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection
E S
CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection
E S
CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection
E S
CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection
E S
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection
E S
CVE-2025-3547 frdel Agent-Zero get_work_dir_files path traversal
CVE-2025-3548 Open Asset Import Library Assimp File types.h Set heap-based overflow
E S
CVE-2025-3549 Open Asset Import Library Assimp File MD3Loader.cpp ValidateSurfaceHeaderOffsets heap-based overflow
E
CVE-2025-3550 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System detail improper authorization
E
CVE-2025-3551 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-3552 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi...
R
CVE-2025-3553 phpshe admin.php pe_delete sql injection
E
CVE-2025-3554 phpshe api.php cross site scripting
E
CVE-2025-3555 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
E
CVE-2025-3556 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
E
CVE-2025-3557 ScriptAndTools eCommerce-website-in-PHP cross-site request forgery
E
CVE-2025-3558 ghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted upload
E
CVE-2025-3559 ghostxbh uzy-ssm-mall 20 ForeProductListController sql injection
E
CVE-2025-3560 ghostxbh uzy-ssm-mall product cross site scripting
E
CVE-2025-3561 ghostxbh uzy-ssm-mall cross-site request forgery
E
CVE-2025-3562 Yonyou YonBIP userfile FileInputStream path traversal
E
CVE-2025-3563 WuzhiCMS Setting index.php set code injection
E
CVE-2025-3564 huanfenz/code-projects StudentManager Teacher String improper authorization
E
CVE-2025-3565 huanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestricted upload
E
CVE-2025-3566 veal98 小牛肉 Echo 开源社区系统 uploadMdPic unrestricted upload
E
CVE-2025-3567 veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization
E
CVE-2025-3568 Webkul Krayin CRM SVG File edit cross site scripting
E
CVE-2025-3569 JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization
E
CVE-2025-3570 JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
E
CVE-2025-3571 Fannuo Enterprise Content Management System 凡诺企业网站管理系统 cms_chip.php sql injection
E
CVE-2025-3572 INTUMIT SmartRobot - Server-Side Request Forgery
S
CVE-2025-3573 Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS)...
CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA
S
CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA
S
CVE-2025-3576 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
M
CVE-2025-3577 **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the ...
E
CVE-2025-3578 Adversarial Input Handling Vulnerability in AiDex
S
CVE-2025-3579 Code Injection Vulnerability in AiDex
S
CVE-2025-3580 An access control vulnerability was discovered in Grafana OSS where an Organization administrator co...
CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget
E
CVE-2025-3582 Newsletter < 8.8.5 - Admin+ Stored XSS via Form
E
CVE-2025-3583 Newsletter < 8.7.1 - Admin+ Stored XSS
E
CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription
E
CVE-2025-3585 westboy CicadasCMS JSP Parser upload unrestricted upload
E
CVE-2025-3587 ZeroWdd/code-projects studentmanager getTeacherList improper authorization
E
CVE-2025-3588 joelittlejohn jsonschema2pojo JSON File SchemaRule.java apply stack-based overflow
E
CVE-2025-3589 SourceCodester Music Class Enrollment System manage_class.php sql injection
E
CVE-2025-3590 Adianti Framework deserialization
E
CVE-2025-3591 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
E
CVE-2025-3592 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
E
CVE-2025-3593 ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload
E
CVE-2025-3594 Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0....
CVE-2025-3597 Firelight Lightbox < 2.3.15 - Contributor+ Stored XSS
E
CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter
CVE-2025-3599 Symantec Endpoint Protection Elevation of Privilege
CVE-2025-3600 Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX
M
CVE-2025-3601 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-3602 Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through u...
CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
CVE-2025-3604 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
CVE-2025-3605 Frontend Login and Registration Blocks <= 1.0.7 - Unauthenticated Privilege Escalation via Account Takeover
CVE-2025-3606 Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere
S
CVE-2025-3607 Frontend Login and Registration Blocks <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset
CVE-2025-3608 A race condition existed in nsHttpTransaction that could have been exploited to cause memory corrupt...
