| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-46011 | Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function wh... | | |
| CVE-2025-46014 | Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect ser... | | |
| CVE-2025-46035 | Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial ... | E | |
| CVE-2025-46041 | A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject m... | E | |
| CVE-2025-46052 | An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbi... | E | |
| CVE-2025-46053 | A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands a... | E | |
| CVE-2025-46060 | Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to e... | E | |
| CVE-2025-46078 | HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the... | E | |
| CVE-2025-46080 | HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist... | E | |
| CVE-2025-46096 | Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks v... | | |
| CVE-2025-46101 | SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Ob... | E | |
| CVE-2025-46109 | SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sens... | E | |
| CVE-2025-46154 | Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.... | | |
| CVE-2025-46157 | An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file... | E | |
| CVE-2025-46158 | An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of servi... | E | |
| CVE-2025-46173 | code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the n... | E | |
| CVE-2025-46176 | Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow ... | | |
| CVE-2025-46178 | Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudCl... | E M | |
| CVE-2025-46179 | A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project ... | E | |
| CVE-2025-46188 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_ph... | E | |
| CVE-2025-46189 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_cu... | E | |
| CVE-2025-46190 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery... | | |
| CVE-2025-46191 | Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System... | | |
| CVE-2025-46192 | SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_... | | |
| CVE-2025-46193 | SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbi... | | |
| CVE-2025-46203 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/... | E | |
| CVE-2025-46204 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/ed... | E | |
| CVE-2025-46216 | Rejected reason: Not used... | R | |
| CVE-2025-46217 | Rejected reason: Not used... | R | |
| CVE-2025-46218 | Rejected reason: Not used... | R | |
| CVE-2025-46219 | Rejected reason: Not used... | R | |
| CVE-2025-46220 | Rejected reason: Not used... | R | |
| CVE-2025-46221 | Rejected reason: Not used... | R | |
| CVE-2025-46222 | Rejected reason: Not used... | R | |
| CVE-2025-46223 | Rejected reason: Not used... | R | |
| CVE-2025-46224 | Rejected reason: Not used... | R | |
| CVE-2025-46225 | WordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-46226 | WordPress MPL-Publisher <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46227 | WordPress Custom Related Posts <= 1.7.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46228 | WordPress Event post <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46229 | WordPress Textmetrics <= 3.6.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46230 | WordPress Popup Builder <= 1.1.35 - Local File Inclusion Vulnerability | S | |
| CVE-2025-46231 | WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-46232 | WordPress Download Alt Text AI <= 1.9.93 - Broken Access Control Vulnerability | S | |
| CVE-2025-46233 | WordPress Sirv <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46234 | WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-46235 | WordPress SKT Blocks – Gutenberg based Page Builder <= 2.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46236 | WordPress HTML Forms <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46237 | WordPress Link Library <= 7.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46238 | WordPress List Last Changes <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46239 | WordPress Theme Switcha <= 3.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46240 | WordPress Simple Download Counter <= 2.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46241 | WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability | S | |
| CVE-2025-46242 | WordPress Watu Quiz <= 3.4.3 - SQL Injection Vulnerability | S | |
| CVE-2025-46243 | WordPress Recover abandoned cart for WooCommerce <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-46244 | WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-46245 | WordPress CM Ad Changer <= 2.0.5 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-46246 | WordPress CM Answers <= 3.3.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-46247 | WordPress Appointment Booking Calendar <= 1.3.92 - Broken Access Control Vulnerability | S | |
| CVE-2025-46248 | WordPress Frontend Dashboard <= 2.2.5 - SQL Injection Vulnerability | S | |
| CVE-2025-46249 | WordPress Simple calendar for Elementor <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-46250 | WordPress VForm <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-46251 | WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-46252 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability | S | |
| CVE-2025-46253 | WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-46254 | WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-46257 | WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-46258 | WordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerability | S | |
| CVE-2025-46259 | WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability | S | |
| CVE-2025-46260 | WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-46261 | WordPress Seriously Simple Podcasting plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-46262 | WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46263 | WordPress Author Box After Posts plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46264 | WordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-46265 | F5OS vulnerability | | |
