| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-35003 | Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. | E S | |
| CVE-2025-35004 | Microhard Bullet-LTE and IPn4Gii AT+MFIP Argument Injection | | |
| CVE-2025-35005 | Microhard Bullet-LTE and IPn4Gii AT+MFMAC Argument Injection | | |
| CVE-2025-35006 | Microhard Bullet-LTE and IPn4Gii AT+MFPORTFWD Argument Injection | | |
| CVE-2025-35007 | Microhard Bullet-LTE and IPn4Gii AT+MFRULE Argument Injection | | |
| CVE-2025-35008 | Microhard Bullet-LTE and IPn4Gii AT+MMNAME Argument Injection | | |
| CVE-2025-35009 | Microhard Bullet-LTE and IPn4Gii AT+MNNETSP Argument Injection | | |
| CVE-2025-35010 | Microhard Bullet-LTE and IPn4Gii AT+MNPINGTM Argument Injection | | |
| CVE-2025-35036 | hibernate-validator insecure default Expression Language interpolation | | |
| CVE-2025-35112 | Agiloft XML external entity local path traversal | | |
| CVE-2025-35113 | Agiloft improper neutralization in EUI template engine | | |
| CVE-2025-35114 | Agiloft local privilege escalation via default credentials | | |
| CVE-2025-35115 | Agiloft insecure download of system packages | | |
| CVE-2025-35471 | conda-forge openssl-feedstock writable OPENSSLDIR | | |
| CVE-2025-35939 | Craft CMS stores user-provided content in session files | KEV S | |
| CVE-2025-35940 | Hard-coded ArchiverSpaApi JWT Signing Key | E | |
| CVE-2025-35941 | mySCADA PRO Manager Password Disclosure | | |
| CVE-2025-35965 | DoS in Mattermost Playbooks via Excessive Task Actions | S | |
| CVE-2025-35966 | A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling... | E | |
| CVE-2025-35970 | On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is ... | | |
| CVE-2025-35975 | MicroDicom DICOM Viewer Out-of-bounds Write | S | |
| CVE-2025-35978 | Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 ... | | |
| CVE-2025-35983 | Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow ... | | |
| CVE-2025-35984 | A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image D... | | |
| CVE-2025-35995 | BIG-IP PEM vulnerability | | |
| CVE-2025-35996 | KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | S |