| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-48000 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | | |
| CVE-2025-48001 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2025-48002 | Windows Hyper-V Information Disclosure Vulnerability | | |
| CVE-2025-48003 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2025-48009 | Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 | | |
| CVE-2025-48010 | One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061 | | |
| CVE-2025-48011 | One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-062 | E | |
| CVE-2025-48012 | One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063 | | |
| CVE-2025-48013 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 | | |
| CVE-2025-48014 | Improper Restriction of Excessive Authentication Attempts | | |
| CVE-2025-48015 | Observable Response Discrepancy | | |
| CVE-2025-48016 | Improper Control of Interaction Frequency | | |
| CVE-2025-48017 | Improper Limitation of a Pathname to a Restricted Directory | | |
| CVE-2025-48018 | Deserialization of Untrusted Data | | |
| CVE-2025-48024 | In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application sec... | | |
| CVE-2025-48026 | A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 cou... | | |
| CVE-2025-48027 | The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary co... | | |
| CVE-2025-48045 | MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure | | |
| CVE-2025-48046 | MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext | | |
| CVE-2025-48047 | MICI Network Co. Ltd. NetFax Server Command Injection | | |
| CVE-2025-48050 | In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is loca... | E | |
| CVE-2025-48051 | powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an inner... | E S | |
| CVE-2025-48053 | Discourse vulnerable to DoS via large URL payload in PM to a bot | | |
| CVE-2025-48054 | Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | | |
| CVE-2025-48056 | Hubble CLI vulnerable to character injection | | |
| CVE-2025-48057 | Icinga 2 certificate renewal might incorrectly renew an invalid certificate | | |
| CVE-2025-48058 | PowSyBl Core contains Polynomial REDoS’es | | |
| CVE-2025-48059 | PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion | | |
| CVE-2025-48060 | AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) | E | |
| CVE-2025-48061 | wire-webapp Has Insufficient Session Invalidation after User Logout | | |
| CVE-2025-48062 | Discourse vulnerable to HTML injection when inviting to topic via email | | |
| CVE-2025-48063 | XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right | E S | |
| CVE-2025-48064 | GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure | | |
| CVE-2025-48066 | wire-webapp has no database deletion on client logout | S | |
| CVE-2025-48067 | OctoPrint vulnerable to possible file extraction via upload endpoints | | |
| CVE-2025-48068 | Information exposure in Next.js dev server due to lack of origin verification | | |
| CVE-2025-48069 | ejson2env has insufficient input sanitization | | |
| CVE-2025-48070 | Plane has insecure permissions in UserSerializer | E S | |
| CVE-2025-48075 | Fiber panics when fiber.Ctx.BodyParser parses invalid range index | E S | |
| CVE-2025-48079 | WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-48080 | WordPress Uncanny Toolkit for LearnDash <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48111 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-48112 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48113 | WordPress Broadstreet <= 1.51.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-48114 | WordPress ShayanWeb Admin FontChanger plugin <= 1.8.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48115 | WordPress ValidateCertify <= 1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-48116 | WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability | | |
| CVE-2025-48117 | WordPress WooCommerce POS <= 1.7.8 - Broken Access Control Vulnerability | | |
| CVE-2025-48118 | WordPress Woocommerce Partial Shipment <= 3.2 - SQL Injection Vulnerability | | |
| CVE-2025-48119 | WordPress RS WP Book Showcase plugin <= 6.7.41 - Arbitrary Shortcode Execution vulnerability | | |
| CVE-2025-48120 | WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary Shortcode Execution vulnerability | | |
| CVE-2025-48121 | WordPress WP Notes Widget <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-48122 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - SQL Injection Vulnerability | | |
| CVE-2025-48123 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Remote Code Execution (RCE) Vulnerability | | |
| CVE-2025-48124 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Arbitrary File Download Vulnerability | | |
| CVE-2025-48125 | WordPress WP Event Manager <= 3.1.49 - Local File Inclusion Vulnerability | | |