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration
CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update
CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions
S
CVE-2025-3612 Demtec Graphytics HTTP GET Parameter visualization cross site scripting
E
CVE-2025-3613 Demtec Graphytics visualization cross site scripting
E
CVE-2025-3614 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget
CVE-2025-3615 Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3616 Greenshift 11.4 - 11.4.5 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2025-3617 Local Privilege Escalation in ThinManager®
S
CVE-2025-3618 Local Privilege Escalation Vulnerability
S
CVE-2025-3619 Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote a...
CVE-2025-3620 Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potential...
CVE-2025-3621 Remote Code Execution in ProTNS ActADUR
CVE-2025-3622 Xorbits Inference model.py load deserialization
E M
CVE-2025-3623 Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function
S
CVE-2025-3624 Missing Authorization Vulnerability in Hitachi Ops Center Analyzer
CVE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action
CVE-2025-3626 OS Command Injection via Config Upload in WebUI
CVE-2025-3627 Moodle: partial data exposure in moodle before completing multi-factor authentication
CVE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities
CVE-2025-3629 IBM InfoSphere Information Server file manipulation
S
CVE-2025-3630 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
S
CVE-2025-3631 IBM MQ denial of service
S
CVE-2025-3632 IBM 4769 Developers Toolkit denial of service
S
CVE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa
CVE-2025-3635 Moodle: csrf risk in moodle user tours manager allows tour duplication
CVE-2025-3636 Moodle: idor in moodle rss block allows unauthorized access to rss feeds
CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module
CVE-2025-3638 Moodle: csrf risk in brickfield tool's analysis request action
CVE-2025-3639 Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through...
CVE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users
CVE-2025-3641 Moodle: authenticated remote code execution risk in the moodle lms dropbox repository
CVE-2025-3642 Moodle: authenticated remote code execution risk in the moodle lms equella repository
CVE-2025-3643 Moodle: reflected xss risk in policy tool
CVE-2025-3644 Moodle: ajax section delete does not respect course_can_delete_section()
CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details
CVE-2025-3647 Moodle: idor when accessing the cohorts report
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs
CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
E
CVE-2025-3651 Command Injection in iManage Work Desktop for Mac's Agent Service
CVE-2025-3659 Improper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAP
S
CVE-2025-3661 SB Chart block <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
E
CVE-2025-3663 TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control
E
CVE-2025-3664 TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control
E
CVE-2025-3665 TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control
E
CVE-2025-3666 TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control
E
CVE-2025-3667 TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control
E
CVE-2025-3668 TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control
E
CVE-2025-3669 Supreme Addons for Beaver Builder <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_qrcodesabb Shortcode
CVE-2025-3670 KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2025-3671 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update
CVE-2025-3673 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3092.. Reason:...
R
CVE-2025-3674 TOTOLINK A3700R cstecgi.cgi setUrlFilterRules access control
E
CVE-2025-3675 TOTOLINK A3700R cstecgi.cgi setL2tpServerCfg access control
E
CVE-2025-3676 xxyopen Novel-Plus books sql injection
E
CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization
CVE-2025-3678 PCMan FTP Server HELP Command buffer overflow
E
CVE-2025-3679 PCMan FTP Server HOST Command buffer overflow
E
CVE-2025-3680 PCMan FTP Server LANG Command buffer overflow
E
CVE-2025-3681 PCMan FTP Server MODE Command buffer overflow
E
CVE-2025-3682 PCMan FTP Server PASV Command buffer overflow
E
CVE-2025-3683 PCMan FTP Server SIZE Command buffer overflow
E
CVE-2025-3684 Xianqi Kindergarten Management System Child Management stu_list.php sql injection
E S
CVE-2025-3685 code-projects Patient Record Management System edit_fpatient.php sql injection
E
CVE-2025-3686 misstt123 oasys show image path traversal
E
CVE-2025-3687 misstt123 oasys Sticky Notes cross-site request forgery
E
CVE-2025-3688 mirweiye Seven Bears Library CMS Background Management Page cross site scripting
E
CVE-2025-3689 PHPGurukul Men Salon Management System edit-customer-detailed.php sql injection
E
CVE-2025-3690 PHPGurukul Men Salon Management System edit-services.php sql injection
E
CVE-2025-3691 mirweiye Seven Bears Library CMS Add Link server-side request forgery
E
CVE-2025-3692 SourceCodester Online Eyewear Shop Master.php cross site scripting
E
CVE-2025-3693 Tenda W12 httpd cgiWifiRadioSet stack-based overflow
E
CVE-2025-3694 SourceCodester Web-based Pharmacy Product Management System Login sql injection
E
CVE-2025-3696 SourceCodester Web-based Pharmacy Product Management System search_stock. php sql injection
E
CVE-2025-3697 SourceCodester Web-based Pharmacy Product Management System edit-product.php sql injection
E
CVE-2025-3698 Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to inf...
