| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-43000 | Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) | | |
| CVE-2025-43002 | Missing Authorization check in SAP S4/HANA (OData meta-data property) | | |
| CVE-2025-43003 | Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise) | | |
| CVE-2025-43004 | Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) | | |
| CVE-2025-43005 | Information Disclosure vulnerability in SAP GUI for Windows | | |
| CVE-2025-43006 | Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) | | |
| CVE-2025-43007 | Missing Authorization check in SAP Service Parts Management (SPM) | | |
| CVE-2025-43008 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal | | |
| CVE-2025-43009 | Missing Authorization check in SAP Service Parts Management (SPM) | | |
| CVE-2025-43010 | Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL)) | | |
| CVE-2025-43011 | Missing Authorization Check in SAP Landscape Transformation (PCL Basis) | | |
| CVE-2025-43012 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible... | | |
| CVE-2025-43013 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication wa... | | |
| CVE-2025-43014 | In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user c... | | |
| CVE-2025-43015 | In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces... | | |
| CVE-2025-43016 | In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during r... | | |
| CVE-2025-43545 | Bridge | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-43546 | Bridge | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2025-43547 | Bridge | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2025-43548 | Dimension | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43549 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43551 | Substance3D - Stager | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-43553 | Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427) | | |
| CVE-2025-43554 | Substance3D - Modeler | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43555 | Animate | Integer Underflow (Wrap or Wraparound) (CWE-191) | | |
| CVE-2025-43556 | Animate | Integer Overflow or Wraparound (CWE-190) | | |
| CVE-2025-43557 | Animate | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-43559 | ColdFusion | Improper Input Validation (CWE-20) | | |
| CVE-2025-43560 | ColdFusion | Improper Input Validation (CWE-20) | | |
| CVE-2025-43561 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-43562 | ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | | |
| CVE-2025-43563 | ColdFusion | Improper Access Control (CWE-284) | | |
| CVE-2025-43564 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-43565 | ColdFusion | Incorrect Authorization (CWE-863) | | |
| CVE-2025-43566 | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | | |
| CVE-2025-43567 | Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2025-43568 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43569 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43570 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43571 | Substance3D - Stager | Use After Free (CWE-416) | | |
| CVE-2025-43572 | Dimension | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-43595 | MSP360 Backup (for Linux) insecure filesystem permissions | | |
| CVE-2025-43596 | MSP360 Backup (for Windows) insecure filesystem permissions | | |
| CVE-2025-43703 | An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacke... | | |
| CVE-2025-43704 | Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP... | | |
| CVE-2025-43708 | VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated b... | | |
| CVE-2025-43714 | The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for ex... | | |
| CVE-2025-43715 | Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate priv... | | |
| CVE-2025-43716 | A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By ... | | |
| CVE-2025-43717 | In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/ge... | | |
| CVE-2025-43832 | WordPress Remote Images Grabber plugin <= 0.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-43833 | WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability | | |
| CVE-2025-43834 | WordPress cookieBAR plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-43835 | WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-43836 | WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-43837 | WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-43838 | WordPress Custom PC Builder Lite for WooCommerce <= 1.0.1 - Settings Change Vulnerability | | |
| CVE-2025-43839 | WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-43840 | WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-43841 | WordPress WP Vegas plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-43842 | GHSL-2025-012_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43843 | GHSL-2025-013_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43844 | GHSL-2025-014_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43845 | GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43846 | GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43847 | GHSL-2025-017_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43848 | GHSL-2025-018_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43849 | GHSL-2025-019_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43850 | GHSL-2025-020_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43851 | GHSL-2025-021_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43852 | GHSL-2025-022_Retrieval-based-Voice-Conversion-WebUI | | |
| CVE-2025-43853 | iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature | | |
| CVE-2025-43854 | DIFY vulnerable to Clickjacking Attack | E S | |
| CVE-2025-43855 | tRPC 11 WebSocket DoS Vulnerability | | |
| CVE-2025-43857 | net-imap rubygem vulnerable to possible DoS by memory exhaustion | S | |
| CVE-2025-43858 | YoutubeDLSharp allows command injection on windows system due to non sanitized arguments | E | |
| CVE-2025-43859 | h11 accepts some malformed Chunked-Encoding bodies | | |
| CVE-2025-43860 | OpemRMS Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics | | |
| CVE-2025-43861 | ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection | | |
| CVE-2025-43862 | Dify Allows Unauthorized Access and Modification of APP Orchestration | | |
| CVE-2025-43864 | React Router allows a DoS via cache poisoning by forcing SPA mode | | |
| CVE-2025-43865 | React Router allows pre-render data spoofing on React-Router framework mode | | |
| CVE-2025-43878 | F5OS-A/C CLI vulnerability | | |
| CVE-2025-43893 | Rejected reason: Not used... | R | |
| CVE-2025-43894 | Rejected reason: Not used... | R | |
| CVE-2025-43895 | Rejected reason: Not used... | R | |
| CVE-2025-43896 | Rejected reason: Not used... | R | |
| CVE-2025-43897 | Rejected reason: Not used... | R | |
| CVE-2025-43898 | Rejected reason: Not used... | R | |
| CVE-2025-43899 | Rejected reason: Not used... | R | |
| CVE-2025-43900 | Rejected reason: Not used... | R | |
| CVE-2025-43901 | Rejected reason: Not used... | R | |
| CVE-2025-43903 | NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on ... | | |
| CVE-2025-43915 | In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13... | | |
| CVE-2025-43916 | Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirec... | | |
| CVE-2025-43917 | In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate pri... | | |
| CVE-2025-43918 | SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate r... | | |
| CVE-2025-43919 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitra... | E M | |
| CVE-2025-43920 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, all... | E | |
| CVE-2025-43921 | GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists... | E | |
| CVE-2025-43922 | The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivilege... | | |
| CVE-2025-43926 | An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the Agen... | | |
| CVE-2025-43928 | In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arb... | E | |
| CVE-2025-43929 | open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local exe... | E S | |
| CVE-2025-43946 | TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path ... | | |
| CVE-2025-43947 | Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perf... | | |
| CVE-2025-43948 | Codemers KLIMS 1.6.DEV allows Python code injection. A user can provide Python code as an input valu... | | |
| CVE-2025-43949 | MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that a... | | |
| CVE-2025-43950 | DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a direc... | | |
| CVE-2025-43951 | LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbi... | | |
| CVE-2025-43952 | A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web ... | E | |
| CVE-2025-43954 | QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is se... | S | |
| CVE-2025-43955 | TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... | E | |
| CVE-2025-43961 | In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag pars... | S | |
| CVE-2025-43962 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for ... | S | |
| CVE-2025-43963 | In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access ... | S | |
| CVE-2025-43964 | In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does... | S | |
| CVE-2025-43965 | In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumF... | | |
| CVE-2025-43966 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.... | S | |
| CVE-2025-43967 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/g... | E S | |
| CVE-2025-43970 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the in... | S | |
| CVE-2025-43971 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a pa... | S | |
| CVE-2025-43972 | An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/... | S | |
| CVE-2025-43973 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input... | S |