| CVE-2025-48126 | WordPress Essential Real Estate <= 5.2.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-48127 | WordPress Push notification for Mobile and Web app <= 2.0.3 - Broken Access Control Vulnerability | | |
| CVE-2025-48128 | WordPress Sharespine Woocommerce Connector <= 4.7.55 - Broken Access Control Vulnerability | | |
| CVE-2025-48129 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Privilege Escalation Vulnerability | | |
| CVE-2025-48130 | WordPress Spice Blocks <= 2.0.7.2 - Arbitrary File Download Vulnerability | | |
| CVE-2025-48131 | WordPress UltraAddons Elementor Lite <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-48132 | WordPress X Addons for Elementor <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-48133 | WordPress Uncanny Automator <= 6.4.0.2 - Broken Access Control Vulnerability | S | |
| CVE-2025-48134 | WordPress WP Tabs <= 2.2.11 - PHP Object Injection Vulnerability | | |
| CVE-2025-48135 | WordPress Aptivada for WP <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-48136 | WordPress Mortgage Calculator Estatik <= 2.0.12 - Local File Inclusion Vulnerability | | |
| CVE-2025-48137 | WordPress Interview <= 1.01 - SQL Injection Vulnerability | | |
| CVE-2025-48138 | WordPress BERTHA AI <= 1.12.11 - Broken Access Control Vulnerability | | |
| CVE-2025-48139 | WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability | | |
| CVE-2025-48140 | WordPress MetalpriceAPI <= 1.1.4 - Remote Code Execution (RCE) Vulnerability | S | |
| CVE-2025-48141 | WordPress Multi CryptoCurrency Payments <= 2.0.3 - SQL Injection Vulnerability | | |
| CVE-2025-48143 | WordPress Formulario de contacto SalesUp! plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48144 | WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-48145 | WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48146 | WordPress SEO Flow by LupsOnline plugin <= 2.2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-48147 | WordPress CryptoCloud - Crypto Payment Gateway <= 2.1.2 - Broken Access Control Vulnerability | | |
| CVE-2025-48172 | CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_bl... | E | |
| CVE-2025-48174 | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow ... | S | |
| CVE-2025-48175 | In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications in... | E S | |
| CVE-2025-48187 | RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-fo... | E S | |
| CVE-2025-48188 | libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-f... | | |
| CVE-2025-48200 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.... | | |
| CVE-2025-48201 | The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.... | | |
| CVE-2025-48202 | The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.... | | |
| CVE-2025-48203 | The cs_seo extension through 9.2.0 for TYPO3 allows XSS.... | | |
| CVE-2025-48204 | The ns_backup extension through 13.0.0 for TYPO3 allows command injection.... | | |
| CVE-2025-48205 | The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.... | | |
| CVE-2025-48206 | The ns_backup extension through 13.0.0 for TYPO3 allows XSS.... | | |
| CVE-2025-48207 | The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.... | | |
| CVE-2025-48219 | O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiati... | | |
| CVE-2025-48231 | WordPress Booking Calendar Contact Form <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48232 | WordPress Xpro Addons For Beaver Builder – Lite <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48233 | WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | S | |
| CVE-2025-48234 | WordPress Ultimate Blocks <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48235 | WordPress WP Image Mask <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48236 | WordPress bunny.net <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48237 | WordPress Wishlist for WooCommerce <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48238 | WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | S | |
| CVE-2025-48239 | WordPress Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48240 | WordPress Cost of Goods for WooCommerce <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48241 | WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-48242 | WordPress Legal Pages <= 1.4.5 - Broken Access Control Vulnerability | S | |
| CVE-2025-48243 | WordPress reCAPTCHA for all <= 2.26 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-48244 | WordPress Exclusive Addons Elementor <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48245 | WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-48246 | WordPress The Events Calendar <= 6.11.2.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-48247 | WordPress Shortlinks by Pretty Links <= 3.6.15 - Broken Access Control Vulnerability | S | |