CVE-2025-3699 Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 V...
CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability
S
CVE-2025-3703 WordPress CSS & JavaScript Toolbox < 12.0.3 - Local File Inclusion Vulnerability
S
CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-3705 OS Command Injection via USB Config Load
CVE-2025-3706 104 Corporation eHRMS - Reflected Cross-Site Scripting
S
CVE-2025-3707 Sunnet eHRD CTMS - SQL Injection
S
CVE-2025-3708 Le-show Medical Practice Management System - SQL Injection
S
CVE-2025-3709 Flowring Technology Agentflow - Account Lockout Bypass
S
CVE-2025-3710 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
S
CVE-2025-3711 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
S
CVE-2025-3712 ATEN LCD KVM over IP Switch CL5708IM - Heap-based Buffer Overflow
S
CVE-2025-3713 ATEN LCD KVM over IP Switch CL5708IM - Heap-based Buffer Overflow
S
CVE-2025-3714 ATEN LCD KVM over IP Switch CL5708IM - Stack-based Buffer Overflow
S
CVE-2025-3715 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter
CVE-2025-3722 A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an auth...
CVE-2025-3723 PCMan FTP Server MDTM Command buffer overflow
E
CVE-2025-3724 PCMan FTP Server DIR Command buffer overflow
E
CVE-2025-3725 PCMan FTP Server MIC Command buffer overflow
E
CVE-2025-3726 PCMan FTP Server CD Command buffer overflow
E
CVE-2025-3727 PCMan FTP Server STATUS Command buffer overflow
E
CVE-2025-3728 SourceCodester Simple Hotel Booking System login buffer overflow
E
CVE-2025-3729 SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection
E
CVE-2025-3730 PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service
E S
CVE-2025-3733 baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034
CVE-2025-3734 Stage File Proxy - Moderately critical - Denial of Service - SA-CONTRIB-2025-035
CVE-2025-3735 Panelizer (obsolete) - Critical - Unsupported - SA-CONTRIB-2025-036
CVE-2025-3736 Simple GTM - Critical - Unsupported - SA-CONTRIB-2025-037
CVE-2025-3737 Google Maps: Store Locator - Critical - Unsupported - SA-CONTRIB-2025-038
CVE-2025-3738 Google Optimize - Critical - Unsupported - SA-CONTRIB-2025-039
CVE-2025-3739 Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040
CVE-2025-3740 School Management System for Wordpress <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update
CVE-2025-3742 Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS
E
CVE-2025-3743 Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation
CVE-2025-3744 Nomad Vulnerable To Violation Of Mandatory Sentinel Policies in Nomad Job Submissions via Policy Override
CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS
E
CVE-2025-3746 OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation
CVE-2025-3748 Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode
S
CVE-2025-3749 Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter
CVE-2025-3750 Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter
CVE-2025-3751 TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability
CVE-2025-3752 Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter
CVE-2025-3753 Unsafe use of eval() method in rosbag tool
S
CVE-2025-3755 Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
CVE-2025-3757 Authentication Bypass in OpenPubKey
CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220
CVE-2025-3759 Missing Authentication for Changing Device Configuration in WF2220
CVE-2025-3760 A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Lif...
CVE-2025-3761 My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3762 PCMan FTP Server MPUT Command buffer overflow
E
CVE-2025-3763 SourceCodester Phone Management System Password main buffer overflow
E
CVE-2025-3764 SourceCodester Web-based Pharmacy Product Management System edit-product.php unrestricted upload
E
CVE-2025-3765 SourceCodester Web-based Pharmacy Product Management System edit-photo.php unrestricted upload
E
CVE-2025-3766 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting
CVE-2025-3767 SQL Injection in Centreon BAM boolean KPI listing
CVE-2025-3768 Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlie...