| CVE-2025-46271 | Planet Technology Network Products OS Command Injection | S | |
| CVE-2025-46272 | Planet Technology Network Products OS Command Injection | S | |
| CVE-2025-46273 | Planet Technology Network Products Use of Hard-coded Credentials | S | |
| CVE-2025-46274 | Planet Technology Network Products Use of Hard-coded Credentials | S | |
| CVE-2025-46275 | Planet Technology Network Products Missing Authentication for Critical Function | S | |
| CVE-2025-46326 | Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file | S | |
| CVE-2025-46327 | Go Snowflake Driver has race condition when checking access to Easy Logging configuration file | S | |
| CVE-2025-46328 | NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file | S | |
| CVE-2025-46329 | Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs | S | |
| CVE-2025-46330 | Snowflake Connector for C/C++ retries malformed requests | S | |
| CVE-2025-46331 | OpenFGA Authorization Bypass | | |
| CVE-2025-46332 | Information Disclosure via Flags override link | | |
| CVE-2025-46333 | z2d OOB composition could lead to invalid memory access and corruption | | |
| CVE-2025-46334 | Git GUI malicious command injection on Windows | | |
| CVE-2025-46335 | Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload | E S | |
| CVE-2025-46336 | Rack session gets restored after deletion | | |
| CVE-2025-46337 | SQL injection in ADOdb PostgreSQL driver pg_insert_id() method | | |
| CVE-2025-46338 | Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload | E S | |
| CVE-2025-46339 | FreshRSS vulnerable to favicon cache poisoning via proxy | | |
| CVE-2025-46340 | Misskey CSS Style Injection Vulnerability In `MkUrlPreview` | | |
| CVE-2025-46341 | Privilege escalation via SSRF when using HTTP auth | | |
| CVE-2025-46342 | Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements | E S | |
| CVE-2025-46343 | n8n Vulnerable to Stored XSS through Attachments View Endpoint | S | |
| CVE-2025-46344 | Auth0 NextJS SDK v4 Missing Session Invalidation | | |
| CVE-2025-46345 | Auth0 Account Link Extension JWT Invalid Signature Validation | | |
| CVE-2025-46346 | YesWiki Vulnerable to Stored XSS in Comments | E S | |
| CVE-2025-46347 | YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution | E S | |
| CVE-2025-46348 | YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download | E S | |
| CVE-2025-46349 | YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting | E S | |
| CVE-2025-46350 | Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting | E S | |
| CVE-2025-46352 | Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials | S | |
| CVE-2025-46355 | Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may... | | |
| CVE-2025-46358 | Emerson ValveLink Products Protection Mechanism Failure | S | |
| CVE-2025-46374 | Rejected reason: Not used... | R | |
| CVE-2025-46375 | Rejected reason: Not used... | R | |
| CVE-2025-46376 | Rejected reason: Not used... | R | |
| CVE-2025-46377 | Rejected reason: Not used... | R | |
| CVE-2025-46378 | Rejected reason: Not used... | R | |
| CVE-2025-46379 | Rejected reason: Not used... | R | |
| CVE-2025-46380 | Rejected reason: Not used... | R | |
| CVE-2025-46381 | Rejected reason: Not used... | R | |
| CVE-2025-46392 | Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x | | |
| CVE-2025-46393 | In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (re... | | |
| CVE-2025-46394 | In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the... | | |
| CVE-2025-46397 | Xfig: fig2dev stack-overflow | | |
| CVE-2025-46398 | Xfig: fig2dev stack-overflow via read_objects | | |
| CVE-2025-46399 | Xfig: transfig: fig2dev segmentation fault vulnerability | | |
| CVE-2025-46400 | Xfig: fig2dev segmentation fault in read_arcobject | | |
| CVE-2025-46406 | A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged ... | | |
| CVE-2025-46412 | Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel | S | |
| CVE-2025-46415 | A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbit... | | |
| CVE-2025-46416 | The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevat... | | |
| CVE-2025-46417 | The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_cert... | E | |
| CVE-2025-46419 | Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.... | | |
| CVE-2025-46420 | Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c | M | |
| CVE-2025-46421 | Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server | M | |
| CVE-2025-46432 | In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs... | | |
| CVE-2025-46433 | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possi... | | |
| CVE-2025-46435 | WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46436 | WordPress SCSS-Library <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-46437 | WordPress Tayori Form plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46438 | WordPress GTDB Guitar Tuners <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46439 | WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability | | |
| CVE-2025-46440 | WordPress kStats Reloaded plugin <= 0.7.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46441 | WordPress Section Widget plugin <= 3.3.1 - Path Traversal vulnerability | | |
| CVE-2025-46442 | WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46443 | WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-46444 | WordPress Ads Pro plugin <= 4.88 - Local File Inclusion vulnerability | | |
