CVE-2025-4xxx

There are 849 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-4000 Seeyon Zhiyuan OA Web Application System ssoproxy.jsp cross site scripting
E
CVE-2025-4001 scipopt scip File Descriptor genRandomLOPInstance.c main file descriptor consumption
S
CVE-2025-4002 RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference
S
CVE-2025-4003 RefindPlusRepo RefindPlus RP_ApfsIo.c InternalApfsTranslateBlock null pointer dereference
S
CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection
E
CVE-2025-4005 PHPGurukul COVID19 Testing Management System patient-report.php sql injection
E
CVE-2025-4006 youyiio BeyongCms Document Management Page Upload.html unrestricted upload
E
CVE-2025-4007 Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow
E
CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge
CVE-2025-4009 Unauthenticated Arbitrary Command Injection in Evertz SDVN
CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222
CVE-2025-4011 Redmine Custom Query cross site scripting
S
CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery
E
CVE-2025-4013 PHPGurukul Art Gallery Management System aboutus.php sql injection
E
CVE-2025-4014 PHPGurukul Art Gallery Management System manage-art-medium.php sql injection
E
CVE-2025-4015 20120630 Novel-Plus SessionController.java list missing authentication
E
CVE-2025-4016 20120630 Novel-Plus LogController.java deleteIndex improper authorization
E
CVE-2025-4017 20120630 Novel-Plus LogController.java list improper authorization
E
CVE-2025-4018 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
E
CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication
E
CVE-2025-4020 PHPGurukul Old Age Home Management System contact.php sql injection
E
CVE-2025-4021 code-projects Patient Record Management System edit_spatient.php sql injection
E
CVE-2025-4022 web-arena-x webarena evaluators.py HTMLContentEvaluator code injection
E
CVE-2025-4023 itsourcecode Placement Management System add_company.php sql injection
E
CVE-2025-4024 itsourcecode Placement Management System add_drive.php sql injection
E
CVE-2025-4025 itsourcecode Placement Management System registration.php sql injection
E
CVE-2025-4026 PHPGurukul Nipah Virus Testing Management System profile.php sql injection
E
CVE-2025-4027 PHPGurukul Old Age Home Management System rules.php sql injection
E
CVE-2025-4028 PHPGurukul COVID19 Testing Management System profile.php sql injection
E
CVE-2025-4029 code-projects Personal Diary Management System New Record addrecord stack-based overflow
E
CVE-2025-4030 PHPGurukul COVID19 Testing Management System search-report-result.php sql injection
E
CVE-2025-4031 PHPGurukul Pre-School Enrollment System aboutus.php sql injection
E
CVE-2025-4032 inclusionAI AWorld shell_tool.py subprocess.Popen os command injection
E
CVE-2025-4033 PHPGurukul Nipah Virus Testing Management System patient-search-report.php sql injection
E
CVE-2025-4034 projectworlds Online Examination System inser_doc_process.php sql injection
E
CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup
CVE-2025-4036 201206030 Novel Chapter AuthorController.java updateBookChapter access control
E
CVE-2025-4037 code-projects ATM Banking moneyWithdraw logic error
E M
CVE-2025-4038 code-projects Train Ticket Reservation System reservation stack-based overflow
E
CVE-2025-4039 PHPGurukul Rail Pass Management System search-pass.php sql injection
E
CVE-2025-4041 Use of Hard-coded Credentials Optigo Networks ONS NC600
S
CVE-2025-4043 Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code
S
CVE-2025-4047 Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View
CVE-2025-4050 Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote att...
CVE-2025-4051 Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote at...
CVE-2025-4052 Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote at...
CVE-2025-4053 Unauthorized creation of master key in Mifare Classic Be-Tech cards
CVE-2025-4054 Relevanssi <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights
CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode
CVE-2025-4057 Activemq-artemis-operator: amq broker operator starting credentials reuse
M
CVE-2025-4058 Projectworlds Online Examination System Bloodgroop_process.php sql injection
E
CVE-2025-4059 code-projects Prison Management System Prison_Mgmt_Sys addrecord stack-based overflow
E
CVE-2025-4060 PHPGurukul Notice Board System category.php sql injection
E
CVE-2025-4061 code-projects Clothing Store Management System add_item stack-based overflow
E
CVE-2025-4062 code-projects Theater Seat Booking System cancel stack-based overflow
E
CVE-2025-4063 code-projects Student Information Management System cancel stack-based overflow
E
CVE-2025-4064 ScriptAndTools Online-Travling-System viewenquiry.php access control
E
CVE-2025-4065 ScriptAndTools Online-Travling-System addadvertisement.php access control
E
CVE-2025-4066 ScriptAndTools Online-Travling-System addpackage.php access control
E
CVE-2025-4067 ScriptAndTools Online-Travling-System viewpackage.php access control
E
CVE-2025-4068 code-projects Simple Movie Ticket Booking System changeprize stack-based overflow
E
CVE-2025-4069 code-projects Product Management System add_item stack-based overflow
E
CVE-2025-4070 PHPGurukul Rail Pass Management System changeimage.php sql injection
E
CVE-2025-4071 PHPGurukul COVID19 Testing Management System test-details.php sql injection
E
CVE-2025-4072 PHPGurukul Online Nurse Hiring System edit-nurse.php sql injection
E
CVE-2025-4073 PHPGurukul Student Record System change-password.php sql injection
E
CVE-2025-4074 PHPGurukul Curfew e-Pass Management System pass-bwdates-report.php sql injection
E
CVE-2025-4075 VMSMan login.php cross site scripting
E
CVE-2025-4076 LB-LINK BL-AC3600 Password lighttpd.cgi easy_uci_set_option_string_0 command injection
E
CVE-2025-4077 code-projects School Billing System searchrec stack-based overflow
E
CVE-2025-4078 Wangshen SecGate 3600 g=log_export_file path traversal
E
CVE-2025-4079 PCMan FTP Server RENAME Command buffer overflow
E
CVE-2025-4080 PHPGurukul Online Nurse Hiring System view-request.php sql injection
E
CVE-2025-4081 TCC Bypass via Dylib Substitution in DaVinci Resolve
CVE-2025-4082 Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when ch...
CVE-2025-4083 A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs,...
CVE-2025-4084 Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker co...
CVE-2025-4085 An attacker with control over a content process could potentially leverage the privileged UITour act...
CVE-2025-4086 A specially crafted filename containing a large number of encoded newline characters could obscure t...
CVE-2025-4087 A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior d...
CVE-2025-4088 A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentiale...
CVE-2025-4089 Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could ...
CVE-2025-4090 A vulnerability existed in Thunderbird for Android where potentially sensitive library locations wer...
CVE-2025-4091 Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9...
CVE-2025-4092 Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of...
CVE-2025-4093 Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of m...
CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing
E
CVE-2025-4095 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile
CVE-2025-4096 Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to po...
