| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-43000 | Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) | | |
| CVE-2025-43001 | Multiple Privilege Escalation Vulnerabilities in SAPCAR | | |
| CVE-2025-43002 | Missing Authorization check in SAP S4/HANA (OData meta-data property) | | |
| CVE-2025-43003 | Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise) | | |
| CVE-2025-43004 | Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) | | |
| CVE-2025-43005 | Information Disclosure vulnerability in SAP GUI for Windows | | |
| CVE-2025-43006 | Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) | | |
| CVE-2025-43007 | Missing Authorization check in SAP Service Parts Management (SPM) | | |
| CVE-2025-43008 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal | | |
| CVE-2025-43009 | Missing Authorization check in SAP Service Parts Management (SPM) | | |
| CVE-2025-43010 | Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL)) | | |
| CVE-2025-43011 | Missing Authorization Check in SAP Landscape Transformation (PCL Basis) | | |
| CVE-2025-43012 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible... | | |
| CVE-2025-43013 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication wa... | | |
| CVE-2025-43014 | In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user c... | | |
| CVE-2025-43015 | In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces... | | |
| CVE-2025-43016 | In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during r... | | |
| CVE-2025-43018 | Certain HP LaserJet Pro Printers – Potential Information Disclosure | | |
| CVE-2025-43019 | HP Support Assistant – Potential Escalation of Privilege | | |
| CVE-2025-43020 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43021 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43022 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43023 | HP Linux Imaging and Printing Software - Use of DSA Key | | |
| CVE-2025-43025 | HP Universal Print Driver – Potential Denial of Service | | |
| CVE-2025-43026 | HP Support Assistant – Potential Escalation of Privilege | | |
| CVE-2025-43184 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2025-43185 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2025-43186 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6... | | |
| CVE-2025-43187 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7... | | |
| CVE-2025-43188 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43189 | This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, m... | | |
| CVE-2025-43191 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1... | | |
| CVE-2025-43192 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequo... | | |
| CVE-2025-43193 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, ma... | | |
| CVE-2025-43194 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonom... | | |
| CVE-2025-43195 | An issue existed in the handling of environment variables. This issue was addressed with improved va... | | |
| CVE-2025-43196 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1... | | |
| CVE-2025-43197 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15... | | |
| CVE-2025-43198 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6,... | | |
| CVE-2025-43199 | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequ... | | |
| CVE-2025-43200 | This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura ... | KEV | |
| CVE-2025-43201 | This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for ... | | |
| CVE-2025-43206 | A parsing issue in the handling of directory paths was addressed with improved path validation. This... | | |
| CVE-2025-43209 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in ma... | | |
| CVE-2025-43211 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Seq... | | |
| CVE-2025-43212 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Seq... | | |
| CVE-2025-43213 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Seq... | | |
| CVE-2025-43214 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 1... | | |
| CVE-2025-43215 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing ... | | |
| CVE-2025-43216 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari ... | | |
| CVE-2025-43217 | The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 a... | | |
| CVE-2025-43218 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Seq... | | |
| CVE-2025-43220 | This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9,... | | |
| CVE-2025-43221 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in ma... | | |
| CVE-2025-43222 | A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS S... | | |
| CVE-2025-43223 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2025-43224 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in vi... | | |
| CVE-2025-43225 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-43226 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 1... | | |
| CVE-2025-43227 | This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS ... | | |
| CVE-2025-43228 | The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18... | | |
| CVE-2025-43229 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-43230 | The issue was addressed with additional permissions checks. This issue is fixed in iPadOS 17.7.9, wa... | | |
| CVE-2025-43232 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43233 | This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-43234 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed... | | |
| CVE-2025-43235 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. An... | | |
| CVE-2025-43237 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2025-43239 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in ma... | | |
| CVE-2025-43240 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari ... | | |
| CVE-2025-43241 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43243 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43244 | A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15... | | |
| CVE-2025-43245 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2025-43246 | This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sono... | | |
| CVE-2025-43247 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43248 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, m... | | |