| CVE-2025-48248 | WordPress Sitewide Discount for WooCommerce: Apply Discount to All Products <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48249 | WordPress EAN for WooCommerce <= 5.4.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48250 | WordPress Coupons & Add to Cart by URL Links for WooCommerce <= 1.7.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48251 | WordPress Additional Custom Emails & Recipients for WooCommerce <= 3.5.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48252 | WordPress Back Button Widget <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48253 | WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48254 | WordPress Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48255 | WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-48256 | WordPress Import Social Events <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48257 | WordPress Projectopia <= 5.1.17 - Broken Access Control Vulnerability | S | |
| CVE-2025-48258 | WordPress Mega Menu Block <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48259 | WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-48260 | WordPress GDPR CCPA Compliance Support <= 2.7.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-48261 | WordPress MultiVendorX <= 4.2.22 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-48262 | WordPress Url Rewrite Analyzer <= 1.3.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-48263 | WordPress MultiVendorX <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48264 | WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability | S | |
| CVE-2025-48265 | WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-48266 | WordPress Active Products Tables for WooCommerce <= 1.0.6.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48267 | WordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-48268 | WordPress Bot for Telegram on WooCommerce <= 1.2.6 - Broken Access Control Vulnerability | S | |
| CVE-2025-48269 | WordPress WPAdverts <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48270 | WordPress SKT Blocks <= 2.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48271 | WordPress Leadinfo <= 1.1 - Settings Change Vulnerability | S | |
| CVE-2025-48272 | WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability | S | |
| CVE-2025-48273 | WordPress WP Job Portal <= 2.3.2 - Arbitrary File Download Vulnerability | S | |
| CVE-2025-48274 | WordPress WP Job Portal <= 2.3.2 - SQL Injection Vulnerability | S | |
| CVE-2025-48275 | WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-48276 | WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48277 | WordPress Cost Calculator Builder <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48278 | WordPress RSVPMarker <= 11.5.6 - SQL Injection Vulnerability | S | |
| CVE-2025-48279 | WordPress WC MyParcel Belgium plugin <= 4.5.5-beta - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-48280 | WordPress AutomatorWP <= 5.2.1.3 - SQL Injection Vulnerability | S | |
| CVE-2025-48281 | WordPress MyStyle Custom Product Designer <= 3.21.1 - SQL Injection Vulnerability | S | |
| CVE-2025-48282 | WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability | S | |
| CVE-2025-48283 | WordPress Majestic Support <= 1.1.0 - SQL Injection Vulnerability | S | |
| CVE-2025-48284 | WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-48285 | WordPress Falang multilanguage <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-48286 | WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-48287 | WordPress Pix 4x sem juros - Pagaleve <= 1.6.9 - PHP Object Injection Vulnerability | S | |
| CVE-2025-48288 | WordPress ElementInvader Addons for Elementor <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48289 | WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability | S | |
| CVE-2025-48292 | WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability | S | |
| CVE-2025-48328 | WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-48329 | WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48331 | WordPress WooCommerce Orders & Customers Exporter <= 5.0 - Sensitive Data Exposure Vulnerability | | |
| CVE-2025-48333 | WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-48334 | WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability | | |
| CVE-2025-48335 | WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability | S | |
| CVE-2025-48336 | WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability | S | |
| CVE-2025-48337 | WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability | | |
| CVE-2025-48340 | WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability | | |
| CVE-2025-48341 | WordPress Form Maker by 10Web <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-48342 | WordPress Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-48344 | WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-48346 | WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability | | |
| CVE-2025-48366 | GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions | E | |
| CVE-2025-48367 | Redis DoS Vulnerability due to bad connection error handling | | |
| CVE-2025-48368 | GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution | E | |
