| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-40014 | objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() | S | |
| CVE-2025-40114 | iio: light: Add check for array bounds in veml6075_read_int_time_ms | S | |
| CVE-2025-40325 | md/raid10: wait barrier before returning discard request with REQ_NOWAIT | | |
| CVE-2025-40364 | io_uring: fix io_req_prep_async with provided buffers | | |
| CVE-2025-40555 | A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected ... | | |
| CVE-2025-40556 | A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All ... | | |
| CVE-2025-40566 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC ... | | |
| CVE-2025-40567 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCA... | | |
| CVE-2025-40568 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCA... | | |
| CVE-2025-40569 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCA... | | |
| CVE-2025-40570 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6... | | |
| CVE-2025-40571 | A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.1.0... | | |
| CVE-2025-40572 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40573 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40574 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40575 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40576 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40577 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40578 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affecte... | | |
| CVE-2025-40579 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40580 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF... | | |
| CVE-2025-40581 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINE... | | |
| CVE-2025-40582 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINE... | | |
| CVE-2025-40583 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINE... | M | |
| CVE-2025-40584 | A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5... | | |
| CVE-2025-40585 | A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions... | | |
| CVE-2025-40591 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX ... | | |
| CVE-2025-40592 | A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio... | | |
| CVE-2025-40593 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected applicati... | | |
| CVE-2025-40595 | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work... | | |
| CVE-2025-40596 | A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauth... | | |
| CVE-2025-40597 | A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthe... | | |
| CVE-2025-40598 | A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allo... | E | |
| CVE-2025-40599 | An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management int... | | |
| CVE-2025-40600 | Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a r... | | |
| CVE-2025-40615 | Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy | S | |
| CVE-2025-40616 | Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy | S | |
| CVE-2025-40617 | SQL injection vulnerability in Bookgy | S | |
| CVE-2025-40618 | SQL injection vulnerability in Bookgy | S | |
| CVE-2025-40619 | Improper access control vulnerability in Bookgy | S | |
| CVE-2025-40620 | Multiple vulnerabilities in TCMAN's GIM | S | |
| CVE-2025-40621 | Multiple vulnerabilities in TCMAN's GIM | S | |
| CVE-2025-40622 | Multiple vulnerabilities in TCMAN's GIM | S | |
| CVE-2025-40623 | Multiple vulnerabilities in TCMAN's GIM | S | |
| CVE-2025-40624 | Multiple vulnerabilities in TCMAN's GIM | S | |
| CVE-2025-40625 | Multiple vulnerabilities in TCMAN's GIM | S | |
| CVE-2025-40626 | Reflected Cross-Site Scripting (XSS) in AbanteCart | S | |
| CVE-2025-40627 | Reflected Cross-Site Scripting (XSS) in AbanteCart | S | |
| CVE-2025-40628 | SQL Injection in DomainsPRO | S | |
| CVE-2025-40629 | Path Traversal vulnerability in PNETLab | | |
| CVE-2025-40630 | Open redirection vulnerability in IceWarp Mail Server | S | |
| CVE-2025-40631 | HTTP host header injection vulnerability in IceWarp Mail Server | S | |
| CVE-2025-40632 | Cross-site scripting (XSS) vulnerability in IceWarp Mail Server | S | |
| CVE-2025-40633 | Stored Cross-Site Scripting (XSS) in Koibox | | |
| CVE-2025-40634 | Stack-based buffer overflow in TP-Link Archer AX50 | S | |
| CVE-2025-40635 | SQL injection at Comerzzia | S | |
| CVE-2025-40650 | Insecure Direct Object Reference (IDOR) in Clickedu | S | |
| CVE-2025-40651 | Reflected Cross Site Scripting (XSS) in Real Easy Store | | |
| CVE-2025-40652 | Cross-Site Scripting (XSS) in CoverManager | S | |
| CVE-2025-40653 | User enumeration in M3M Printer Server Web | | |
| CVE-2025-40654 | SQL injection vulnerability in DM Corporative CMS | S | |
| CVE-2025-40655 | SQL injection vulnerability in DM Corporative CMS | S | |
| CVE-2025-40656 | SQL injection vulnerability in DM Corporative CMS | S | |
| CVE-2025-40657 | SQL injection vulnerability in DM Corporative CMS | S | |
| CVE-2025-40658 | Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS | S | |
| CVE-2025-40659 | Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS | S | |
| CVE-2025-40660 | Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS | S | |
| CVE-2025-40661 | Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS | S | |
| CVE-2025-40662 | Absolute path disclosure vulnerability in DM Corporative CMS | S | |
| CVE-2025-40663 | Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A | | |
| CVE-2025-40664 | Missing authentication vulnerability in TCMAN GIM v11 | S | |
| CVE-2025-40665 | Time-based blind SQL injection vulnerability in TCMAN GIM v11 | S | |
| CVE-2025-40666 | Time-based blind SQL injection vulnerability in TCMAN GIM v11 | S | |
| CVE-2025-40667 | Missing authorization vulnerability in TCMAN GIM v11 | S | |
| CVE-2025-40668 | Incorrect Authorization vulnerability in TCMAN GIM | S | |
| CVE-2025-40669 | Incorrect Authorization vulnerability in TCMAN GIM | S | |
| CVE-2025-40670 | Incorrect Authorization vulnerability in TCMAN GIM | S | |
| CVE-2025-40671 | SQL injection vulnerability in AES Multimedia's Gestnet | S | |
| CVE-2025-40672 | Privilege Escalation in Panloader.exe | S | |
| CVE-2025-40673 | Missing Authorization in DinoRANK | S | |
| CVE-2025-40674 | Reflected Cross-Site Scripting (XSS) in osCommerce | S | |
| CVE-2025-40675 | Reflected Cross-Site Scripting (XSS) in Bagisto | | |
| CVE-2025-40680 | Encryption of sensitive data in CapillaryScope missing | S | |
| CVE-2025-40682 | SQL injection vulnerability in Human Resource Management System | | |