| CVE-2025-43249 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS S... | | |
| CVE-2025-43250 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 1... | | |
| CVE-2025-43251 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Se... | | |
| CVE-2025-43252 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2025-43253 | This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, ... | | |
| CVE-2025-43254 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Seq... | | |
| CVE-2025-43255 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono... | | |
| CVE-2025-43256 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2025-43259 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in ma... | | |
| CVE-2025-43260 | This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, m... | | |
| CVE-2025-43261 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS S... | | |
| CVE-2025-43265 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18... | | |
| CVE-2025-43266 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43267 | An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6... | | |
| CVE-2025-43268 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43270 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Seq... | | |
| CVE-2025-43273 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... | | |
| CVE-2025-43274 | A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia ... | | |
| CVE-2025-43275 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6... | | |
| CVE-2025-43276 | A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6.... | | |
| CVE-2025-43277 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18... | | |
| CVE-2025-43284 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono... | | |
| CVE-2025-43300 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | KEV E | |
| CVE-2025-43483 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43484 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43485 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43486 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43487 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43488 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43489 | Poly Clariti Manager - Multiple Security Vulnerabilities | | |
| CVE-2025-43490 | HP Hotkey Support – Escalation of Privilege | | |
| CVE-2025-43545 | Bridge | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-43546 | Bridge | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2025-43547 | Bridge | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2025-43548 | Dimension | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43549 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43550 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-43551 | Substance3D - Stager | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-43553 | Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427) | | |
| CVE-2025-43554 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43555 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2025-43556 | Animate | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2025-43557 | Animate | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-43558 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43559 | ColdFusion | Improper Input Validation (CWE-20) | | |
| CVE-2025-43560 | ColdFusion | Improper Input Validation (CWE-20) | | |
| CVE-2025-43561 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-43562 | ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | | |
| CVE-2025-43563 | ColdFusion | Improper Access Control (CWE-284) | | |
| CVE-2025-43564 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-43565 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-43566 | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | | |
| CVE-2025-43567 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2025-43568 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43569 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43570 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43571 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43572 | Dimension | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43573 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-43574 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-43575 | Acrobat Reader | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43576 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-43577 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2025-43578 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-43579 | Acrobat Reader | Information Exposure (CWE-200) | | |
| CVE-2025-43580 | Audition | Access of Memory Location After End of Buffer (CWE-788) | | |
| CVE-2025-43581 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43582 | Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-43583 | Substance3D - Viewer | NULL Pointer Dereference (CWE-476) | | |
| CVE-2025-43584 | Substance3D - Viewer | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-43585 | Adobe Commerce | Improper Authorization (CWE-285) | | |
| CVE-2025-43586 | Adobe Commerce | Improper Access Control (CWE-284) | | |
| CVE-2025-43587 | After Effects | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-43588 | Substance3D - Sampler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43589 | InDesign Desktop | Use After Free (CWE-416) | | |
| CVE-2025-43590 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43591 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-43592 | InDesign Desktop | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-43593 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43594 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43595 | MSP360 Backup (for Linux) insecure filesystem permissions | | |
| CVE-2025-43596 | MSP360 Backup (for Windows) insecure filesystem permissions | | |
| CVE-2025-43697 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows expo... | | |
| CVE-2025-43698 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypas... | | |
| CVE-2025-43699 | Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) a... | | |
| CVE-2025-43700 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows expos... | | |
| CVE-2025-43701 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows expos... | | |