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference
CVE-2025-3770 SMM IDT Privilege Escalation Vulnerability
CVE-2025-3771 A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authent...
CVE-2025-3773 A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior...
CVE-2025-3774 Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header
CVE-2025-3775 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter
CVE-2025-3776 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution
CVE-2025-3777 Improper Input Validation in huggingface/transformers
E S
CVE-2025-3779 Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter
CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification
CVE-2025-3781 Raisely Donation Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode
CVE-2025-3782 Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-3783 SourceCodester Web-based Pharmacy Product Management System add-product.php unrestricted upload
E
CVE-2025-3785 D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow
E
CVE-2025-3786 Tenda AC15 WifiExtraSet fromSetWirelessRepeat buffer overflow
E
CVE-2025-3787 PbootCMS Image server-side request forgery
E
CVE-2025-3788 baseweb JSite save cross site scripting
E
CVE-2025-3789 baseweb JSite save cross site scripting
E
CVE-2025-3790 baseweb JSite Apache Druid Monitoring Console index.html access control
E
CVE-2025-3791 symisc UnQLite unqlite.c jx9MemObjStore heap-based overflow
E
CVE-2025-3792 SeaCMS admin_link.php sql injection
E
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
CVE-2025-3795 DaiCuo SEO Optimization Settings Section cross site scripting
E
CVE-2025-3796 PHPGurukul Men Salon Management System contact-us.php sql injection
E
CVE-2025-3797 SeaCMS admin_topic.php sql injection
E
CVE-2025-3798 WCMS Advertisement Image AdvadminController.php sub unrestricted upload
E
CVE-2025-3799 WCMS AnonymousController.php sql injection
E
CVE-2025-3800 WCMS AnonymousController.php sql injection
E
CVE-2025-3801 songquanpeng one-api System Setting cross site scripting
E
CVE-2025-3802 Tenda W12/i24 httpd cgiPingSet stack-based overflow
E
CVE-2025-3803 Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow
E
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
E
CVE-2025-3805 sarrionandia tournatrack Jinja2 Template check_id.py injection
E
CVE-2025-3806 dazhouda lecms Edit Profile admin cross site scripting
E
CVE-2025-3807 zhenfeng13 My-BBS Endpoint UploadController.java upload unrestricted upload
E
CVE-2025-3808 zhenfeng13 My-BBS cross-site request forgery
E
CVE-2025-3809 Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover
S
CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update
S
CVE-2025-3812 WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-3814 Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter
CVE-2025-3815 SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-3816 westboy CicadasCMS Scheduled Task save os command injection
E
CVE-2025-3817 SourceCodester Online Eyewear Shop Master.php sql injection
E
CVE-2025-3818 webpy web.py db.py PostgresDB._process_insert_query sql injection
E
CVE-2025-3819 PHPGurukul Men Salon Management System search-appointment.php sql injection
E
CVE-2025-3820 Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow
E
CVE-2025-3821 SourceCodester Web-based Pharmacy Product Management System add-admin.php cross site scripting
E
CVE-2025-3822 SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting
E
CVE-2025-3823 SourceCodester Web-based Pharmacy Product Management System add-stock.php cross site scripting
E
CVE-2025-3824 SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting
E
CVE-2025-3825 SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting
E
CVE-2025-3826 SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting
E
CVE-2025-3827 PHPGurukul Men Salon Management System forgot-password.php sql injection
E
CVE-2025-3828 PHPGurukul Men Salon Management System view-appointment.php sql injection
E
CVE-2025-3829 PHPGurukul Men Salon Management System sales-reports-detail.php sql injection
E
CVE-2025-3830 kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload
E
CVE-2025-3831 Exposed SFTP server
CVE-2025-3832 FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter
CVE-2025-3833 SQL Injection
CVE-2025-3834 SQL Injection
CVE-2025-3835 Remote Code Execution
CVE-2025-3836 SQL Injection
CVE-2025-3837 Improper Input Validation vulnerability in the End of Life (EOL) OVA based connect component
S
CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component
S
CVE-2025-3840 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2025-3841 wix-incubator jam Jinja2 Template jam.py special elements used in a template engine
E
CVE-2025-3842 panhainan DS-Java FileUpload.java uploadUserPic.action code injection
E
CVE-2025-3843 panhainan DS-Java cross-site request forgery
E
CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover
CVE-2025-3845 markparticle WebServer buffer.cpp HasWritten buffer overflow
E
CVE-2025-3846 markparticle WebServer Registration httprequest.cpp sql injection
E
CVE-2025-3847 markparticle WebServer Login httprequest.cpp sql injection
E
CVE-2025-3848 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25171. Reason: ...
