| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-45001 | react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption ci... | E | |
| CVE-2025-45002 | Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture f... | E | |
| CVE-2025-45006 | Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violate... | | |
| CVE-2025-45007 | A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGu... | E | |
| CVE-2025-45009 | A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticke... | E | |
| CVE-2025-45010 | A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPG... | E | |
| CVE-2025-45011 | A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ti... | E | |
| CVE-2025-45015 | A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.p... | E | |
| CVE-2025-45017 | A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Managem... | E | |
| CVE-2025-45018 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PH... | E | |
| CVE-2025-45019 | A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park T... | E | |
| CVE-2025-45020 | A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGu... | E | |
| CVE-2025-45021 | A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul ... | E | |
| CVE-2025-45029 | WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable a... | | |
| CVE-2025-45042 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet fu... | E | |
| CVE-2025-45055 | Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management ... | E S | |
| CVE-2025-45065 | employee record management system in php and mysql v1 was discovered to contain a SQL injection vuln... | E | |
| CVE-2025-45080 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2025-45081 | Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.... | | |
| CVE-2025-45083 | Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers ... | | |
| CVE-2025-45143 | string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited vi... | | |
| CVE-2025-45236 | A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 all... | E | |
| CVE-2025-45237 | Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to ac... | E | |
| CVE-2025-45238 | foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreS... | E | |
| CVE-2025-45239 | An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a dire... | E | |
| CVE-2025-45240 | foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method ... | E | |
| CVE-2025-45242 | Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAd... | | |
| CVE-2025-45250 | MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url funct... | E | |
| CVE-2025-45320 | A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Onlin... | E | |
| CVE-2025-45321 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Re... | E | |
| CVE-2025-45322 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/Che... | E | |
| CVE-2025-45331 | brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_onc... | | |
| CVE-2025-45332 | vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib functi... | E S | |
| CVE-2025-45333 | berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigP... | E | |
| CVE-2025-45343 | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editi... | E | |
| CVE-2025-45387 | osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/... | S | |
| CVE-2025-45388 | Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functi... | E | |
| CVE-2025-45424 | Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without ... | | |
| CVE-2025-45427 | In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet h... | E | |
| CVE-2025-45428 | In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRe... | E | |
| CVE-2025-45429 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerabili... | E | |
| CVE-2025-45468 | Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and... | | |
| CVE-2025-45471 | Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compro... | | |
| CVE-2025-45472 | Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromi... | | |
| CVE-2025-45474 | maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.... | E | |
| CVE-2025-45475 | maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Manageme... | E | |
| CVE-2025-45479 | Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers ... | E | |
| CVE-2025-45487 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.I... | E | |
| CVE-2025-45488 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d... | E | |
| CVE-2025-45489 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d... | E | |
| CVE-2025-45490 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d... | E | |
| CVE-2025-45491 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d... | E | |
| CVE-2025-45492 | Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_w... | E | |
| CVE-2025-45513 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.... | E | |
| CVE-2025-45514 | Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.... | E | |
| CVE-2025-45525 | A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight ve... | | |
| CVE-2025-45526 | A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight ver... | E | |
| CVE-2025-45529 | An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows att... | E | |
| CVE-2025-45542 | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The... | E | |
| CVE-2025-45582 | GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c... | | |
| CVE-2025-45607 | An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via... | E | |
| CVE-2025-45608 | Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows atta... | | |
| CVE-2025-45609 | Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to ... | | |
| CVE-2025-45610 | Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows att... | | |
| CVE-2025-45611 | Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass... | | |
| CVE-2025-45612 | Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET r... | E | |
| CVE-2025-45613 | Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access... | | |
| CVE-2025-45614 | Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access s... | | |
| CVE-2025-45615 | Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain ac... | | |
| CVE-2025-45616 | Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admi... | | |
| CVE-2025-45617 | Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attack... | | |
| CVE-2025-45618 | Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboo... | | |
| CVE-2025-45661 | A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritr... | | |
| CVE-2025-45662 | A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 9... | | |
| CVE-2025-45729 | D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and ... | E | |
| CVE-2025-45737 | An issue in NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers t... | | |
| CVE-2025-45746 | In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded ... | E | |
| CVE-2025-45751 | SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scriptin... | E | |
| CVE-2025-45752 | A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP ... | E | |
| CVE-2025-45753 | A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to... | | |
| CVE-2025-45754 | A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allow... | E | |
| CVE-2025-45755 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, e... | E | |
| CVE-2025-45779 | Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler v... | E | |
| CVE-2025-45784 | D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER... | E | |
| CVE-2025-45786 | Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.... | E | |
| CVE-2025-45787 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFil... | E | |
| CVE-2025-45788 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilte... | E | |
| CVE-2025-45789 | TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParen... | E | |
| CVE-2025-45790 | TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMac... | E | |
| CVE-2025-45797 | TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability ... | E | |
| CVE-2025-45798 | A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnera... | E | |
| CVE-2025-45800 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceN... | E | |
| CVE-2025-45809 | BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block e... | | |
| CVE-2025-45813 | ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.... | | |
| CVE-2025-45814 | Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , a... | | |
| CVE-2025-45818 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/mo... | E | |
| CVE-2025-45819 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/mo... | E | |
| CVE-2025-45820 | Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/mo... | E | |
| CVE-2025-45835 | A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerabilit... | E | |
| CVE-2025-45841 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2025-45842 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2025-45843 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2025-45844 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2025-45845 | TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2025-45846 | ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsi... | E | |
| CVE-2025-45847 | ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPM... | E | |
| CVE-2025-45851 | An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Servic... | | |
| CVE-2025-45854 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.... | E S | |
| CVE-2025-45855 | An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.1... | | |
| CVE-2025-45857 | EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the ... | E | |
| CVE-2025-45858 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2025-45859 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr pa... | E | |
| CVE-2025-45861 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername... | E | |
| CVE-2025-45862 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacen... | E | |
| CVE-2025-45863 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr par... | E | |
| CVE-2025-45864 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolSt... | E | |
| CVE-2025-45865 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr pa... | E | |
| CVE-2025-45866 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEn... | E | |
| CVE-2025-45867 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns... | E | |
| CVE-2025-45872 | zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl para... | E | |
| CVE-2025-45878 | A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.... | | |
| CVE-2025-45879 | A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.... | | |
| CVE-2025-45880 | A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amig... | | |
| CVE-2025-45885 | PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users... | E | |
| CVE-2025-45887 | Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.... | E | |
| CVE-2025-45890 | Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute a... | E | |
| CVE-2025-45931 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute a... | E | |
| CVE-2025-45938 | Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Ji... | | |
| CVE-2025-45947 | An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary co... | E | |
| CVE-2025-45949 | A critical vulnerability was found in PHPGurukul User Registration & Login and User Management Syste... | E | |
| CVE-2025-45953 | A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.... | E | |
| CVE-2025-45956 | A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management ... | E | |
| CVE-2025-45984 | Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300... | E | |
| CVE-2025-45985 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F120... | E | |
| CVE-2025-45986 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F120... | E | |
| CVE-2025-45987 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F120... | E | |
| CVE-2025-45988 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F120... | E | |
| CVE-2025-45997 | Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. A... | E |