| CVE-2025-43703 | An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacke... | | |
| CVE-2025-43704 | Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP... | | |
| CVE-2025-43708 | VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated b... | | |
| CVE-2025-43711 | Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitra... | | |
| CVE-2025-43712 | JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon regis... | | |
| CVE-2025-43713 | ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting... | | |
| CVE-2025-43714 | The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for ex... | E | |
| CVE-2025-43715 | Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate priv... | | |
| CVE-2025-43716 | A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By ... | | |
| CVE-2025-43717 | In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/ge... | | |
| CVE-2025-43720 | Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configu... | S | |
| CVE-2025-43728 | Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability... | | |
| CVE-2025-43729 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Crit... | | |
| CVE-2025-43730 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Deli... | | |
| CVE-2025-43731 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43732 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 thro... | | |
| CVE-2025-43733 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DX... | | |
| CVE-2025-43734 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43735 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, ... | | |
| CVE-2025-43736 | A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.... | | |
| CVE-2025-43737 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DX... | | |
| CVE-2025-43738 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43739 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 throu... | | |
| CVE-2025-43740 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and L... | | |
| CVE-2025-43741 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43742 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43743 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 throu... | | |
| CVE-2025-43744 | A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.13... | | |
| CVE-2025-43745 | A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 20... | | |
| CVE-2025-43746 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43747 | A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.... | | |
| CVE-2025-43748 | Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119,... | | |
| CVE-2025-43749 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 throu... | | |
| CVE-2025-43750 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 throu... | | |
| CVE-2025-43751 | User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 ... | | |
| CVE-2025-43752 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 throu... | | |
| CVE-2025-43753 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.13... | | |
| CVE-2025-43754 | Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q... | | |
| CVE-2025-43755 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Lif... | | |
| CVE-2025-43756 | A reflected cross-site scrip... | | |
| CVE-2025-43757 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43758 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 throu... | | |
| CVE-2025-43759 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024... | | |
| CVE-2025-43760 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, ... | | |
| CVE-2025-43761 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, ... | | |
| CVE-2025-43762 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 throu... | | |
| CVE-2025-43764 | Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Design... | | |
| CVE-2025-43765 | A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Lifer... | | |
| CVE-2025-43766 | The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13,... | | |
| CVE-2025-43767 | Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.8... | | |
| CVE-2025-43768 | Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throu... | | |
| CVE-2025-43769 | Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Lifer... | | |
| CVE-2025-43770 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, ... | | |
| CVE-2025-43773 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.1, 2025.Q1.0 thro... | | |
| CVE-2025-43832 | WordPress Remote Images Grabber plugin <= 0.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-43833 | WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability | | |
| CVE-2025-43834 | WordPress cookieBAR plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-43835 | WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-43836 | WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-43837 | WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-43838 | WordPress Custom PC Builder Lite for WooCommerce <= 1.0.1 - Settings Change Vulnerability | | |
| CVE-2025-43839 | WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-43840 | WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-43841 | WordPress WP Vegas plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-43842 | GHSL-2025-012_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43843 | GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43844 | GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43845 | GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43846 | GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43847 | GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43848 | GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43849 | GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43850 | GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43851 | GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43852 | GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43853 | iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature | | |
| CVE-2025-43854 | DIFY vulnerable to Clickjacking Attack | E S | |
| CVE-2025-43855 | tRPC 11 WebSocket DoS Vulnerability | | |
| CVE-2025-43856 | immich allows account hijacking through oauth2 | | |
| CVE-2025-43857 | net-imap rubygem vulnerable to possible DoS by memory exhaustion | S | |