CVE-2025-4098 Out-of-bounds Read in Horner Automation Cscape
S
CVE-2025-4099 List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
S
CVE-2025-4100 Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-4101 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion
S
CVE-2025-4102 Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function
CVE-2025-4104 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function
CVE-2025-4105 Splitit <= 4.2.8 - Missing Authorization to Multiple Administrative Actions
CVE-2025-4107 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4108 PHPGurukul Student Record System add-subject.php sql injection
E
CVE-2025-4109 PHPGurukul Pre-School Enrollment System edit-subadmin.php sql injection
E
CVE-2025-4110 PHPGurukul Pre-School Enrollment System edit-teacher.php sql injection
E
CVE-2025-4111 PHPGurukul Pre-School Enrollment System visitor-details.php sql injection
E
CVE-2025-4112 PHPGurukul Student Record System add-course.php sql injection
E
CVE-2025-4113 PHPGurukul Curfew e-Pass Management System edit-pass-detail.php sql injection
E
CVE-2025-4114 Netgear JWNR2000v2 check_language_file buffer overflow
CVE-2025-4115 Netgear JWNR2000v2 default_version_is_new buffer overflow
CVE-2025-4116 Netgear JWNR2000v2 get_cur_lang_ver buffer overflow
CVE-2025-4117 Netgear JWNR2000v2 sub_41A914 buffer overflow
CVE-2025-4118 Weitong Mall Product History historyList access control
E
CVE-2025-4119 Weitong Mall Product Statistics queryTotal access control
E
CVE-2025-4120 Netgear JWNR2000v2 sub_4238E8 buffer overflow
CVE-2025-4121 Netgear JWNR2000v2 cmd_wireless command injection
CVE-2025-4122 Netgear JWNR2000v2 sub_435E04 command injection
CVE-2025-4123 A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path trave...
CVE-2025-4124 ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2025-4125 ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-4127 WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings
S
CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability
S
CVE-2025-4131 GmapsMania <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2025-4132 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4133 Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS
E
CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files
S
CVE-2025-4135 Netgear WG302v2 ui_get_input_value command injection
S
CVE-2025-4136 Weitong Mall Sale Endpoint improper authorization
E
CVE-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
S
CVE-2025-4139 Netgear EX6120 fwAcosCgiInbound buffer overflow
CVE-2025-4140 Netgear EX6120 sub_30394 buffer overflow
E
CVE-2025-4141 Netgear EX6200 sub_3C03C buffer overflow
E
CVE-2025-4142 Netgear EX6200 sub_3C8EC buffer overflow
E
CVE-2025-4143 Missing validation of redirect_uri on authorize endpoint
S
CVE-2025-4144 PKCE bypass via downgrade attack
S
CVE-2025-4145 Netgear EX6200 sub_3D0BC buffer overflow
E
CVE-2025-4146 Netgear EX6200 sub_41940 buffer overflow
E
CVE-2025-4147 Netgear EX6200 sub_47F7C buffer overflow
E
CVE-2025-4148 Netgear EX6200 sub_503FC buffer overflow
E
CVE-2025-4149 Netgear EX6200 sub_54014 buffer overflow
E
CVE-2025-4150 Netgear EX6200 sub_54340 buffer overflow
E
CVE-2025-4151 PHPGurukul Curfew e-Pass Management System pass-bwdates-reports-details.php sql injection
E
CVE-2025-4152 PHPGurukul Online Birth Certificate System bwdates-reports-details.php sql injection
E
CVE-2025-4153 PHPGurukul Park Ticketing Management System profile.php sql injection
E
CVE-2025-4154 PHPGurukul Pre-School Enrollment System enrollment-details.php sql injection
E
CVE-2025-4155 PHPGurukul Boat Booking System edit-boat.php sql injection
E
CVE-2025-4156 PHPGurukul Boat Booking System change-image.php sql injection
E
CVE-2025-4157 PHPGurukul Boat Booking System booking-details.php sql injection
E
CVE-2025-4158 PCMan FTP Server PROMPT Command buffer overflow
E
CVE-2025-4159 PCMan FTP Server GLOB Command buffer overflow
E
CVE-2025-4160 PCMan FTP Server LS Command buffer overflow
E
CVE-2025-4161 PCMan FTP Server VERBOSE Command buffer overflow
E
CVE-2025-4162 PCMan FTP Server ASCII Command buffer overflow
E
CVE-2025-4163 PHPGurukul Land Record System aboutus.php sql injection
E
CVE-2025-4164 PHPGurukul Employee Record Management System changepassword.php sql injection
E
CVE-2025-4166 Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin
CVE-2025-4168 Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4169 Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4170 Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4171 WZ Followed Posts – Display what visitors are reading <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4172 VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4173 SourceCodester Online Eyewear Shop Master.php delete_cart sql injection
E
CVE-2025-4174 PHPGurukul COVID19 Testing Management System login.php sql injection
E
CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal
E
CVE-2025-4176 PHPGurukul Blood Bank & Donor Management System request-received-bydonar.php sql injection
E
CVE-2025-4177 Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion
CVE-2025-4178 xiaowei1118 java_server File Upload API FoodController.java path traversal
E
CVE-2025-4179 Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation
CVE-2025-4180 PCMan FTP Server TRACE Command buffer overflow
E
CVE-2025-4181 PCMan FTP Server SEND Command buffer overflow
E
CVE-2025-4182 PCMan FTP Server BELL Command buffer overflow
E
CVE-2025-4183 PCMan FTP Server RECV Command buffer overflow
E
CVE-2025-4184 PCMan FTP Server QUOTE Command buffer overflow
E
CVE-2025-4185 Wangshen SecGate 3600 g=obj_area_export_save path traversal
E
CVE-2025-4186 Wangshen SecGate 3600 g=route_ispinfo_export_save path traversal
E
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read
CVE-2025-4188 Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4189 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload
E
CVE-2025-4191 PHPGurukul Employee Record Management System editmyeducation.php sql injection
E
CVE-2025-4192 itsourcecode Restaurant Management System category_save.php sql injection
E
CVE-2025-4193 itsourcecode Restaurant Management System category_update.php sql injection
E
CVE-2025-4194 AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4195 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4196 SourceCodester Patient Record Management System birthing.php sql injection
E
CVE-2025-4197 code-projects Patient Record Management System edit_xpatient.php sql injection
E
CVE-2025-4198 Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4199 Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-4200 Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion
CVE-2025-4204 Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id'
CVE-2025-4205 Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter
CVE-2025-4206 WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion
CVE-2025-4207 PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function
CVE-2025-4209 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4210 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization
S
CVE-2025-4211 Improper Link Resolution Before File Access in QFileSystemEngine on Windows
CVE-2025-4213 PHPGurukul Online Birth Certificate System search.php sql injection
E
CVE-2025-4214 PHPGuruku Online DJ Booking Management System booking-bwdates-reports-details.php sql injection
E
CVE-2025-4215 gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos
E S
CVE-2025-4216 DIOT SCADA with MQTT <= 1.0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4217 WP YouTube Video Optimizer <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4218 handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection
E
CVE-2025-4219 DPEPress <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4220 Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4221 Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4222 Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter
CVE-2025-4224 wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-4226 PHPGurukul/Campcodes Cyber Cafe Management System add-computer.php sql injection
E
CVE-2025-4227 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement
S
CVE-2025-4228 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
S
CVE-2025-4229 PAN-OS: Traffic Information Disclosure Vulnerability
S
CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
S
CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
S
CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS
S
CVE-2025-4233 Prisma Access Browser: Inappropriate implementation in Cache
S
CVE-2025-4236 PCMan FTP Server MDIR Command buffer overflow
E