| CVE-2025-48369 | GroupOffice vulnerable to Stored XSS in Tasks Comment Section | E | |
| CVE-2025-48370 | auth-js Vulnerable to Insecure Path Routing from Malformed User Input | | |
| CVE-2025-48371 | OpenFGA Authorization Bypass | | |
| CVE-2025-48372 | Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks | | |
| CVE-2025-48373 | Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability | | |
| CVE-2025-48374 | zot logs secrets | | |
| CVE-2025-48375 | Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS | | |
| CVE-2025-48376 | Dnn.Platform's Site Import could use an external source with a crafted request | | |
| CVE-2025-48377 | Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode | | |
| CVE-2025-48378 | Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline | | |
| CVE-2025-48379 | Pillow Vulnerable to Write Buffer Overflow on BCn encoding | | |
| CVE-2025-48381 | CVAT has information disclosure via browsable API | | |
| CVE-2025-48382 | Fess has Insecure Temporary File Permissions | | |
| CVE-2025-48383 | Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking | | |
| CVE-2025-48384 | Git allows arbitrary code execution through broken config quoting | | |
| CVE-2025-48385 | Git alllows arbitrary file writes via bundle-uri parameter injection | | |
| CVE-2025-48386 | Git allows a buffer overflow in 'wincred' credential helper | | |
| CVE-2025-48387 | tar-fs has issue where extract can write outside the specified dir with a specific tarball | | |
| CVE-2025-48388 | FreeScout Has Insufficient Protection Against CRLF-injection | S | |
| CVE-2025-48389 | FreeScout Vulnerable to Deserialization of Untrusted Data | E S | |
| CVE-2025-48390 | FreeScout Vulnerable to Remote Code Execution (RCE) | E S | |
| CVE-2025-48391 | In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission ... | | |
| CVE-2025-48413 | Hard-coded OS root credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-48414 | Hard-coded web interface credentials in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-48415 | Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-48416 | Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-48417 | Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations | S | |
| CVE-2025-48419 | Rejected reason: Not used... | R | |
| CVE-2025-48420 | Rejected reason: Not used... | R | |
| CVE-2025-48421 | Rejected reason: Not used... | R | |
| CVE-2025-48422 | Rejected reason: Not used... | R | |
| CVE-2025-48423 | Rejected reason: Not used... | R | |
| CVE-2025-48424 | Rejected reason: Not used... | R | |
| CVE-2025-48425 | Rejected reason: Not used... | R | |
| CVE-2025-48426 | Rejected reason: Not used... | R | |
| CVE-2025-48427 | Rejected reason: Not used... | R | |
| CVE-2025-48432 | An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Intern... | | |
| CVE-2025-48443 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Followi... | | |
| CVE-2025-48444 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 | | |
| CVE-2025-48445 | Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066 | | |
| CVE-2025-48446 | Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067 | | |
| CVE-2025-48447 | Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069 | | |
| CVE-2025-48448 | Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068 | | |
| CVE-2025-48461 | Weak Session Cookie Entropy | S | |
| CVE-2025-48462 | Login Session Exhaustion | S | |
| CVE-2025-48463 | Unencrypted HTTP Communication | S | |
| CVE-2025-48466 | Modbus Command Injection without Authentication | E S | |
| CVE-2025-48467 | Denial of Service via Malformed Modbus Packets | S | |
| CVE-2025-48468 | Open JTAG Debug Port | S | |
| CVE-2025-48469 | Unauthenticated Firmware Upload | E | |
| CVE-2025-48470 | Stored Cross site Scripting (XSS) | S | |
| CVE-2025-48471 | FreeScout Vulnerable to Arbitrary File Upload | E S | |
| CVE-2025-48472 | FreeScout Vulnerable to Insufficient Authorization | E S | |
| CVE-2025-48473 | FreeScout Vulnerable to Insufficient Authorization | E S | |
| CVE-2025-48474 | FreeScout Vulnerable to Insufficient Authorization | E S | |
| CVE-2025-48475 | FreeScout Vulnerable to Insufficient Authorization | E S | |
| CVE-2025-48476 | FreeScout Has Business Logic Errors | E | |
| CVE-2025-48477 | FreeScout Has Business Logic Errors | E | |
| CVE-2025-48478 | FreeScout Has Business Logic Errors | E S | |
| CVE-2025-48479 | FreeScout Has Business Logic Errors | E | |
| CVE-2025-48480 | FreeScout Has Business Logic Errors | E | |
| CVE-2025-48481 | FreeScout Has Business Logic Errors | E | |
| CVE-2025-48482 | FreeScout Has Business Logic Errors | E | |
| CVE-2025-48483 | FreeScout Stored XSS leads to CSRF | E | |
| CVE-2025-48484 | FreeScout Vulnerable to Stored XSS | E | |
| CVE-2025-48485 | FreeScout Vulnerable to Stored XSS | E | |
| CVE-2025-48486 | FreeScout Vulnerable to Stored XSS | E | |
| CVE-2025-48487 | FreeScout Vulnerable to Stored XSS | E | |