| CVE-2025-43858 | YoutubeDLSharp allows command injection on windows system due to non sanitized arguments | E | |
| CVE-2025-43859 | h11 accepts some malformed Chunked-Encoding bodies | | |
| CVE-2025-43860 | OpemRMS Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics | E | |
| CVE-2025-43861 | ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection | | |
| CVE-2025-43862 | Dify Allows Unauthorized Access and Modification of APP Orchestration | E S | |
| CVE-2025-43863 | vantage6 lacks brute-force protection on change password functionality | | |
| CVE-2025-43864 | React Router allows a DoS via cache poisoning by forcing SPA mode | | |
| CVE-2025-43865 | React Router allows pre-render data spoofing on React-Router framework mode | | |
| CVE-2025-43866 | Vantage6 Server JWT secret not cryptographically secure | | |
| CVE-2025-43877 | WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arb... | | |
| CVE-2025-43878 | F5OS-A/C CLI vulnerability | | |
| CVE-2025-43879 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS comma... | | |
| CVE-2025-43880 | Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a log... | | |
| CVE-2025-43881 | Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System ver... | | |
| CVE-2025-43882 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A lo... | | |
| CVE-2025-43893 | Rejected reason: Not used... | R | |
| CVE-2025-43894 | Rejected reason: Not used... | R | |
| CVE-2025-43895 | Rejected reason: Not used... | R | |
| CVE-2025-43896 | Rejected reason: Not used... | R | |
| CVE-2025-43897 | Rejected reason: Not used... | R | |
| CVE-2025-43898 | Rejected reason: Not used... | R | |
| CVE-2025-43899 | Rejected reason: Not used... | R | |
| CVE-2025-43900 | Rejected reason: Not used... | R | |
| CVE-2025-43901 | Rejected reason: Not used... | R | |
| CVE-2025-43903 | NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on ... | | |
| CVE-2025-43915 | In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13... | | |
| CVE-2025-43916 | Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirec... | | |
| CVE-2025-43917 | In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate pri... | | |
| CVE-2025-43918 | SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate r... | | |
| CVE-2025-43919 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitra... | E M | |
| CVE-2025-43920 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, all... | E | |
| CVE-2025-43921 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists... | E | |
| CVE-2025-43922 | The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivilege... | | |
| CVE-2025-43923 | An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrati... | | |
| CVE-2025-43924 | Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in ... | | |
| CVE-2025-43925 | An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key,... | | |
| CVE-2025-43926 | An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the Agen... | | |
| CVE-2025-43928 | In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arb... | E | |
| CVE-2025-43929 | open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local exe... | E S | |
| CVE-2025-43930 | Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not con... | | |
| CVE-2025-43931 | flask-boilerplate through a170e7c allows account takeover via the password reset feature because SER... | | |
| CVE-2025-43932 | JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME... | | |
| CVE-2025-43933 | fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is ... | | |
| CVE-2025-43946 | TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path ... | E | |
| CVE-2025-43947 | Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perf... | E | |
| CVE-2025-43948 | Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input valu... | | |
| CVE-2025-43949 | MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that a... | | |
| CVE-2025-43950 | DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a direc... | | |
| CVE-2025-43951 | LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbi... | | |
| CVE-2025-43952 | A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web ... | E | |
| CVE-2025-43954 | QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is se... | S | |
| CVE-2025-43955 | TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... | E | |
| CVE-2025-43960 | Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a... | | |
| CVE-2025-43961 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag pars... | S | |
| CVE-2025-43962 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for ... | S | |
| CVE-2025-43963 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access ... | S | |
| CVE-2025-43964 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does... | S | |
| CVE-2025-43965 | In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumF... | | |
| CVE-2025-43966 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.... | S | |
| CVE-2025-43967 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/g... | E S | |
| CVE-2025-43970 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the in... | S | |
| CVE-2025-43971 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a pa... | S | |
| CVE-2025-43972 | An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/... | S | |
| CVE-2025-43973 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input... | S | |
| CVE-2025-43976 | The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed ap... | E | |
| CVE-2025-43977 | The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application (wi... | | |
| CVE-2025-43978 | Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multip... | | |
| CVE-2025-43979 | An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated att... | | |
| CVE-2025-43980 | An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service ... | | |
| CVE-2025-43982 | Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default... | | |
| CVE-2025-43983 | KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabil... | | |
| CVE-2025-43984 | An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: ... | | |
| CVE-2025-43986 | An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is e... | | |
| CVE-2025-43988 | KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowin... | | |
| CVE-2025-43989 | The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16... | |