CVE-2025-4237 PCMan FTP Server MDELETE Command buffer overflow
E
CVE-2025-4238 PCMan FTP Server MGET Command buffer overflow
E
CVE-2025-4239 PCMan FTP Server TYPE Command buffer overflow
E
CVE-2025-4240 PCMan FTP Server LCD Command buffer overflow
E
CVE-2025-4241 PHPGurukul Teacher Subject Allocation Management System search.php sql injection
E
CVE-2025-4242 PHPGurukul Online Birth Certificate System between-dates-report.php sql injection
E
CVE-2025-4243 code-projects Online Bus Reservation System print.php sql injection
E
CVE-2025-4244 code-projects Online Bus Reservation System seatlocation.php sql injection
E
CVE-2025-4247 SourceCodester Simple To-Do List System delete_task.php sql injection
E
CVE-2025-4248 SourceCodester Simple To-Do List System complete_task.php sql injection
E
CVE-2025-4249 PHPGurukul e-Diary Management System manage-categories.php sql injection
E
CVE-2025-4250 code-projects Nero Social Networking Site index.php sql injection
E
CVE-2025-4251 PCMan FTP Server RMDIR Command buffer overflow
E
CVE-2025-4252 PCMan FTP Server APPEND Command buffer overflow
E
CVE-2025-4253 PCMan FTP Server HASH Command buffer overflow
E
CVE-2025-4254 PCMan FTP Server LIST Command buffer overflow
E
CVE-2025-4255 PCMan FTP Server RMD Command buffer overflow
E
CVE-2025-4256 SeaCMS admin_paylog.php cross site scripting
E
CVE-2025-4257 SeaCMS admin_pay.php cross site scripting
E
CVE-2025-4258 zhangyanbo2007 youkefu MediaController.java upload unrestricted upload
E
CVE-2025-4259 newbee-mall UploadController.java upload unrestricted upload
E
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization
E
CVE-2025-4261 GAIR-NLP factool tool.py run_single code injection
E
CVE-2025-4262 PHPGurukul Online DJ Booking Management System user-search.php sql injection
E
CVE-2025-4263 PHPGurukul Online DJ Booking Management System booking-search.php sql injection
E
CVE-2025-4264 PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection
E
CVE-2025-4265 PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection
E
CVE-2025-4266 PHPGurukul Notice Board System bwdates-reports-details.php sql injection
E
CVE-2025-4267 SourceCodester/oretnom23 Stock Management System Purchase Order Details Page view_po sql injection
E
CVE-2025-4268 TOTOLINK A720R cstecgi.cgi missing authentication
E
CVE-2025-4269 TOTOLINK A720R Log cstecgi.cgi access control
E
CVE-2025-4270 TOTOLINK A720R Config cstecgi.cgi information disclosure
E
CVE-2025-4271 TOTOLINK A720R cstecgi.cgi information disclosure
E
CVE-2025-4272 Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path
E
CVE-2025-4273 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
S
CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
E S
CVE-2025-4279 External image replace <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2025-4280 TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app
CVE-2025-4281 Shenzhen Sixun Software Sixun Shanghui Group Business Management System LoadData information disclosure
E
CVE-2025-4282 SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery
E
CVE-2025-4283 SourceCodester/oretnom23 Stock Management System Login.php sql injection
E
CVE-2025-4286 Intelbras InControl Dispositivos Edição Page credentials storage
E
CVE-2025-4287 PyTorch nccl.py torch.cuda.nccl.reduce denial of service
E S
CVE-2025-4288 PCMan FTP Server RNFR Command buffer overflow
E
CVE-2025-4289 PCMan FTP Server RNTO Command buffer overflow
E
CVE-2025-4290 PCMan FTP Server SMNT Command buffer overflow
E
CVE-2025-4291 IdeaCMS saveUpload unrestricted upload
E
CVE-2025-4292 MRCMS Edit User Page edit.do cross site scripting
E
CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting
E
CVE-2025-4297 PHPGurukul Men Salon Management System change-password.php sql injection
E
CVE-2025-4298 Tenda AC1206 setcfm formSetCfm buffer overflow
E
CVE-2025-4299 Tenda AC1206 openSchedWifi setSchedWifi buffer overflow
E
CVE-2025-4300 itsourcecode Content Management System search_list.php sql injection
E
CVE-2025-4301 itsourcecode Content Management System search-notice.php sql injection
E
CVE-2025-4303 PHPGurukul Human Metapneumovirus Testing Management System add-phlebotomist.php sql injection
E
CVE-2025-4304 PHPGurukul Cyber Cafe Management System adminprofile.php sql injection
E
CVE-2025-4305 kefaming mayi File.php upload unrestricted upload
E
CVE-2025-4306 PHPGurukul Nipah Virus Testing Management System edit-phlebotomist.php sql injection
E
CVE-2025-4307 PHPGurukul Art Gallery Management System add-art-medium.php sql injection
E
CVE-2025-4308 PHPGurukul Art Gallery Management System add-art-type.php sql injection
E
CVE-2025-4309 PHPGurukul Art Gallery Management System add-art-type.php sql injection
E
CVE-2025-4310 itsourcecode Content Management System add_topic.php unrestricted upload
E
CVE-2025-4311 itsourcecode Content Management System update_main_topic_img.php sql injection
E
CVE-2025-4312 SourceCodester Advanced Web Store productdetail.php sql injection
E
CVE-2025-4313 SourceCodester Advanced Web Store admin_addnew_product.php sql injection
E
CVE-2025-4314 SourceCodester Advanced Web Store index.php sql injection
E
CVE-2025-4315 CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation
S
CVE-2025-4316 Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their...
CVE-2025-4317 TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-4318 Input validation issue in AWS Amplify Studio UI component properties
CVE-2025-4322 Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
CVE-2025-4323 MRCMS Edit Article Page cross site scripting
E
CVE-2025-4324 MRCMS External Link Management Page edit.do cross site scripting
E
CVE-2025-4325 MRCMS Category Management Page add.do cross site scripting
E
CVE-2025-4326 MRCMS Add Fragment Page add.do cross site scripting
E
CVE-2025-4327 MRCMS cross-site request forgery
E
CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect
E
CVE-2025-4329 74CMS index path traversal
E
CVE-2025-4330 Extraction filter bypass for linking outside extraction directory
S
CVE-2025-4331 SourceCodester Online Student Clearance System login.php sql injection
E
CVE-2025-4332 PHPGurukul Company Visitor Management System visitor-detail.php sql injection
E
CVE-2025-4333 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload
E
CVE-2025-4334 Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
CVE-2025-4335 Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-4336 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file()
E
CVE-2025-4337 AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion
CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference
S
CVE-2025-4339 TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update
CVE-2025-4340 D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection
E
CVE-2025-4341 D-Link DIR-880L Request Header ssdpcgi sub_16570 command injection
E
CVE-2025-4342 D-Link DIR-600L formEasySetupWizard3 buffer overflow
CVE-2025-4343 D-Link DIR-600L formEasySetupWizard buffer overflow
CVE-2025-4344 D-Link DIR-600L formLogin buffer overflow
CVE-2025-4345 D-Link DIR-600L formSetLog buffer overflow
CVE-2025-4346 D-Link DIR-600L formSetWAN_Wizard534 buffer overflow
CVE-2025-4347 D-Link DIR-600L formWlSiteSurvey buffer overflow
CVE-2025-4348 D-Link DIR-600L formSetWanL2TP buffer overflow
CVE-2025-4349 D-Link DIR-600L formSysCmd command injection
CVE-2025-4350 D-Link DIR-600L wake_on_lan command injection
CVE-2025-4352 Brilliance Golden Link Secondary System tcEntrFlowSelect.htm sql injection
E
CVE-2025-4353 Brilliance Golden Link Secondary System queryTsDictionaryType.htm sql injection
E
CVE-2025-4354 Tenda DAP-1520 storage check_dws_cookie stack-based overflow
E
CVE-2025-4355 Tenda DAP-1520 api set_ws_action heap-based overflow
E
CVE-2025-4356 Tenda DAP-1520 Authentication storage mod_graph_auth_uri_handler stack-based overflow
E
CVE-2025-4357 Tenda RX3 telnet command injection
E
CVE-2025-4358 PHPGurukul Company Visitor Management System admin-profile.php sql injection
E
CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4360 itsourcecode Gym Management System view_member.php sql injection
E
CVE-2025-4361 PHPGurukul Company Visitor Management System department.php sql injection
E
CVE-2025-4362 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4363 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4364 Exposure of Sensitive System Information to an Unauthorized Control Sphere
S
CVE-2025-4365 NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read
CVE-2025-4366 Request Smuggling Vulnerability in Pingora
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode
S
CVE-2025-4368 Tenda AC8 MtuSetMacWan formGetRouterStatus buffer overflow
E
CVE-2025-4372 Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to pote...
