| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-44001 | Unauthorized Channel Subscription Read in Mattermost Confluence Plugin | S | |
| CVE-2025-44002 | Arbitrary File Creation via Symbolic Link leading to Denial-of-Service | S | |
| CVE-2025-44003 | Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allo... | | |
| CVE-2025-44004 | Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin | S | |
| CVE-2025-44015 | HybridDesk Station | S | |
| CVE-2025-44019 | AVEVA PI Data Archive Uncaught Exception | S | |
| CVE-2025-44021 | OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handlin... | | |
| CVE-2025-44022 | An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mech... | E S | |
| CVE-2025-44023 | An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbit... | | |
| CVE-2025-44024 | Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The... | E | |
| CVE-2025-44033 | SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary c... | | |
| CVE-2025-44039 | CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections fo... | E | |
| CVE-2025-44040 | An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and th... | | |
| CVE-2025-44043 | Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_Sea... | | |
| CVE-2025-44044 | Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can fo... | | |
| CVE-2025-44071 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2025-44072 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager... | E | |
| CVE-2025-44073 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment... | E | |
| CVE-2025-44074 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.p... | E | |
| CVE-2025-44083 | An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authent... | E | |
| CVE-2025-44084 | D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerabi... | E | |
| CVE-2025-44091 | yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function... | E | |
| CVE-2025-44108 | A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CM... | E S | |
| CVE-2025-44109 | A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlle... | | |
| CVE-2025-44110 | FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the Forum Description Field in admi... | E | |
| CVE-2025-44115 | A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file ... | E | |
| CVE-2025-44134 | A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /... | E | |
| CVE-2025-44135 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Schedulin... | E | |
| CVE-2025-44136 | MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" ... | E | |
| CVE-2025-44137 | MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within ti... | E | |
| CVE-2025-44139 | Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/p... | E | |
| CVE-2025-44141 | A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.... | | |
| CVE-2025-44148 | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execut... | E | |
| CVE-2025-44163 | RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An... | | |
| CVE-2025-44172 | Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setS... | E | |
| CVE-2025-44175 | Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.... | E | |
| CVE-2025-44176 | Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.... | E | |
| CVE-2025-44177 | A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-... | E | |
| CVE-2025-44178 | DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default sett... | | |
| CVE-2025-44179 | Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. ... | | |
| CVE-2025-44180 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edi... | E | |
| CVE-2025-44181 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /adm... | E | |
| CVE-2025-44182 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the... | | |
| CVE-2025-44183 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /adm... | E | |
| CVE-2025-44184 | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /... | E | |
| CVE-2025-44185 | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSR... | E | |
| CVE-2025-44186 | SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF... | E | |
| CVE-2025-44192 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay... | E | |
| CVE-2025-44193 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay... | E | |
| CVE-2025-44194 | SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay... | E | |
| CVE-2025-44201 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-44203 | In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.ph... | E | |
| CVE-2025-44206 | Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Adva... | | |
| CVE-2025-44251 | Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.... | | |
| CVE-2025-44525 | Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utili... | | |
| CVE-2025-44526 | Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks ... | E | |
| CVE-2025-44528 | An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers t... | E | |
| CVE-2025-44531 | An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service... | E | |
| CVE-2025-44557 | A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allow... | | |
| CVE-2025-44559 | An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers... | | |
| CVE-2025-44608 | CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the view... | E | |
| CVE-2025-44612 | Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, incl... | | |
| CVE-2025-44614 | Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including cre... | | |
| CVE-2025-44619 | Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi networ... | | |
| CVE-2025-44635 | There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-4... | | |
| CVE-2025-44643 | Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP91... | | |
| CVE-2025-44647 | In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option i... | | |
| CVE-2025-44649 | In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_m... | | |
| CVE-2025-44650 | In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to ... | | |
| CVE-2025-44651 | In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configurat... | | |
| CVE-2025-44652 | In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related con... | | |
| CVE-2025-44653 | In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option is set to 0 in the /etc/bftpd.conf. Thi... | | |
| CVE-2025-44654 | In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration fil... | | |
| CVE-2025-44655 | In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the ... | | |
| CVE-2025-44657 | In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftp... | | |
| CVE-2025-44658 | In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the... | | |
| CVE-2025-44779 | An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet t... | | |
| CVE-2025-44830 | EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet i... | E | |
| CVE-2025-44831 | EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interf... | E | |
| CVE-2025-44835 | D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which ... | E | |
| CVE-2025-44836 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2025-44837 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2025-44838 | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2025-44839 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44840 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44841 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44842 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44843 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44844 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44845 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44846 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44847 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44848 | TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-44854 | TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the se... | E | |
| CVE-2025-44860 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the... | E | |
| CVE-2025-44861 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the... | E | |
| CVE-2025-44862 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the... | E | |
| CVE-2025-44863 | TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the... | E | |
| CVE-2025-44864 | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg ... | E | |
| CVE-2025-44865 | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg ... | E | |
| CVE-2025-44866 | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg ... | E | |
| CVE-2025-44867 | Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckT... | E | |
| CVE-2025-44868 | Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test ... | E | |
| CVE-2025-44872 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUs... | E | |
| CVE-2025-44877 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSa... | E | |
| CVE-2025-44879 | WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload... | E | |
| CVE-2025-44880 | A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allow... | E | |
| CVE-2025-44881 | A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allow... | E | |
| CVE-2025-44882 | A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink WL-WN579A3 v1.0 ... | E | |
| CVE-2025-44883 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in th... | E | |
| CVE-2025-44884 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_p... | E | |
| CVE-2025-44885 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter i... | E | |
| CVE-2025-44886 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parame... | E | |
| CVE-2025-44887 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in... | E | |
| CVE-2025-44888 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name paramet... | E | |
| CVE-2025-44890 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in ... | E | |
| CVE-2025-44891 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in ... | E | |
| CVE-2025-44892 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in ... | E | |
| CVE-2025-44893 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter... | E | |
| CVE-2025-44894 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parame... | E | |
| CVE-2025-44895 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter ... | E | |
| CVE-2025-44896 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bindEditMACName param... | E | |
| CVE-2025-44897 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip paramete... | E | |
| CVE-2025-44898 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter... | E | |
| CVE-2025-44899 | There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasi... | | |
| CVE-2025-44900 | In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetPare... | | |
| CVE-2025-44904 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.... | E | |
| CVE-2025-44905 | hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset functi... | E | |
| CVE-2025-44906 | jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.... | E | |
| CVE-2025-44951 | A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in... | E | |
| CVE-2025-44952 | A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf... | E | |
| CVE-2025-44954 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equiva... | | |
| CVE-2025-44955 | RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardc... | | |
| CVE-2025-44957 | Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key ... | | |
| CVE-2025-44958 | RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.... | | |
| CVE-2025-44960 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain paramet... | | |
| CVE-2025-44961 | In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP addr... | | |
| CVE-2025-44962 | RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.... | | |
| CVE-2025-44963 | RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who ... | | |
| CVE-2025-44964 | A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-mi... | | |
| CVE-2025-44998 | A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileM... | E |