| CVE-2025-46445 | WordPress External Markdown <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46446 | WordPress Libro de Reclamaciones <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46447 | WordPress Fable Extra <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46448 | WordPress Document Management System <= 1.24 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46449 | WordPress WoWHead Tooltips <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46450 | WordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-46451 | WordPress Floating Social Bar <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46452 | WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46453 | WordPress Zoho Creator Forms <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46454 | WordPress Meta Keywords & Description <= 0.8 - Local File Inclusion Vulnerability | | |
| CVE-2025-46455 | WordPress WP HRM LITE <= 1.1 - SQL Injection Vulnerability | | |
| CVE-2025-46456 | WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46457 | WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46458 | WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability | | |
| CVE-2025-46459 | WordPress Confirm User Registration <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46460 | WordPress Easy Guide <= 1.0.0 - SQL Injection Vulnerability | | |
| CVE-2025-46461 | WordPress RRSSB <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46462 | WordPress WPVN <= 0.7.8 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-46463 | WordPress Mailing Group Listserv <= 3.0.4 - SQL Injection Vulnerability | S | |
| CVE-2025-46464 | WordPress Ads Pro plugin <= 4.88 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46465 | WordPress Print Science Designer plugin <= 1.3.155 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46466 | WordPress Modern Polls plugin <= 1.0.10 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46467 | WordPress RAphicon <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46468 | WordPress Fable Extra <= 1.0.6 - Local File Inclusion Vulnerability | S | |
| CVE-2025-46469 | WordPress Send From <= 2.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46470 | WordPress Smart Hashtags [#hashtagger] <= 7.2.3 - Broken Access Control Vulnerability | | |
| CVE-2025-46471 | WordPress WP Custom Post Popup <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46472 | WordPress The Pack Elementor addons <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46473 | WordPress Social Counter <= 2.0.5 - PHP Object Injection Vulnerability | | |
| CVE-2025-46474 | WordPress SEUR Oficial <= 2.2.23 - Local File Inclusion Vulnerability | S | |
| CVE-2025-46475 | WordPress Able Player <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46476 | WordPress Awesome Wp Image Gallery <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46477 | WordPress WP Customize Login Page <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46478 | WordPress Dropdown Content <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46479 | WordPress BBCode Deluxe <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46480 | WordPress Nepali Post Date <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46481 | WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-46482 | WordPress WP Quiz plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46483 | WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46484 | WordPress Image Hover Effects For WPBakery Page Builder <= 2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46485 | WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability | | |
| CVE-2025-46486 | WordPress Nomupay Payment Processing Gateway <= 7.1.7 - Arbitrary File Download Vulnerability | S | |
| CVE-2025-46487 | WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46488 | WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability | S | |
| CVE-2025-46489 | WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability | | |
| CVE-2025-46490 | WordPress Crossword Compiler Puzzles <= 5.2 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-46491 | WordPress Multi-Column Taxonomy List <= 1.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46492 | WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability | | |
| CVE-2025-46493 | WordPress Crossword Compiler Puzzles <= 5.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46495 | WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability | | |
| CVE-2025-46496 | WordPress Mini twitter feed <= 3.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46497 | WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-46498 | WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-46499 | WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-46501 | WordPress Mixcloud Embed <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46502 | WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability | | |
| CVE-2025-46503 | WordPress Simple Google Photos Grid <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-46504 | WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability | | |
| CVE-2025-46505 | WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46506 | WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability | | |
| CVE-2025-46507 | WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-46508 | WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46509 | WordPress 360 View <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46510 | WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46511 | WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-46512 | WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46513 | WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-46514 | WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-46515 | WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46516 | WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-46517 | WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46518 | WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46519 | WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability | | |
| CVE-2025-46520 | WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-46521 | WordPress WS Force Login Page <= 3.0.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46522 | WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-46523 | WordPress COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46524 | WordPress WP Filter Post Category plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-46525 | WordPress WP Cookie Consent <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46526 | WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46527 | WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability | S | |
| CVE-2025-46528 | WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-46529 | WordPress Business Contact Widget <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46530 | WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-46531 | WordPress WP AVCL Automation Helper (formerly WPFlyLeads) <= 3.4 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-46532 | WordPress Tooltip <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46533 | WordPress Landing pages and Domain aliases for WordPress <= 0.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46534 | WordPress Image Style Hover <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46535 | WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability | | |
| CVE-2025-46536 | WordPress Carousel-of-post-images <= 1.07 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46537 | WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46538 | WordPress Inline Text Popup <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46539 | WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability | S | |
| CVE-2025-46540 | WordPress GNA Search Shortcode <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46541 | WordPress WP-reCAPTCHA-bp <= 4.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46542 | WordPress Xpert Tab <= 1.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-46543 | WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-46544 | In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new us... | | |
| CVE-2025-46545 | In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored X... | | |
| CVE-2025-46546 | In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authe... | | |
| CVE-2025-46547 | In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resul... | | |
| CVE-2025-46548 | Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective | E S | |
| CVE-2025-46549 | Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting | E S | |
| CVE-2025-46550 | Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting | E S | |
| CVE-2025-46551 | JRuby-OpenSSL has hostname verification disabled by default | E | |
| CVE-2025-46552 | KHC-INVITATION-AUTOMATION Sensitive User Information Leakage in Invitation Automation | | |
| CVE-2025-46553 | @misskey-dev/summaly Redirect Filter Bypass | | |
| CVE-2025-46554 | XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API | | |
| CVE-2025-46557 | Any user with view access to the XWiki space can change the authenticator | | |
| CVE-2025-46558 | org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content | | |
| CVE-2025-46559 | Misskey Directory Traversal Vulnerability in AiScript via `Mk:api` | | |
| CVE-2025-46560 | vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service | E | |
| CVE-2025-46565 | Vite's server.fs.deny bypassed with /. for files under project root | E | |
| CVE-2025-46566 | Dataease redshift JDBC Connection Remote Code Execution | E | |
| CVE-2025-46567 | LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py | E S | |
| CVE-2025-46568 | Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability | E | |
| CVE-2025-46569 | OPA server Data API HTTP path injection of Rego | | |
| CVE-2025-46570 | vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel | S | |
| CVE-2025-46571 | Open WebUI vulnerable to limited stored XSS vila uploaded html file | E S | |
| CVE-2025-46572 | passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping | | |
| CVE-2025-46573 | passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling | | |
| CVE-2025-46574 | ZTE GoldenDB Database product has an input validation vulnerability | S | |
| CVE-2025-46575 | ZTE GoldenDB Database product has an information disclosure vulnerability | S | |
| CVE-2025-46576 | ZTE GoldenDB Database product has a privilege escalation vulnerability | S | |
| CVE-2025-46577 | ZTE GoldenDB Database product has an SQL injection vulnerability | S | |
| CVE-2025-46578 | ZTE GoldenDB Database product has SQL injection vulnerabilities in multiple interfaces | S | |
| CVE-2025-46579 | ZTE GoldenDB Database product has a DDE injection vulnerability | S | |
| CVE-2025-46580 | ZTE GoldenDB Database product has a code-related vulnerability | | |
| CVE-2025-46584 | Vulnerability of improper authentication logic implementation in the file system module Impact: Succ... | | |
| CVE-2025-46585 | Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of... | | |
| CVE-2025-46586 | Permission control vulnerability in the contacts module Impact: Successful exploitation of this vuln... | | |
| CVE-2025-46587 | Permission control vulnerability in the media library module Impact: Successful exploitation of this... | | |
| CVE-2025-46588 | Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this ... | | |
| CVE-2025-46589 | Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this ... | | |
| CVE-2025-46590 | Bypass vulnerability in the network search instruction authentication module Impact: Successful expl... | | |
| CVE-2025-46591 | Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of... | | |
| CVE-2025-46592 | Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation ... | | |
| CVE-2025-46593 | Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploit... | | |
| CVE-2025-46595 | An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module t... | | |
| CVE-2025-46599 | CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintend... | | |
| CVE-2025-46610 | ARTEC EMA Mail 6.92 allows CSRF.... | | |
| CVE-2025-46611 | Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary c... | | |
| CVE-2025-46612 | The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to exe... | | |
| CVE-2025-46613 | OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnect... | | |