| CVE-2025-48488 | FreeScout Vulnerable to Stored XSS | E | |
| CVE-2025-48489 | FreeScout Vulnerable to Stored XSS | E | |
| CVE-2025-48490 | Laravel Rest Api has a Search Validation Bypass | | |
| CVE-2025-48491 | Project AI API Key Exposure in Source Code | | |
| CVE-2025-48492 | GetSimple CMS RCE in Edit component | E | |
| CVE-2025-48493 | Yii 2 Redis may expose AUTH paramters in logs in case of connection failure | | |
| CVE-2025-48494 | Gokapi vulnerable to stored XSS via uploading file with malicious file name | | |
| CVE-2025-48495 | Gokapi has stored XSS vulnerability in friendly name for API keys | | |
| CVE-2025-48496 | Emerson ValveLink Products Uncontrolled Search Path Element | S | |
| CVE-2025-48497 | Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a u... | | |
| CVE-2025-48501 | An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerabil... | | |
| CVE-2025-48695 | An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a lo... | | |
| CVE-2025-48699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-48700 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site... | | |
| CVE-2025-48701 | openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not ... | | |
| CVE-2025-48705 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerab... | E | |
| CVE-2025-48706 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability... | E | |
| CVE-2025-48708 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argume... | S | |
| CVE-2025-48710 | kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modif... | | |
| CVE-2025-48734 | Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default | | |
| CVE-2025-48735 | A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 be... | | |
| CVE-2025-48738 | An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4... | | |
| CVE-2025-48739 | A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 ... | | |
| CVE-2025-48740 | A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 b... | | |
| CVE-2025-48741 | A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11... | | |
| CVE-2025-48742 | The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.... | | |
| CVE-2025-48743 | SIGB PMB before 8.0.1.2 allows SQL injection.... | | |
| CVE-2025-48744 | In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.... | | |
| CVE-2025-48745 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidat... | R | |
| CVE-2025-48746 | Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.... | | |
| CVE-2025-48747 | Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.... | | |
| CVE-2025-48748 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password... | | |
| CVE-2025-48749 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 in... | | |
| CVE-2025-48751 | The process_lock crate 0.1.0 for Rust allows data races in unlock.... | | |
| CVE-2025-48752 | In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mu... | | |
| CVE-2025-48753 | In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.... | | |
| CVE-2025-48754 | In the memory_pages crate 0.1.0 for Rust, division by zero can occur.... | | |
| CVE-2025-48755 | In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).... | | |
| CVE-2025-48756 | In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware devic... | | |
| CVE-2025-48757 | An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unaut... | E | |
| CVE-2025-48780 | Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data | | |
| CVE-2025-48781 | Soar Cloud HRD Human Resource Management System - External Control of File Name or Path | | |
| CVE-2025-48782 | Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type | | |
| CVE-2025-48783 | Soar Cloud HRD Human Resource Management System - External Control of File Name or Path | | |
| CVE-2025-48784 | Soar Cloud HRD Human Resource Management System - Missing Authorization | | |
| CVE-2025-48786 | Rejected reason: Not used... | R | |
| CVE-2025-48787 | Rejected reason: Not used... | R | |
| CVE-2025-48788 | Rejected reason: Not used... | R | |
| CVE-2025-48789 | Rejected reason: Not used... | R | |
| CVE-2025-48790 | Rejected reason: Not used... | R | |
| CVE-2025-48791 | Rejected reason: Not used... | R | |
| CVE-2025-48792 | Rejected reason: Not used... | R | |
| CVE-2025-48793 | Rejected reason: Not used... | R | |
| CVE-2025-48794 | Rejected reason: Not used... | R | |
| CVE-2025-48796 | Gimp: stack-based buffer overflows in file-ico | M | |
| CVE-2025-48797 | Gimp: multiple heap buffer overflows in tga parser | M | |
| CVE-2025-48798 | Gimp: multiple use after free in xcf parser | M | |
| CVE-2025-48799 | Windows Update Service Elevation of Privilege Vulnerability | | |
| CVE-2025-48800 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2025-48802 | Windows SMB Server Spoofing Vulnerability | | |
| CVE-2025-48803 | Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability | | |
| CVE-2025-48804 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2025-48805 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | | |
| CVE-2025-48806 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | | |
| CVE-2025-48808 | Windows Kernel Information Disclosure Vulnerability | | |
| CVE-2025-48809 | Windows Secure Kernel Mode Information Disclosure Vulnerability | | |
| CVE-2025-48810 | Windows Secure Kernel Mode Information Disclosure Vulnerability | | |
| CVE-2025-48811 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | | |
| CVE-2025-48812 | Microsoft Excel Information Disclosure Vulnerability | | |
| CVE-2025-48814 | Remote Desktop Licensing Service Security Feature Bypass Vulnerability | | |
| CVE-2025-48815 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability | | |
| CVE-2025-48816 | HID Class Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-48817 | Remote Desktop Client Remote Code Execution Vulnerability | | |
| CVE-2025-48818 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2025-48819 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | | |
| CVE-2025-48820 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | | |
| CVE-2025-48821 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | | |
| CVE-2025-48822 | Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability | | |
| CVE-2025-48823 | Windows Cryptographic Services Information Disclosure Vulnerability | | |
| CVE-2025-48824 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-48825 | RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted ... | | |
| CVE-2025-48827 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protect... | E | |
| CVE-2025-48828 | Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template C... | E | |
| CVE-2025-48841 | Rejected reason: Not used... | R | |
| CVE-2025-48842 | Rejected reason: Not used... | R | |
| CVE-2025-48843 | Rejected reason: Not used... | R | |
| CVE-2025-48844 | Rejected reason: Not used... | R | |
| CVE-2025-48845 | Rejected reason: Not used... | R | |
| CVE-2025-48846 | Rejected reason: Not used... | R | |
| CVE-2025-48847 | Rejected reason: Not used... | R | |
| CVE-2025-48848 | Rejected reason: Not used... | R | |
| CVE-2025-48865 | Fabio allows HTTP clients to manipulate custom headers it adds | E S | |
| CVE-2025-48866 | ModSecurity has possible DoS vulnerability in sanitiseArg action | E S | |
| CVE-2025-48870 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47057. Reason: ... | R | |
| CVE-2025-48871 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47056. Reason: ... | R | |
| CVE-2025-48872 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47055. Reason: ... | R | |
| CVE-2025-48873 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5256. Reason: T... | R | |
| CVE-2025-48874 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5257. Reason: T... | R | |
| CVE-2025-48875 | FreeScout Vulnerable to Stored XSS | E S | |
| CVE-2025-48877 | Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe | | |
| CVE-2025-48879 | OctoPrint Vulnerable to Denial of Service through malformed HTTP request | | |
| CVE-2025-48880 | FreeScout has Race Condition When Deleting Users | E S | |
| CVE-2025-48881 | Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users | | |
| CVE-2025-48882 | PHPOffice Math allows XXE when processing an XML file in the MathML format | | |
| CVE-2025-48883 | Chrome PHP is missing encoding in `CssSelector` | | |
| CVE-2025-48885 | application-urlshortener users can create arbitrary pages as long as they have view access to them | | |
| CVE-2025-48886 | hydra-node dangerously assumes L1 event finality and does not consider failed transactions | | |
| CVE-2025-48887 | vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` | E S | |
| CVE-2025-48888 | Deno run with --allow-read and --deny-read flags results in allowed | E S | |
| CVE-2025-48889 | Gradio Allows Unauthorized File Copy via Path Manipulation | E | |
| CVE-2025-48890 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS comma... | | |
| CVE-2025-48891 | Advantech iView SQL Injection | S | |
| CVE-2025-48902 | Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful ... | | |
| CVE-2025-48903 | Permission bypass vulnerability in the media library module Impact: Successful exploitation of this ... | | |
| CVE-2025-48904 | Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitati... | | |
| CVE-2025-48905 | Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this... | | |
| CVE-2025-48906 | Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this v... | | |
| CVE-2025-48907 | Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerabilit... | | |
| CVE-2025-48908 | Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation... | | |
| CVE-2025-48909 | Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulner... | | |
| CVE-2025-48910 | Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2025-48911 | Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploi... | | |
| CVE-2025-48912 | Apache Superset: Improper authorization bypass on row level security via SQL Injection | | |