CVE-2025-4373 Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
M
CVE-2025-4374 Quay: incorrect privilege assignment
M
CVE-2025-4375 Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA
CVE-2025-4376 Cross-Site Scripting vulnerability in Model Search in Pro Cloud Server's WebEA
CVE-2025-4377 Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php
CVE-2025-4378 Hardcoded Credentials in Ataturk University's ATA-AOF Mobile Application
CVE-2025-4379 Reflected XSS in DobryCMS
CVE-2025-4380 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion
CVE-2025-4381 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection
CVE-2025-4382 Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
M
CVE-2025-4383 Authentication Bypass in Art-In Systems' Wi-Fi Cloud Hotspot
CVE-2025-4384 Certificate validity not properly verified
S
CVE-2025-4387 Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-4388 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, ...
CVE-2025-4389 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload
CVE-2025-4391 Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload
CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function
CVE-2025-4396 Relevanssi <= 4.24.4 (Free) and <= 2.27.4 (Premium) - Unauthenticated SQL Injection
CVE-2025-4403 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function
CVE-2025-4404 Freeipa: idm: privilege escalation from host to domain admin in freeipa
M
CVE-2025-4405 Hot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter
S
CVE-2025-4406 wpForo Forum <= 2.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Avatar
CVE-2025-4407 Application does not invalidate session after password reset
S
CVE-2025-4412 TCC Bypass via Dylib Loading in Viscosity.app
CVE-2025-4413 Pixabay Images <= 3.4 - Authenticated (Author+) Arbitrary File Upload
CVE-2025-4414 WordPress CMSMasters Content Composer < 2.5.7 - Local File Inclusion Vulnerability
S
CVE-2025-4415 Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058
CVE-2025-4416 Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059
CVE-2025-4417 AVEVA PI Connector for CygNet Cross-site Scripting
S
CVE-2025-4418 AVEVA PI Connector for CygNet Improper Validation of Integrity Check Value
S
CVE-2025-4419 Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter
S
CVE-2025-4420 Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter
CVE-2025-4427 Authentication Bypass
KEV
CVE-2025-4428 Remote Code Execution
KEV
CVE-2025-4429 WordPress Gearside Developer Dashboard <= 1.0.72 - Reflected XSS
E
CVE-2025-4430 Unauthorized file manipulation in EZD RP
CVE-2025-4431 Featured Image Plus <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Featured Image Update
CVE-2025-4432 Ring: some aes functions may panic when overflow checking is enabled in ring
CVE-2025-4433 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows...
CVE-2025-4434 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-4435 Tarfile extracts filtered members when errorlevel=0
S
CVE-2025-4436 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4440 H3C GR-1800AX aspForm EnableIpv6 buffer overflow
E
CVE-2025-4441 D-Link DIR-605L formSetWAN_Wizard534 buffer overflow
CVE-2025-4442 D-Link DIR-605L formSetWAN_Wizard55 buffer overflow
CVE-2025-4443 D-Link DIR-605L sub_454F2C command injection
CVE-2025-4445 D-Link DIR-605L wake_on_lan command injection
CVE-2025-4446 H3C GR-5400AX aspForm Edit_List_SSID buffer overflow
CVE-2025-4447 Buffer Overflow in Eclipse OpenJ9
CVE-2025-4448 D-Link DIR-619L formEasySetupWizard buffer overflow
CVE-2025-4449 D-Link DIR-619L formEasySetupWizard3 buffer overflow
CVE-2025-4450 D-Link DIR-619L formSetEasy_Wizard buffer overflow
CVE-2025-4451 D-Link DIR-619L formSetWAN_Wizard52 buffer overflow
CVE-2025-4452 D-Link DIR-619L formSetWizard2 buffer overflow
CVE-2025-4453 D-Link DIR-619L formSysCmd command injection
CVE-2025-4454 D-Link DIR-619L wake_on_lan command injection
CVE-2025-4455 Patch My PC Home Updater System.IO uncontrolled search path
E
CVE-2025-4456 Project Worlds Car Rental Project signup.php sql injection
E
CVE-2025-4457 Project Worlds Car Rental Project approve.php sql injection
E
CVE-2025-4458 code-projects Patient Record Management System edit_upatient.php sql injection
E
CVE-2025-4459 code-projects Patient Record Management System fecalysis_form.php sql injection
E
CVE-2025-4460 TOTOLINK N150RT URL Filtering Page cross site scripting
E
CVE-2025-4461 TOTOLINK N150RT Virtual Server Page cross site scripting
E
CVE-2025-4462 TOTOLINK N150RT formWsc buffer overflow
E
CVE-2025-4463 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4464 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4465 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4466 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4467 SourceCodester Online Student Clearance System edit-admin.php sql injection
E
CVE-2025-4468 SourceCodester Online Student Clearance System edit-photo.php unrestricted upload
E
CVE-2025-4469 SourceCodester Online Student Clearance System add-admin.php cross site scripting
E
CVE-2025-4470 SourceCodester Online Student Clearance System add-student.php cross site scripting
E
CVE-2025-4471 code-projects Jewelery Store Management system Search Item View stack-based overflow
E
CVE-2025-4472 code-projects Departmental Store Management System bill stack-based overflow
E
CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function
CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function
CVE-2025-4475 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4476 Libsoup: null pointer dereference in libsoup may lead to denial of service
M
CVE-2025-4477 TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation
S
CVE-2025-4478 Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service
M
CVE-2025-4479 ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget
S
CVE-2025-4480 code-projects Simple College Management System Add New Student input stack-based overflow
E
CVE-2025-4481 SourceCodester Apartment Visitor Management System search-result.php sql injection
E
CVE-2025-4482 Project Worlds Student Project Allocation System forgot_password_sql.php sql injection
E
CVE-2025-4483 itsourcecode Gym Management System view_pdetails.php sql injection
E
CVE-2025-4484 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4485 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4486 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4487 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4488 itsourcecode Gym Management System ajax.php sql injection
E
CVE-2025-4489 Campcodes Online Food Ordering System user-router.php sql injection
E
CVE-2025-4490 Campcodes Online Food Ordering System view-ticket-admin.php sql injection
E
CVE-2025-4491 Campcodes Online Food Ordering System ticket-status.php sql injection
E
CVE-2025-4492 Campcodes Online Food Ordering System ticket-message.php sql injection
E
CVE-2025-4493 Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to ...