| CVE-2025-46614 | In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query ... | | |
| CVE-2025-46616 | Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via... | | |
| CVE-2025-46617 | Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unaut... | | |
| CVE-2025-46618 | In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab... | | |
| CVE-2025-46619 | A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2... | | |
| CVE-2025-46625 | Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro ... | | |
| CVE-2025-46626 | Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management se... | E | |
| CVE-2025-46627 | Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authe... | E | |
| CVE-2025-46628 | Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.... | E | |
| CVE-2025-46629 | Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an un... | E | |
| CVE-2025-46630 | Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an una... | E | |
| CVE-2025-46631 | Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an una... | E | |
| CVE-2025-46632 | Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may a... | E | |
| CVE-2025-46633 | Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16... | E | |
| CVE-2025-46634 | Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16... | E | |
| CVE-2025-46635 | An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the... | E | |
| CVE-2025-46646 | In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encod... | S | |
| CVE-2025-46647 | Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect | | |
| CVE-2025-46652 | In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extra... | | |
| CVE-2025-46653 | Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing... | E | |
| CVE-2025-46654 | CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript co... | E | |
| CVE-2025-46655 | CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents... | E | |
| CVE-2025-46656 | python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as | E | |
| CVE-2025-46657 | Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI.... | E | |
| CVE-2025-46661 | IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidato... | | |
| CVE-2025-46672 | NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially lea... | E | |
| CVE-2025-46673 | NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, pos... | E | |
| CVE-2025-46674 | NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for u... | E S | |
| CVE-2025-46675 | In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spac... | E S | |
| CVE-2025-46687 | quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap... | | |
| CVE-2025-46688 | quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to... | E S | |
| CVE-2025-46689 | Ververica Platform 2.14.0 contain an Reflected XSS vulnerability via a namespaces/default/formats UR... | E | |
| CVE-2025-46690 | Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespac... | E | |
| CVE-2025-46701 | Apache Tomcat: Security constraint bypass for CGI scripts | | |
| CVE-2025-46702 | Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management | S | |
| CVE-2025-46704 | Advantech iView Path Traversal | S | |
| CVE-2025-46707 | GPU DDK - Guest VM can override its own FW VZ connection state after the FW has close it | | |
| CVE-2025-46708 | GPU DDK - Guest VM can delay the FW and GPU from processing workloads from other VMs | | |
| CVE-2025-46710 | Possible kernel exceptions caused by reading and writing kernel heap data after free.... | | |
| CVE-2025-46712 | Erlang/OTP SSH Has Strict KEX Violations | | |
| CVE-2025-46713 | Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_SET_SECURE_PARAM) | | |
| CVE-2025-46714 | Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_GET_SECURE_PARAM) | | |
| CVE-2025-46715 | Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM) | | |
| CVE-2025-46716 | Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM) | | |
| CVE-2025-46717 | sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders | E | |
| CVE-2025-46718 | sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others | E | |
| CVE-2025-46719 | Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions | E S | |
| CVE-2025-46720 | Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields | | |
| CVE-2025-46721 | nosurf vulnerable to CSRF due to non-functional same-origin request checks | E | |
| CVE-2025-46722 | vLLM has a Weakness in MultiModalHasher Image Hashing Implementation | S | |
| CVE-2025-46723 | OpenVM byte decomposition of pc in AUIPC chip can overflow | | |
| CVE-2025-46724 | Langroid has a Code Injection vulnerability in TableChatAgent | E S | |
| CVE-2025-46725 | Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store | | |
| CVE-2025-46726 | Langroid Vulnerable to XXE Injection via XMLToolMessage | | |
| CVE-2025-46727 | Unbounded-Parameter DoS in Rack::QueryParser | S | |
| CVE-2025-46728 | cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests | | |
| CVE-2025-46729 | phpDVDProfiler Cross-site Scripting vulnerability | | |
| CVE-2025-46730 | Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack | | |
| CVE-2025-46731 | Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI | | |
| CVE-2025-46733 | REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure | E | |
| CVE-2025-46734 | league/commonmark Cross-site Scripting vulnerability in Attributes extension | | |
| CVE-2025-46735 | Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` | | |
| CVE-2025-46736 | Umbraco Makes User Enumeration Feasible Based on Timing of Login Response | | |
| CVE-2025-46737 | Origin Validation Error | | |
| CVE-2025-46738 | Deserialization of Untrusted Data | | |
| CVE-2025-46739 | Improper Restriction of Excessive Authentication Attempts | | |
| CVE-2025-46740 | Improper Handling of Insufficient Permissions | | |
| CVE-2025-46741 | Improper Privilege Management | | |
| CVE-2025-46742 | Improper Access Control | | |
| CVE-2025-46743 | Cross-Site Request Forgery | | |