| CVE-2025-48914 | COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075 | | |
| CVE-2025-48915 | COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076 | | |
| CVE-2025-48916 | Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070 | | |
| CVE-2025-48917 | EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072 | | |
| CVE-2025-48918 | Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-071 | | |
| CVE-2025-48919 | Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073 | | |
| CVE-2025-48920 | etracker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-074 | | |
| CVE-2025-48921 | Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079 | | |
| CVE-2025-48922 | GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078 | | |
| CVE-2025-48923 | Toc.js - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-077 | | |
| CVE-2025-48924 | Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs | | |
| CVE-2025-48925 | The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do M... | | |
| CVE-2025-48926 | The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames... | | |
| CVE-2025-48927 | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump... | KEV | |
| CVE-2025-48928 | The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content i... | KEV | |
| CVE-2025-48929 | The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential... | | |
| CVE-2025-48930 | The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even thou... | | |
| CVE-2025-48931 | The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up variou... | | |
| CVE-2025-48934 | Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables | E S | |
| CVE-2025-48935 | Deno has --allow-read / --allow-write permission bypass in `node:sqlite` | E S | |
| CVE-2025-48936 | ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection | S | |
| CVE-2025-48937 | matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator | | |
| CVE-2025-48938 | Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server | | |
| CVE-2025-48939 | tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript | | |
| CVE-2025-48940 | MyBB's upgrade component vulnerable to local file inclusion | S | |
| CVE-2025-48941 | MyBB may disclosure unviewable threads' titles in searches | S | |
| CVE-2025-48942 | vLLM DOS: Remotely kill vllm over http with invalid JSON schema | E S | |
| CVE-2025-48943 | vLLM allows clients to crash the openai server with invalid regex | S | |
| CVE-2025-48944 | vLLM Tool Schema allows DoS via Malformed pattern and type Fields | E | |
| CVE-2025-48945 | pycares has a Use-After-Free Vulnerability | | |
| CVE-2025-48946 | liboqs affected by theoretical design flaw in HQC | | |
| CVE-2025-48947 | NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies | | |
| CVE-2025-48948 | Navidrome Transcoding Permission Bypass Vulnerability Report | | |
| CVE-2025-48949 | Navidrome allows SQL Injection via role parameter | | |
| CVE-2025-48950 | MaxKB Python Sandbox Bypass in Function Library | | |
| CVE-2025-48951 | Auth0-PHP SDK Deserialization of Untrusted Data vulnerability | | |
| CVE-2025-48952 | NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP | E | |
| CVE-2025-48953 | Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads | | |
| CVE-2025-48954 | Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow | | |
| CVE-2025-48955 | Para Server Logs Sensitive Information | | |
| CVE-2025-48957 | AstrBot Has Path Traversal Vulnerability in /api/chat/get_file | E | |
| CVE-2025-48958 | Froxlor has an HTML Injection Vulnerability | E | |
| CVE-2025-48959 | Local privilege escalation due to insecure file permissions. The following products are affected: Ac... | | |
| CVE-2025-48960 | Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect ... | | |
| CVE-2025-48961 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2025-48962 | Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Pro... | | |
| CVE-2025-48976 | Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers | | |
| CVE-2025-48988 | Apache Tomcat: FileUpload large number of parts with headers DoS | | |
| CVE-2025-48990 | NeKernel has Heap Overflow in `rt_copy_memory` | | |
| CVE-2025-48991 | Tuleap missing CSRF protection on tracker canned responses administration | | |
| CVE-2025-48992 | Group-Office vulnerable to blind XSS | | |
| CVE-2025-48993 | Group-Office vulnerable to reflected XSS via Look and Feel Formatting input | | |
| CVE-2025-48994 | SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack | | |
| CVE-2025-48995 | SignXML's signature verification with HMAC is vulnerable to a timing attack | | |
| CVE-2025-48996 | Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint | | |
| CVE-2025-48997 | Multer vulnerable to Denial of Service via unhandled exception | | |
| CVE-2025-48998 | Dataease MYSQL JDBC File Reading Vulnerability | E | |
| CVE-2025-48999 | Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability | E S |