CVE-2025-4494 JAdmin-JAVA JAdmin Admin Backend NoNeedLoginController.java toLogin improper authentication
E
CVE-2025-4495 JAdmin-JAVA JAdmin save cross site scripting
E
CVE-2025-4496 TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow
E
CVE-2025-4497 code-projects Simple Banking System Sign In buffer overflow
E
CVE-2025-4498 code-projects Simple Bus Reservation System Install Bus install stack-based overflow
E
CVE-2025-4499 code-projects Simple Hospital Management System Add Information add stack-based overflow
E
CVE-2025-4500 code-projects Hotel Management System Edit Room edit stack-based overflow
E
CVE-2025-4501 code-projects Album Management System Search Albums searchalbum stack-based overflow
E
CVE-2025-4502 Campcodes Sales and Inventory System creditor_add.php sql injection
E
CVE-2025-4503 Campcodes Sales and Inventory System customer_update.php sql injection
E
CVE-2025-4504 SourceCodester Online College Library System index.php sql injection
E
CVE-2025-4505 PHPGurukul Apartment Visitors Management System category.php sql injection
E
CVE-2025-4506 Campcodes Online Food Ordering System menu-router.php sql injection
E
CVE-2025-4507 Campcodes Online Food Ordering System add-item.php sql injection
E
CVE-2025-4508 PHPGurukul e-Diary Management System my-profile.php sql injection
E
CVE-2025-4509 PHPGurukul e-Diary Management System manage-notes.php sql injection
E
CVE-2025-4510 Changjietong UFIDA CRM optntyday.php sql injection
E
CVE-2025-4511 vector4wang spring-boot-quick quick-img2txt Img2TxtController.java ResponseEntity path traversal
E
CVE-2025-4512 Inetum IODAS app.jsp cross site scripting
E
CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect
E
CVE-2025-4514 Zhengzhou Jiuhua Electronic Technology mayicms javascript.php sql injection
E
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
E
CVE-2025-4516 Use-after-free in "unicode_escape" decoder with error handler
S
CVE-2025-4517 Arbitrary writes via tarfile realpath overflow
S
CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
CVE-2025-4524 Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion
CVE-2025-4525 Discord WINSTA.dll uncontrolled search path
E
CVE-2025-4526 Dígitro NGC Explorer Configuration Page missing password field masking
CVE-2025-4527 Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security
CVE-2025-4528 Dígitro NGC Explorer session expiration
CVE-2025-4529 Seeyon Zhiyuan OA Web Application System ZIP File M3CoreController.class download path traversal
E
CVE-2025-4530 feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal
E
CVE-2025-4531 Seeyon Zhiyuan OA Web Application System Beetl Template EhrSalaryPayrollServiceImpl.class postData code injection
E
CVE-2025-4532 Shanghai Bairui Information Technology SunloginClient sunlogin_guard.exe uncontrolled search path
E
CVE-2025-4533 JeecgBoot Document Library Upload zip unzipFile resource consumption
E
CVE-2025-4534 SunGrow Logger1000 weak password
E
CVE-2025-4535 Gosuncn Technology Group Audio-Visual Integrated Management Platform Configuration File config.properties information disclosure
E
CVE-2025-4536 Gosuncn Technology Group Audio-Visual Integrated Management Platform listByPage information disclosure
E
CVE-2025-4537 yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie
E
CVE-2025-4538 kkFileView fileUpload unrestricted upload
E
CVE-2025-4539 Hainan ToDesk DLL File Parser profapi.dll uncontrolled search path
E
CVE-2025-4540 MTSoftware C-Lodop CLodopPrintService unquoted search path
E
CVE-2025-4541 LmxCMS POST Request ZtAction.class.php manageZt sql injection
E
CVE-2025-4542 Freeebird Hotel 酒店管理系统 API SessionInterceptor.java cross-domain policy
E
CVE-2025-4543 LyLme Spage ajax_link.php sql injection
E
CVE-2025-4544 D-Link DI-8100 jhttpd ddos.asp stack-based overflow
E
CVE-2025-4545 CTCMS Content Management System File Tpl.php del path traversal
E
CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection
E
CVE-2025-4547 SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting
E
CVE-2025-4548 Campcodes Online Food Ordering System router.php sql injection
E
CVE-2025-4549 Campcodes Online Food Ordering System register-router.php sql injection
E
CVE-2025-4550 PHPGurukul Apartment Visitors Management System pass-details.php sql injection
E
CVE-2025-4551 ContiNew Admin file cross site scripting
E
CVE-2025-4552 ContiNew Admin password unverified password change
E
CVE-2025-4553 PHPGurukul Apartment Visitors Management System bwdates-reports-details.php sql injection
E
CVE-2025-4554 PHPGurukul Apartment Visitors Management System bwdates-passreports-details.php sql injection
E
CVE-2025-4555 ZONG YU Okcat Parking Management Platform - Missing Authentication
M
CVE-2025-4556 ZONG YU Okcat Parking Management Platform - Arbitrary File Upload
M
CVE-2025-4557 ZONG YU Parking Management System - Missing Authentication
M
CVE-2025-4558 WormHole Tech GPM - Unverified Password Change
S
CVE-2025-4559 Netvision ISOinsight - SQL Injection
S
CVE-2025-4560 Netvision ISOinsight - Missing Authentication
S
CVE-2025-4561 Kinfor KFOX - Arbitrary File Upload
S
CVE-2025-4562 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4563 Nodes can bypass dynamic resource allocation authorization checks
S
CVE-2025-4564 TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion
CVE-2025-4565 Unbounded recursion in Python Protobuf
CVE-2025-4567 Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS
E
CVE-2025-4568 SQL Injection in 2ClickPortal
CVE-2025-4571 GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification
S
CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory
S
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
M
CVE-2025-4575 The x509 application adds trusted use instead of rejected use
S
CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi
E
CVE-2025-4579 WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields
CVE-2025-4580 File Provider <= 1.2.3 - Item Deletion via CSRF
E
CVE-2025-4583 Smash Balloon Instagram Feed <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute
CVE-2025-4584 IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode
CVE-2025-4585 IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode
CVE-2025-4586 IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode
CVE-2025-4587 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4589 Bon Toolkit <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4590 Daisycon prijsvergelijkers <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4591 Weluka Lite <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4592 AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update
CVE-2025-4593 WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure
CVE-2025-4594 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-4595 FastSpring <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-4597 Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
CVE-2025-4598 Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
M
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
CVE-2025-4601 RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-4602 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read
E
CVE-2025-4603 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion
E
CVE-2025-4605 USD File Parsing Memory Allocation Vulnerability
CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover
CVE-2025-4607 PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function
CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
CVE-2025-4611 Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
CVE-2025-4613 Client side RCE in Google Web Designer App
CVE-2025-4631 Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint
CVE-2025-4632 Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Ser...
KEV S
CVE-2025-4633 Default Credentials
CVE-2025-4634 Local File Inclusion
CVE-2025-4635 Remote Code Execution
CVE-2025-4636 Local Privilege Escalation
CVE-2025-4637 Divide By Zero in dlib
S
CVE-2025-4638 Improper Pointer Arithmetic in pcl
S
CVE-2025-4639 Improper Restriction of XML External Entity Reference in Peergos
CVE-2025-4640 Out-of-bounds Write in pcl
S
CVE-2025-4641 XML External Entity (XXE) injection vulnerability in WebDriverManager
CVE-2025-4642 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web
CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
CVE-2025-4649 ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
CVE-2025-4652 Broadstreet < 1.51.8 - Reflected XSS
E
CVE-2025-4653 Remote Code Execution leads to Command Injection
CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion
CVE-2025-4656 Vault Vulnerable to Recovery Key Cancellation Denial of Service
CVE-2025-4658 Authentication Bypass in OPKSSH
CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure
CVE-2025-4660 Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access
CVE-2025-4661 Path transversal vulnerability potentially leading to sensitive information disclosure
CVE-2025-4662 Plaintext security passwords are logged in the audit logs while executing openssl cmd
CVE-2025-4663 Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability
CVE-2025-4664 Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote ...