| CVE-2025-40683 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System | | |
| CVE-2025-40684 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System | | |
| CVE-2025-40685 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System | | |
| CVE-2025-40686 | Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System | | |
| CVE-2025-40702 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40703 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40704 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40705 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40706 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40707 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40708 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40709 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40710 | Host Header Injection (HHI) in the Hotspot Shield VPN client | S | |
| CVE-2025-40711 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40712 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40713 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40714 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40715 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40716 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40717 | SQL injection vulnerability in Quiter Gateway | S | |
| CVE-2025-40718 | Improper error handling vulnerability in Quiter Gateway | S | |
| CVE-2025-40719 | Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway | S | |
| CVE-2025-40720 | Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway | S | |
| CVE-2025-40721 | Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway | S | |
| CVE-2025-40722 | Stored Cross-Site Scripting (XSS) vulnerability on Flatboard | S | |
| CVE-2025-40723 | Stored Cross-Site Scripting (XSS) vulnerability on Flatboard | S | |
| CVE-2025-40724 | Stored Cross-Site Scripting (XSS) in Pharmacy POS PHP Script | S | |
| CVE-2025-40726 | Cross-Site Scripting (XSS) reflected in Nosto | S | |
| CVE-2025-40727 | Reflected Cross-Site Scripting (XSS) in Phoenix CMS | | |
| CVE-2025-40728 | SQL injection vulnerability in Customer Support System | | |
| CVE-2025-40729 | Reflected Cross-Site Scripting (XSS) vulnerability in Customer Support System | | |
| CVE-2025-40730 | HTML injection in Vox Media's Chorus CMS | S | |
| CVE-2025-40731 | SQL injection vulnerability in Daily Expense Manager | | |
| CVE-2025-40732 | User enumeration vulnerability in Daily Expense Manager | | |
| CVE-2025-40733 | Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager | | |
| CVE-2025-40734 | Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager | | |
| CVE-2025-40735 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vul... | | |
| CVE-2025-40736 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exp... | | |
| CVE-2025-40737 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application doe... | | |
| CVE-2025-40738 | A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application doe... | | |
| CVE-2025-40739 | A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affec... | | |
| CVE-2025-40740 | A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affec... | | |
| CVE-2025-40741 | A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affec... | | |
| CVE-2025-40742 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP... | | |
| CVE-2025-40743 | A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 82... | | |
| CVE-2025-40746 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected... | | |
| CVE-2025-40751 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected... | | |
| CVE-2025-40752 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= ... | | |
| CVE-2025-40753 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= ... | | |
| CVE-2025-40758 | A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3)... | | |
| CVE-2025-40759 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All... | | |
| CVE-2025-40761 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (... | | |
| CVE-2025-40762 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter ... | | |
| CVE-2025-40764 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter ... | | |
| CVE-2025-40766 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2025-40767 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2025-40768 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2025-40769 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | | |
| CVE-2025-40770 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). T... | | |
| CVE-2025-40775 | DNS message with invalid TSIG causes an assertion failure | S | |
| CVE-2025-40776 | Birthday Attack against Resolvers supporting ECS | S | |
| CVE-2025-40777 | A possible assertion failure when 'stale-answer-client-timeout' is set to '0' | S | |
| CVE-2025-40779 | Kea crash upon interaction between specific client options and subnet selection | S | |
| CVE-2025-40846 | HaloITSM open redirect via the returnUrl | | |
| CVE-2025-40906 | BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities | S | |
| CVE-2025-40907 | FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library | E S | |
| CVE-2025-40908 | YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified | E S | |
| CVE-2025-40909 | Perl threads have a working directory race condition where file operations may target unintended paths | E S | |
| CVE-2025-40910 | Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses | S | |
| CVE-2025-40911 | Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses | S | |
| CVE-2025-40912 | CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode | S | |
| CVE-2025-40913 | Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow | | |
| CVE-2025-40914 | Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow | S | |
| CVE-2025-40915 | Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens | S | |
| CVE-2025-40916 | Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text | S | |
| CVE-2025-40918 | Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely | S | |
| CVE-2025-40919 | Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely | | |
| CVE-2025-40920 | Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces | S | |
| CVE-2025-40923 | Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely | S | |
| CVE-2025-40924 | Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely | S | |
| CVE-2025-40927 | CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw | S | |
| CVE-2025-40980 | ddd | | |
| CVE-2025-40985 | SQL Injection in SCATI Vision Web | S |