R
CVE-2025-3849 YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change
E
CVE-2025-3850 YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication
E
CVE-2025-3851 Download Manager and Payment Form WordPress Plugin – WP SmartPay 1.1.0 - 2.7.13 - Authenticated (Subscriber+) Information Exposure
CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
CVE-2025-3854 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow
E S
CVE-2025-3855 CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection
E
CVE-2025-3856 xxyopen Novel-Plus searchByPage sql injection
E
CVE-2025-3857 Infinite loop condition in Amazon.IonDotnet
CVE-2025-3858 Formality <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
S
CVE-2025-3859 Websites directing users to long URLs that caused eliding to occur in the location view could levera...
CVE-2025-3860 CarDealerPress <= 6.7.2504.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
CVE-2025-3862 Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
S
CVE-2025-3863 Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form Function
S
CVE-2025-3864 Connection pool exhaustion in hackney
CVE-2025-3866 Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3868 Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Site Scripting
CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3870 1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-3871 Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier
S
CVE-2025-3872 Privilege escalation by altering payload in contact form
CVE-2025-3873 Buffer overflow in Si91x crypto APIs
CVE-2025-3874 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference
S
CVE-2025-3875 Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an in...
CVE-2025-3876 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function
S
CVE-2025-3877 Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixe...
R
CVE-2025-3878 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode
S
CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
CVE-2025-3880 Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update
S
CVE-2025-3881 eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability
CVE-2025-3882 eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability
CVE-2025-3883 eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability
CVE-2025-3884 Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability
CVE-2025-3885 Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability
CVE-2025-3886 CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition
CVE-2025-3887 GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-3888 Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG
S
CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'
S
CVE-2025-3890 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
CVE-2025-3892 ACAP applications can be executed with elevated privileges, potentially leading to privilege escalat...
CVE-2025-3893 SQL Injection in MegaBIP
CVE-2025-3894 Stored XSS in MegaBIP
CVE-2025-3895 Low token entropy in MegaBIP
CVE-2025-3896 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-3897 EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read
CVE-2025-3898 CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an au...
CVE-2025-3899 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041
CVE-2025-3901 Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042
CVE-2025-3902 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043
CVE-2025-3903 UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044
CVE-2025-3904 Sportsleague - Critical - Unsupported - SA-CONTRIB-2025-045
CVE-2025-3905 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera...
CVE-2025-3906 Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046
CVE-2025-3908 The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local att...
CVE-2025-3909 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute J...
CVE-2025-3910 Org.keycloak.authentication: two factor authentication bypass
M
CVE-2025-3911 Exposure in Docker Desktop logs of environment variables configured for running containers
CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure
CVE-2025-3913 Team Privacy Settings Authorization Bypass in Mattermost Server
S
CVE-2025-3914 Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2025-3915 Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
S
CVE-2025-3916 CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being abl...
CVE-2025-3917 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload
CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE-2025-3920 Hard-coded Password in SUR-FBD CMMS
CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function
CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure
CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration
CVE-2025-3925 BrightSign Players Execution with Unnecessary Privileges
S
CVE-2025-3927 CVE-2025-3927
CVE-2025-3928 Commvault Web Server unspecified vulnerability
KEV
CVE-2025-3929 Stored XSS vulnerability in MDaemon Email Server
CVE-2025-3931 Yggdrasil: local privilege escalation in yggdrasil
M
CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempte...
CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E S
CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection
KEV S
CVE-2025-3936 Incorrect Permission Assignment for Critical Resource
CVE-2025-3937 Use of Password Hash with Insufficient Computational Effort
CVE-2025-3938 Missing Cryptographic Step
CVE-2025-3939 Observable Response Discrepancy
CVE-2025-3940 Improper Use of Validation Framework
CVE-2025-3941 Improper Handling of Windows: DATA Alternate Data Stream
CVE-2025-3942 Improper Output Neutralization for Logs
CVE-2025-3943 Use of GET Request Method With sensitive Query Strings
CVE-2025-3944 Incorrect Permission Assignment for Critical Resource
CVE-2025-3945 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)
CVE-2025-3946 Incorrect response generation during FTEB protocol processing
CVE-2025-3947 Integer underflow during processing of short network packets in CDA FTEB responder
CVE-2025-3949 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi
E
CVE-2025-3952 Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion
S
CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update
CVE-2025-3954 ChurchCRM Referer server-side request forgery
E
CVE-2025-3955 codeprojects Patient Record Management System edit_rpatient.php.php sql injection
E
CVE-2025-3956 201206030 novel-cloud BookInfoMapper.xml RestResp sql injection
E
CVE-2025-3957 opplus springboot-admin SysLogDao.xml sql injection
E
CVE-2025-3958 withstars Books-Management-System Book Edit Page book_edit_do.html cross site scripting
E
CVE-2025-3959 withstars Books-Management-System reader_delete.html cross-site request forgery
E
CVE-2025-3960 withstars Books-Management-System Background Interface allreaders.html authorization
E
CVE-2025-3961 withstars Books-Management-System do cross site scripting
E
CVE-2025-3962 withstars Books-Management-System Comment add cross site scripting
E
CVE-2025-3963 withstars Books-Management-System Background Interface list authorization
E
CVE-2025-3964 withstars Books-Management-System Article del cross-site request forgery
E
CVE-2025-3965 itwanger paicoding post cross site scripting
E
CVE-2025-3966 itwanger paicoding Browsing History home information disclosure
E
CVE-2025-3967 itwanger paicoding Article post improper authorization
E
CVE-2025-3968 codeprojects News Publishing Site Dashboard api.php sql injection
E
CVE-2025-3969 codeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted upload
E
CVE-2025-3970 baseweb JSite save cross site scripting
E
CVE-2025-3971 PHPGurukul COVID19 Testing Management System add-phlebotomist.php sql injection
E
CVE-2025-3972 PHPGurukul COVID19 Testing Management System bwdates-report-result.php sql injection
E
CVE-2025-3973 PHPGurukul COVID19 Testing Management System check_availability.php sql injection
E
CVE-2025-3974 PHPGurukul COVID19 Testing Management System edit-phlebotomist.php sql injection
E
CVE-2025-3975 ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure
E
CVE-2025-3976 PHPGurukul COVID19 Testing Management System new-user-testing.php sql injection
E
CVE-2025-3977 iteachyou Dreamer CMS Attachment download improper authorization
E
CVE-2025-3978 dazhouda lecms user_set.htm information disclosure
E
CVE-2025-3979 dazhouda lecms Password Change index.php cross-site request forgery
E
CVE-2025-3980 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System list improper authorization
E
CVE-2025-3981 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorization
E
CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution
E
CVE-2025-3983 AMTT Hotel Broadband Operation System nlog_down.php command injection
E
CVE-2025-3984 Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection
E
CVE-2025-3985 Apereo CAS ResponseEntity redos
E
CVE-2025-3986 Apereo CAS CasConfigurationMetadataServerController.java redos
E
CVE-2025-3987 TOTOLINK N150RT formWsc command injection
E
CVE-2025-3988 TOTOLINK N150RT formPortFw buffer overflow
E
CVE-2025-3989 TOTOLINK N150RT formStaticDHCP buffer overflow
E
CVE-2025-3990 TOTOLINK N150RT formVlan buffer overflow
E
CVE-2025-3991 TOTOLINK N150RT formWdsEncrypt buffer overflow
E
CVE-2025-3992 TOTOLINK N150RT formWlwds buffer overflow
E
CVE-2025-3993 TOTOLINK N150RT formWsc buffer overflow
E
CVE-2025-3994 TOTOLINK N150RT IP Port Filtering home.htm cross site scripting
E
CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting
E
CVE-2025-3996 TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting
E
CVE-2025-3997 dazhouda lecms Personal Information Page index.php cross-site request forgery
E
CVE-2025-3998 CodeAstro Membership Management System renew.php sql injection
E
CVE-2025-3999 Seeyon Zhiyuan OA Web Application System URL Parameter date.jsp cross site scripting
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.