KEV
CVE-2025-4666 ZotPress <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname'
CVE-2025-4667 Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
CVE-2025-4668 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode
S
CVE-2025-4670 Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes
CVE-2025-4672 Offsprout Page Builder 2.2.1 - 2.15.2 - Authenticated (Contributor+) Privilege Escalation via permission_callback Function
CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http
CVE-2025-4678 Remote Code Execution leads to Command Injection
CVE-2025-4679 A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to...
CVE-2025-4680 Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allo...
CVE-2025-4681 Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access ...
CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets
CVE-2025-4683 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation
S
CVE-2025-4687 Account pre-hijacking through invite misuse
CVE-2025-4689 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure
S
CVE-2025-4692 ABUP IoT Cloud Platform Incorrect Privilege Assignment
S
CVE-2025-4694 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4695 PHPGurukul/Campcodes Cyber Cafe Management System add-users.php sql injection
E
CVE-2025-4696 PHPGurukul/Campcodes Cyber Cafe Management System search.php sql injection
E
CVE-2025-4697 PHPGurukul Directory Management System edit-directory.php sql injection
E
CVE-2025-4698 PHPGurukul Directory Management System forget-password.php sql injection
E
CVE-2025-4699 PHPGurukul Apartment Visitors Management System visitors-form.php sql injection
E
CVE-2025-4701 VITA-MLLM Freeze-Omni utils.py torch.load deserialization
E
CVE-2025-4702 PHPGurukul Vehicle Parking Management System add-category.php sql injection
E
CVE-2025-4703 PHPGurukul Vehicle Parking Management System admin-profile.php sql injection
E
CVE-2025-4704 PHPGurukul Vehicle Parking Management System edit-category.php sql injection
E
CVE-2025-4705 PHPGurukul Vehicle Parking Management System view-incomingvehicle-detail.php sql injection
E
CVE-2025-4706 projectworlds Online Examination System Procedure3b_yearwiseVisit.php sql injection
E
CVE-2025-4707 Campcodes Sales and Inventory System transaction_add.php sql injection
E
CVE-2025-4708 Campcodes Sales and Inventory System sales_add.php sql injection
E
CVE-2025-4709 Campcodes Sales and Inventory System transaction_del.php sql injection
E
CVE-2025-4710 Campcodes Sales and Inventory System transaction.php sql injection
E
CVE-2025-4711 Campcodes Sales and Inventory System stockin_add.php sql injection
E
CVE-2025-4712 Campcodes Sales and Inventory System account_summary.php sql injection
E
CVE-2025-4713 Campcodes Sales and Inventory System print.php sql injection
E
CVE-2025-4714 Campcodes Sales and Inventory System reprint.php sql injection
E
CVE-2025-4715 Campcodes Sales and Inventory System view_application.php sql injection
E
CVE-2025-4716 Campcodes Sales and Inventory System credit_transaction_add.php sql injection
E
CVE-2025-4717 PHPGurukul Company Visitor Management System visitors-form.php sql injection
E
CVE-2025-4718 Campcodes Sales and Inventory System customer_add.php sql injection
E
CVE-2025-4719 Campcodes Sales and Inventory System cash_transaction.php sql injection
E
CVE-2025-4720 SourceCodester Student Result Management System drop_student.php path traversal
E
CVE-2025-4721 itsourcecode Placement Management System drive.php sql injection
E
CVE-2025-4722 itsourcecode Placement Management System edit_profile.php sql injection
E
CVE-2025-4723 itsourcecode Placement Management System all_student.php sql injection
E
CVE-2025-4724 itsourcecode Placement Management System student_profile.php sql injection
E
CVE-2025-4725 itsourcecode Placement Management System view_drive.php sql injection
E
CVE-2025-4726 itsourcecode Placement Management System view_student.php sql injection
E
CVE-2025-4727 Meteor livedata_server.js Object.assign redos
E S
CVE-2025-4728 SourceCodester Best Online News Portal search.php sql injection
E
CVE-2025-4729 TOTOLINK A3002R/A3002RU HTTP POST Request formMapDelDevice command injection
E
CVE-2025-4730 TOTOLINK A3002R/A3002RU HTTP POST Request formMapDel buffer overflow
E
CVE-2025-4731 TOTOLINK A3002R/A3002RU HTTP POST Request formPortFw buffer overflow
E
CVE-2025-4732 TOTOLINK A3002R/A3002RU HTTP POST Request formFilter buffer overflow
E
CVE-2025-4733 TOTOLINK A3002R/A3002RU HTTP POST Request formIpQoS buffer overflow
E
CVE-2025-4734 Campcodes Sales and Inventory System ci_update.php sql injection
E
CVE-2025-4735 Campcodes Sales and Inventory System product.php unrestricted upload
E
CVE-2025-4736 PHPGurukul Daily Expense Tracker register.php sql injection
E
CVE-2025-4737 Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may...
CVE-2025-4738 Authenticated SQLi in Yirmibes Software's MY ERP
CVE-2025-4739 projectworlds Hospital Database Management System medicines_info.php sql injection
E
CVE-2025-4740 BeamCtrl Airiana coef deserialization
E
CVE-2025-4741 Campcodes Sales and Inventory System purchase_add.php sql injection
E
CVE-2025-4742 XU-YIJIE grpo-flat grpo_vanilla.py main deserialization
CVE-2025-4743 code-projects Employee Record System getData.php sql injection
E
CVE-2025-4744 code-projects Employee Record System edit_employee.php cross site scripting
E
CVE-2025-4745 code-projects Employee Record System current_employees.php cross site scripting
E
CVE-2025-4746 Campcodes Sales and Inventory System purchase_delete.php sql injection
E
CVE-2025-4747 Bohua NetDragon Firewall ip_status.php command injection
E
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
S
CVE-2025-4749 D-Link DI-7003GV2 Factory Reset backup.asp sub_4983B0 denial of service
E
CVE-2025-4750 D-Link DI-7003GV2 Configuration get_version.data information disclosure
E
CVE-2025-4751 D-Link DI-7003GV2 index.data information disclosure
E
CVE-2025-4752 D-Link DI-7003GV2 install_base.data information disclosure
E
CVE-2025-4753 D-Link DI-7003GV2 login.data information disclosure
E
CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
S
CVE-2025-4755 D-Link DI-7003GV2 netconfig.asp sub_497DE4 improper authentication
E
CVE-2025-4756 D-Link DI-7003GV2 restart.asp denial of service
E
CVE-2025-4757 PHPGurukul Beauty Parlour Management System forgot-password.php sql injection
E
CVE-2025-4758 PHPGurukul Beauty Parlour Management System contact.php sql injection
E
CVE-2025-4759 Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: E...
E S
CVE-2025-4761 PHPGurukul Complaint Management System admin-profile.php sql injection
E
CVE-2025-4762 Insecure Direct Object Reference (IDOR) vulnerability in eSignaViewer
S
CVE-2025-4765 PHPGurukul Zoo Management System contactus.php sql injection
E
CVE-2025-4766 PHPGurukul Zoo Management System profile.php sql injection
E
CVE-2025-4767 defog-ai introspect Test Endpoint integration_routes.py test_custom_tool code injection
E
CVE-2025-4768 feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload
E
CVE-2025-4769 CBEWIN Anytxt Searcher ATService.exe uncontrolled search path
CVE-2025-4770 PHPGurukul Park Ticketing Management System view-normal-ticket.php sql injection
E
CVE-2025-4771 PHPGurukul Online Course Registration course.php sql injection
E
CVE-2025-4772 PHPGurukul Online Course Registration department.php sql injection
E
CVE-2025-4773 PHPGurukul Online Course Registration level.php sql injection
E
CVE-2025-4774 Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
CVE-2025-4775 WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting
CVE-2025-4777 PHPGurukul Park Ticketing Management System view-foreigner-ticket.php sql injection
E
CVE-2025-4778 PHPGurukul Park Ticketing Management System normal-search.php sql injection
E
CVE-2025-4779 Stored Cross-site Scripting (XSS) in lunary-ai/lunary
CVE-2025-4780 PHPGurukul Park Ticketing Management System foreigner-search.php sql injection
E
CVE-2025-4781 PHPGurukul Park Ticketing Management System forgot-password.php sql injection
E
CVE-2025-4782 SourceCodester/oretnom23 Stock Management System view_receiving sql injection
E
CVE-2025-4783 Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
CVE-2025-4785 PHPGurukul Daily Expense Tracker System user-profile.php sql injection
E
CVE-2025-4786 SourceCodester/oretnom23 Stock Management System view_return sql injection
E
CVE-2025-4787 SourceCodester/oretnom23 Stock Management System view_sale sql injection
E
CVE-2025-4788 FreeFloat FTP Server DELETE Command buffer overflow
E
CVE-2025-4789 FreeFloat FTP Server LCD Command buffer overflow
E
CVE-2025-4790 FreeFloat FTP Server GLOB Command buffer overflow
E
CVE-2025-4791 FreeFloat FTP Server HASH Command buffer overflow
E
CVE-2025-4792 FreeFloat FTP Server MDELETE Command buffer overflow
E
CVE-2025-4793 PHPGurukul Online Course Registration edit-student-profile.php sql injection
E
CVE-2025-4794 PHPGurukul Online Course Registration news.php sql injection
E
CVE-2025-4795 gongfuxiang schoolcms index.php SaveInfo sql injection
E
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover
CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read
S
CVE-2025-4799 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion
S
CVE-2025-4800 MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-4801 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in...
R
CVE-2025-4802 Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2....
E S
CVE-2025-4803 Glossary by WPPedia <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection
CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration
CVE-2025-4805 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration
CVE-2025-4806 SourceCodester/oretnom23 Stock Management System view_bo sql injection
E
CVE-2025-4807 SourceCodester Online Student Clearance System exposure of information through directory listing
E
CVE-2025-4808 PHPGurukul Park Ticketing Management System add-normal-ticket.php sql injection
E
CVE-2025-4809 Tenda AC7 setMacFilterCfg fromSafeSetMacFilter stack-based overflow
E
CVE-2025-4810 Tenda AC7 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2025-4811 CodeAstro Pharmacy Management System Login index.php sql injection
E
CVE-2025-4812 PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection
E
CVE-2025-4813 PHPGurukul Human Metapneumovirus Testing Management System edit-phlebotomist.php sql injection
E
CVE-2025-4814 Campcodes Sales and Inventory System supplier_add.php sql injection
E
CVE-2025-4815 Campcodes Sales and Inventory System supplier_update.php sql injection
E
CVE-2025-4816 SourceCodester Doctor's Appointment System GET Parameter appointment.php sql injection
E
CVE-2025-4817 Sourcecodester Doctor's Appointment System GET Parameter delete-appointment.php sql injection
E
CVE-2025-4818 SourceCodester Doctor's Appointment System GET Parameter delete-doctor.php sql injection
E
CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization
E
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK
CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges
CVE-2025-4823 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow
E
CVE-2025-4824 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWsc buffer overflow
E
CVE-2025-4825 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDMZ buffer overflow
E
CVE-2025-4826 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWirelessTbl buffer overflow
E
CVE-2025-4827 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSaveConfig buffer overflow
E
CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion
CVE-2025-4829 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formStats sub_40BE30 buffer overflow
E
CVE-2025-4830 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSysCmd buffer overflow
E
CVE-2025-4831 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSiteSurveyProfile buffer overflow
E
CVE-2025-4832 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDosCfg buffer overflow
E
CVE-2025-4833 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formNtp buffer overflow
E
CVE-2025-4834 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSetLg buffer overflow
E
CVE-2025-4835 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWlanRedirect buffer overflow
E
CVE-2025-4836 Projectworlds Life Insurance Management System deleteAgent.php sql injection
E
CVE-2025-4837 projectworlds Student Project Allocation System make_group_sql.php sql injection
E
CVE-2025-4838 kanwangzjm Funiture Login LoginServlet.java doPost redirect
E
CVE-2025-4839 itwanger paicoding CrossUtil.java cross-domain policy
E
CVE-2025-4840 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
E
CVE-2025-4841 D-Link DCS-932L gpio sub_404780 stack-based overflow
E
CVE-2025-4842 D-Link DCS-932L ucp isUCPCameraNameChanged stack-based overflow
E
CVE-2025-4843 D-Link DCS-932L udev SubUPnPCSInit stack-based overflow
E
CVE-2025-4844 FreeFloat FTP Server CD Command buffer overflow
E
CVE-2025-4845 FreeFloat FTP Server TRACE Command buffer overflow
E
CVE-2025-4846 FreeFloat FTP Server MPUT Command buffer overflow
E
CVE-2025-4847 FreeFloat FTP Server MLS Command buffer overflow
E
CVE-2025-4848 FreeFloat FTP Server RECV Command buffer overflow
E
CVE-2025-4849 TOTOLINK N300RH cstecgi.cgi CloudACMunualUpdateUserdata command injection
E
CVE-2025-4850 TOTOLINK N300RH cstecgi.cgi setUnloadUserData command injection
E
CVE-2025-4851 TOTOLINK N300RH cstecgi.cgi setUploadUserData command injection
E
CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting
E
CVE-2025-4855 Support Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key
CVE-2025-4857 Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion
S
CVE-2025-4858 D-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scripting
E
CVE-2025-4859 D-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scripting
E
CVE-2025-4860 D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting
E
CVE-2025-4861 PHPGurukul Beauty Parlour Management System admin-profile.php sql injection
E
CVE-2025-4862 PHPGurukul Directory Management System searchdata.php cross site scripting
E
CVE-2025-4863 Advaya Softech GEMS ERP Portal studentLogin.action sql injection
E
CVE-2025-4864 itsourcecode Restaurant Management System finished.php sql injection
E
CVE-2025-4865 itsourcecode Restaurant Management System member_save.php sql injection
E
CVE-2025-4866 weibocom rill-flow Management Console code injection
E
CVE-2025-4867 Tenda A15 ArpNerworkSet formArpNerworkSet denial of service
E
CVE-2025-4868 merikbest ecommerce-spring-reactjs File Upload Endpoint admin path traversal
E
CVE-2025-4869 itsourcecode Restaurant Management System member_update.php sql injection
E
CVE-2025-4870 itsourcecode Restaurant Management System menu_save.php sql injection
E
CVE-2025-4871 PCMan FTP Server REST Command buffer overflow
E
CVE-2025-4872 FreeFloat FTP Server CCC Command buffer overflow
E
CVE-2025-4873 PHPGurukul News Portal Login index.php sql injection
E
CVE-2025-4874 PHPGurukul News Portal Project contactus.php sql injection
E
CVE-2025-4875 Campcodes Online Shopping Portal forgot-password.php sql injection
E
CVE-2025-4876 Hardcoded Key Revealed in ConnectWise Password Encryption Utility
S
CVE-2025-4879 Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
CVE-2025-4880 PHPGurukul News Portal aboutus.php sql injection
E
CVE-2025-4881 itsourcecode Restaurant Management System user_save.php sql injection
E
CVE-2025-4882 itsourcecode Restaurant Management System team_update.php sql injection
E
CVE-2025-4883 D-Link DI-8100 Connection Limit Page ctxz.asp ctxz_asp stack-based overflow
E
CVE-2025-4884 itsourcecode Restaurant Management System assign_save.php sql injection
E
CVE-2025-4885 itsourcecode Sales and Inventory System product_add.php sql injection
E
CVE-2025-4886 itsourcecode Sales and Inventory System product_update.php sql injection
E
CVE-2025-4887 SourceCodester Online Student Clearance System cross-site request forgery
E
CVE-2025-4888 code-projects Pharmacy Management System Add Order Details take_order buffer overflow
E
CVE-2025-4889 code-projects Tourism Management System User Registration AddUser buffer overflow
E
CVE-2025-4890 code-projects Tourism Management System Login User LoginUser stack-based overflow
E
CVE-2025-4891 code-projects Police Station Management System Display Record source.cpp display buffer overflow
E
CVE-2025-4892 code-projects Police Station Management System Delete Record source.cpp remove stack-based overflow
E
CVE-2025-4893 jammy928 CoinExchange_CryptoExchange_Java File Upload Endpoint UploadFileUtil.java uploadLocalImage path traversal
E
CVE-2025-4894 calmkart Django-sso-server crypto.py gen_rsa_keys inadequate encryption
E
CVE-2025-4895 SourceCodester Doctors Appointment System delete-session.php sql injection
E
CVE-2025-4896 Tenda AC10 UserCongratulationsExec buffer overflow
E
CVE-2025-4897 Tenda A15 HTTP POST Request multimodalAdd buffer overflow
E
CVE-2025-4898 SourceCodester Student Result Management System Logo File update_system.php unlink path traversal
E
CVE-2025-4899 Campcodes Sales and Inventory System transaction_update.php sql injection
E
CVE-2025-4900 Campcodes Sales and Inventory System payment.php sql injection
E
CVE-2025-4901 D-Link DI-7003GV2 HTTP Endpoint state_view.data sub_41E304 information disclosure
E
CVE-2025-4902 D-Link DI-7003GV2 versionupdate.data sub_48F4F0 information disclosure
E S
CVE-2025-4903 D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change
E
CVE-2025-4904 D-Link DI-7003GV2 webgl.data sub_41F0FC information disclosure
E
CVE-2025-4905 iop-apl-uw basestation3 QC.py load_qc_pickl deserialization
E
CVE-2025-4906 PHPGurukul Notice Board System login.php sql injection
E
CVE-2025-4907 PHPGurukul Daily Expense Tracker System forgot-password.php sql injection
E
CVE-2025-4908 PHPGurukul Daily Expense Tracker System expense-datewise-reports-detailed.php sql injection
E
CVE-2025-4909 SourceCodester Client Database Management System exposure of information through directory listing
E
CVE-2025-4910 PHPGurukul Zoo Management System edit-animal-details.php sql injection
E
CVE-2025-4911 PHPGurukul Zoo Management System view-foreigner-ticket.php sql injection
E
CVE-2025-4912 SourceCodester Student Result Management System Image File update_student.php path traversal
E S
CVE-2025-4913 PHPGurukul Auto Taxi Stand Management System index.php sql injection
E
CVE-2025-4914 PHPGurukul Auto Taxi Stand Management System forgot-password.php sql injection
E
CVE-2025-4915 PHPGurukul Auto Taxi Stand Management System auto-taxi-entry-detail.php sql injection
E
CVE-2025-4916 PHPGurukul Auto Taxi Stand Management System admin-profile.php sql injection
E
CVE-2025-4917 PHPGurukul Auto Taxi Stand Management System new-autoortaxi-entry-form.php sql injection
E
CVE-2025-4918 An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. Thi...
E
CVE-2025-4919 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing a...
CVE-2025-4920 Rejected reason: Duplicate of CVE-2025-4918...
R
CVE-2025-4921 Rejected reason: Duplicate of CVE-2025-4919...
R
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job
CVE-2025-4923 SourceCodester Client Database Management System user_delivery_update.php unrestricted upload
E
CVE-2025-4924 SourceCodester Client Database Management System user_void_transaction.php sql injection
E
CVE-2025-4925 PHPGurukul Daily Expense Tracker System expense-monthwise-reports-detailed.php sql injection
E
CVE-2025-4926 PHPGurukul Car Rental Project post-avehical.php unrestricted upload
E
CVE-2025-4927 PHPGurukul Online Marriage Registration System between-dates-application-report.php sql injection
E
CVE-2025-4928 projectworlds Online Lawyer Management System save_lawyer_edit_profile.php sql injection
E
CVE-2025-4929 Campcodes Online Shopping Portal my-account.php sql injection
E
CVE-2025-4930 Campcodes Online Shopping Portal my-cart.php sql injection
E
CVE-2025-4931 projectworlds Online Lawyer Management System user_registation.php sql injection
E
CVE-2025-4932 projectworlds Online Lawyer Management System lawyer_registation.php sql injection
E
CVE-2025-4933 ponaravindb Hospital-Management-System doctor-panel.php sql injection
E
CVE-2025-4934 PHPGurukul User Registration & Login and User Management System edit-profile.php sql injection
E
CVE-2025-4935 SourceCodester Stock Management System changePassword.php sql injection
E
CVE-2025-4936 projectworlds Online Food Ordering System admin-page.php sql injection
E
CVE-2025-4937 SourceCodester Apartment Visitor Management System profile.php sql injection
E
CVE-2025-4938 PHPGurukul Employee Record Management System registererms.php sql injection
E
CVE-2025-4939 PHPGurukul Credit Card Application Management System new-ccapplication.php cross site scripting
E
CVE-2025-4940 1000 Projects Daily College Class Work Report Book admin_info.php sql injection
E
CVE-2025-4941 PHPGurukul Credit Card Application Management System index.php sql injection
E
CVE-2025-4943 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter
S
CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets
CVE-2025-4945 Libsoup: integer overflow in cookie expiration date handling in libsoup
M
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
CVE-2025-4947 QUIC certificate check skip with wolfSSL
E S
CVE-2025-4948 Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
M
CVE-2025-4949 XXE vulnerability in Eclipse JGit
E
CVE-2025-4950 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-4951 Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripti...
CVE-2025-4954 Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload
E
CVE-2025-4955 tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS
E
CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter
CVE-2025-4965 WPBakery Page Builder <= 8.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via Grid Builder
CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function
CVE-2025-4967 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS
CVE-2025-4969 Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
CVE-2025-4971 Broadcom Automic Automation Agent Unix privilege escalation
CVE-2025-4972 Incorrect Authorization in GitLab
E S
CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'
CVE-2025-4975 Tapo privilege escalation on shared devices using notifications
CVE-2025-4977 Netgear DGND3700 BRS_top.html information disclosure
E
CVE-2025-4978 Netgear DGND3700 Basic Authentication BRS_top.html improper authentication
E
CVE-2025-4979 Insufficient Granularity of Access Control in GitLab
S
CVE-2025-4980 Netgear DGND3700 mini_http currentsetting.htm information disclosure
E
CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User
S
CVE-2025-4983 Stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x
CVE-2025-4984 Stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x
CVE-2025-4985 Stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE-2025-4986 Stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE-2025-4987 Stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
CVE-2025-4988 Stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
CVE-2025-4989 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE-2025-4990 Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE-2025-4991 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x
CVE-2025-4996 Intelbras RF 301K Add Static IP cross site scripting
CVE-2025-4997 H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service
E
CVE-2025-4998 H3C Magic R200G HTTP POST Request aspForm EditWlanMacList denial of service
E
CVE-2025-4999 Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi sub_4153FC command injection
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.