| CVE-2025-46744 | Improper Privilege Management | | |
| CVE-2025-46745 | Improper Privilege Management | | |
| CVE-2025-46746 | Error Message Contains Sensitive Information | | |
| CVE-2025-46747 | Exposure of Sensitive System Information | | |
| CVE-2025-46748 | Unverified Password Change | | |
| CVE-2025-46749 | Improper Neutralization of Input | | |
| CVE-2025-46750 | Authentication Bypass | | |
| CVE-2025-46753 | Rejected reason: Not used... | R | |
| CVE-2025-46754 | Rejected reason: Not used... | R | |
| CVE-2025-46755 | Rejected reason: Not used... | R | |
| CVE-2025-46756 | Rejected reason: Not used... | R | |
| CVE-2025-46757 | Rejected reason: Not used... | R | |
| CVE-2025-46758 | Rejected reason: Not used... | R | |
| CVE-2025-46759 | Rejected reason: Not used... | R | |
| CVE-2025-46760 | Rejected reason: Not used... | R | |
| CVE-2025-46761 | Rejected reason: Not used... | R | |
| CVE-2025-46762 | Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata | | |
| CVE-2025-46777 | A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions ... | S | |
| CVE-2025-46778 | Rejected reason: Not used... | R | |
| CVE-2025-46779 | Rejected reason: Not used... | R | |
| CVE-2025-46780 | Rejected reason: Not used... | R | |
| CVE-2025-46781 | Rejected reason: Not used... | R | |
| CVE-2025-46782 | Rejected reason: Not used... | R | |
| CVE-2025-46783 | Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. I... | | |
| CVE-2025-46785 | Zoom Workplace Apps for Windows - Buffer Over-read | | |
| CVE-2025-46786 | Zoom Workplace Apps - Improper Neutralization of Special Elements | | |
| CVE-2025-46788 | Zoom Workplace for Linux - Improper Certificate Validation | | |
| CVE-2025-46789 | Zoom Clients for Windows - Classic Buffer Overflow | | |
| CVE-2025-46801 | Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary w... | | |
| CVE-2025-46802 | Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen | E | |
| CVE-2025-46803 | Screen creates by default world-writable PTYs | | |
| CVE-2025-46804 | Screen 5.0.0 and older versions allow file existence tests when installed setuid-root | | |
| CVE-2025-46805 | Screen has a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root | | |
| CVE-2025-46806 | Misaligned Memory Accesses in `is_openvpn_protocol()` | | |
| CVE-2025-46807 | File Descriptor Exhaustion in sslh-select and sslh-ev triggers SEGFAULT | | |
| CVE-2025-46812 | Trix vulnerable to Cross-site Scripting on copy & paste | | |
| CVE-2025-46813 | Private data leak on login-required Discourse sites | | |
| CVE-2025-46814 | FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation | | |
| CVE-2025-46815 | ZITADEL Allows IdP Intent Token Reuse | | |
| CVE-2025-46816 | goshs route not protected, allows command execution | | |
| CVE-2025-46820 | phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact | | |
| CVE-2025-46821 | Envoy vulnerable to bypass of RBAC uri_template permission | | |
| CVE-2025-46822 | Unauthenticated Arbitrary File Read via Absolute Path | E | |
| CVE-2025-46823 | OpenMRS has Vulnerability in FHIR2 Module Privileges | | |
| CVE-2025-46824 | Discourse Code Review Plugin vulnerable to XSS via auto link commits | | |
| CVE-2025-46825 | Kanboard has stored Cross-site Scripting vulnerability in project name | E S | |
| CVE-2025-46826 | insa-auth Open-Redirect on provided CAS server login endpoint | | |
| CVE-2025-46827 | Graylog Allows Session Takeover via Insufficient HTML Sanitization | | |
| CVE-2025-46828 | Unauthenticated SQL Injection on get_socios.php endpoint | E S | |
| CVE-2025-46833 | Programs/P73_SimplePythonEncryption.py has weak cryptographic key | | |
| CVE-2025-46834 | Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook | | |
| CVE-2025-46835 | Git GUI can create and overwrite files for which the user has write permission | | |
| CVE-2025-46836 | net-tools Stack-based Buffer Overflow vulnerability | | |
| CVE-2025-46837 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46838 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46840 | Adobe Experience Manager | Improper Authorization (CWE-285) | | |
| CVE-2025-46841 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46842 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46843 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46844 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46845 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46846 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46847 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46848 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46850 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46851 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46853 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46854 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46855 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46857 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2025-46858 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46859 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46860 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46861 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46862 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46863 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46864 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46865 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46866 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46870 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46871 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46872 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46873 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46874 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2025-46875 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2025-46876 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46877 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46878 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46879 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46880 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46881 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46882 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46883 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46884 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46885 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46886 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46887 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46888 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46889 | Adobe Experience Manager | Improper Access Control (CWE-284) | | |
| CVE-2025-46890 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46891 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46892 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46893 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46894 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46895 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46898 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46899 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46900 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46901 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46902 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46903 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46904 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46905 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46906 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46907 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46908 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46909 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46910 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46911 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46912 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46913 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46914 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46915 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46916 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46917 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46918 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46919 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46920 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46922 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46923 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46924 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46926 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46927 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46929 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46930 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46931 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46933 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46934 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46935 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46939 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46940 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46941 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46942 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46943 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46944 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46945 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46946 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46947 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46948 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46949 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46950 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46951 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46952 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46953 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46954 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46955 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46956 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46957 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46960 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46963 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46964 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46965 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46966 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46967 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46968 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46970 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46971 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46972 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46973 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46974 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46975 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46976 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46977 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46978 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46979 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46981 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46982 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46983 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46984 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46985 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46986 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46987 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46988 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46989 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2025-46990 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46991 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46992 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46995 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46997 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2025-46999 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | |