CVE-2025-5xxx

There are 819 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-5000 Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi control_panel_sw command injection
E
CVE-2025-5001 GNU PSPP pspp-convert.c calloc integer overflow
E
CVE-2025-5002 SourceCodester Client Database Management System user_proposal_update_order.php sql injection
E
CVE-2025-5003 projectworlds Online Time Table Generator semester_ajax.php sql injection
E
CVE-2025-5004 projectworlds Online Time Table Generator add_course.php sql injection
E
CVE-2025-5006 Campcodes Online Shopping Portal category.php sql injection
E
CVE-2025-5007 Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting
E S
CVE-2025-5008 projectworlds Online Time Table Generator add_teacher.php sql injection
E
CVE-2025-5010 moonlightL hexo-boot Blog Backend index.html cross site scripting
E
CVE-2025-5011 moonlightL hexo-boot Dynamic List Page index.html cross site scripting
E
CVE-2025-5012 Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'
CVE-2025-5013 HkCms Search index.html cross site scripting
E
CVE-2025-5014 Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-5015 Parsons AccuWeather Widget Cross-site Scripting
S
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights
CVE-2025-5018 Hive Support <= 1.2.4 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox
CVE-2025-5019 Hive Support <= 1.2.4 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function
CVE-2025-5020 Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attack...
CVE-2025-5022 Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system moni...
CVE-2025-5023 Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system m...
CVE-2025-5024 Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
M
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
CVE-2025-5026 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5028 Arbitrary file deletion vulnerability in ESET product installers
CVE-2025-5029 Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal
E S
CVE-2025-5030 Ackites KillWxapkg wxapkg File Parser unpack.go processFile os command injection
E
CVE-2025-5031 Ackites KillWxapkg wxapkg File Decompression resource consumption
E
CVE-2025-5032 Campcodes Online Shopping Portal edit-category.php sql injection
E
CVE-2025-5033 XiaoBingby TeaCMS addUser cross-site request forgery
E
CVE-2025-5034 WP File Download < 6.2.6 - Reflected XSS
E
CVE-2025-5035 Firelight Lightbox < 2.3.16 - Contributor+ Stored XSS
E
CVE-2025-5036 RFA File Parsing Use-After-Free Vulnerability
CVE-2025-5037 RFA File Parsing Memory Corruption Vulnerability
CVE-2025-5040 RTE File Parsing Heap-Based Overflow Vulnerability
CVE-2025-5049 FreeFloat FTP Server APPEND Command buffer overflow
E
CVE-2025-5050 FreeFloat FTP Server BELL Command buffer overflow
E
CVE-2025-5051 FreeFloat FTP Server BINARY Command buffer overflow
E
CVE-2025-5052 FreeFloat FTP Server LS Command buffer overflow
E
CVE-2025-5053 FreeFloat FTP Server MDIR Command buffer overflow
E
CVE-2025-5054 Race Condition in Canonical Apport
CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-5056 Campcodes Online Shopping Portal edit-products.php sql injection
E
CVE-2025-5057 Campcodes Online Shopping Portal insert-product.php sql injection
E
CVE-2025-5058 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image()
E
CVE-2025-5059 Campcodes Online Shopping Portal edit-subcategory.php unrestricted upload
E
CVE-2025-5062 WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting
CVE-2025-5063 Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to p...
CVE-2025-5064 Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed...
CVE-2025-5065 Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed...
CVE-2025-5066 Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed ...
CVE-2025-5067 Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote a...
CVE-2025-5068 Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potenti...
CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
CVE-2025-5072 Resource leaks in cm
CVE-2025-5073 FreeFloat FTP Server MKDIR Command buffer overflow
E
CVE-2025-5074 FreeFloat FTP Server PROMPT Command buffer overflow
E
CVE-2025-5075 FreeFloat FTP Server DEBUG Command buffer overflow
E
CVE-2025-5076 FreeFloat FTP Server SEND Command buffer overflow
E
CVE-2025-5077 Campcodes Online Shopping Portal edit-subcategory.php sql injection
E
CVE-2025-5078 Campcodes Online Shopping Portal subcategory.php sql injection
E
CVE-2025-5079 Campcodes Online Shopping Portal updateorder.php sql injection
E
CVE-2025-5080 Tenda FH451 webExcptypemanFilter stack-based overflow
E
CVE-2025-5081 Campcodes Cybercafe Management System adminprofile.php sql injection
E
CVE-2025-5082 WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter
CVE-2025-5086 Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
CVE-2025-5087 Cleartext Transmission of Sensitive Information in Kaleris Navis N4
S
CVE-2025-5093 Responsive Lightbox & Gallery < 2.5.2 - Contributor+ Stored XSS
E
CVE-2025-5096 TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters
S
CVE-2025-5097 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5098 KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure
E
CVE-2025-5099 KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write
E
CVE-2025-5100 KL-001-2025-005: Mobile Dynamix PrinterShare Mobile Print Double-Free Memory Write
CVE-2025-5103 Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function
S
CVE-2025-5104 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5105 TOZED ZLT W51 Service Port 7777 heap inspection
E M
CVE-2025-5106 Fujian Kelixun Filename fax_view.php os command injection
E
CVE-2025-5107 Fujian Kelixun xml_cdr_details.php sql injection
E
CVE-2025-5108 zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload
E
CVE-2025-5109 FreeFloat FTP Server STATUS Command buffer overflow
E
CVE-2025-5110 FreeFloat FTP Server VERBOSE Command buffer overflow
E
CVE-2025-5111 FreeFloat FTP Server TYPE Command buffer overflow
E
CVE-2025-5112 FreeFloat FTP Server MGET Command buffer overflow
E
CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras
CVE-2025-5114 easysoft zentaopms Editor index.php edit deserialization
E
CVE-2025-5116 WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter
CVE-2025-5117 Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration
CVE-2025-5119 Emlog Pro api_controller.php sql injection
E
CVE-2025-5121 Missing Authorization in GitLab
E S
CVE-2025-5122 Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2025-5123 Contact Us Page – Contact People <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via style Parameter
CVE-2025-5124 Sony SNC-M1 Administrative Interface default credentials
E
CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS
E
CVE-2025-5126 FLIR AX8 settingsregional.php setDataTime command injection
E
CVE-2025-5127 FLIR AX8 prod.php cross site scripting
E
CVE-2025-5128 ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection
E
CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path
E
CVE-2025-5130 Tmall Demo uploadProductImage unrestricted upload
E
CVE-2025-5131 Tmall Demo uploadCategoryImage unrestricted upload
E
CVE-2025-5132 Tmall Demo logout cross-site request forgery
E
CVE-2025-5133 Tmall Demo Search Box cross site scripting
E
CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting
E
CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting
E
CVE-2025-5136 Tmall Demo Payment Identifier pay random values
E
CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
E
CVE-2025-5138 Bitwarden PDF File cross site scripting
E
CVE-2025-5139 Qualitor Office 365-type Connection testaConexaoOffice365.php command injection
E
CVE-2025-5140 Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery
E
CVE-2025-5141 Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache
S
CVE-2025-5142 Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters
S
CVE-2025-5143 TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode
S
CVE-2025-5144 The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2025-5145 Netcore POWER13 Query String cgi-bin command injection
E
CVE-2025-5146 Netcore NBR200V2 HTTP Header routerd passwd_set command injection
E
CVE-2025-5147 Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection
E
CVE-2025-5148 FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
S
CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication
E
CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution
E M
CVE-2025-5151 defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
E S
CVE-2025-5152 Chanjet CRM newActivityedit.php sql injection
E
CVE-2025-5153 CMS Made Simple Design Manager Module cross site scripting
E
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk
E S
CVE-2025-5155 qianfox FoxCMS Article.php batchCope sql injection
E
CVE-2025-5156 H3C GR-5400AX aspForm EditWlanMacList buffer overflow
E
CVE-2025-5157 H3C SecCenter SMP-E1114P02 fileContent path traversal
CVE-2025-5158 H3C SecCenter SMP-E1114P02 downloadSoftware path traversal
E
CVE-2025-5159 H3C SecCenter SMP-E1114P02 download path traversal
E
CVE-2025-5160 H3C SecCenter SMP-E1114P02 download path traversal
E
CVE-2025-5161 H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal
E
CVE-2025-5162 H3C SecCenter SMP-E1114P02 importFile unrestricted upload
E
CVE-2025-5163 yangshare 技术杨工 warehouseManager 仓库管理系统 access control
E
CVE-2025-5164 PerfreeBlog JWT JwtUtil hard-coded key
E
CVE-2025-5165 Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds
E
CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
E
CVE-2025-5167 Open Asset Import Library Assimp LWOLoader.h GetS0 out-of-bounds
E
CVE-2025-5168 Open Asset Import Library Assimp MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 out-of-bounds
E
CVE-2025-5169 Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds
E
CVE-2025-5170 llisoft MTA Maita Training System AdminShitiController.java AdminShitiListRequestVo sql injection
E
CVE-2025-5171 llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload
E
CVE-2025-5172 Econtrata valida sql injection
CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization
CVE-2025-5174 erdogant pypickle pypickle.py load deserialization
E S
CVE-2025-5175 erdogant pypickle pypickle.py save improper authorization
E S
CVE-2025-5176 Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php sql injection
CVE-2025-5177 Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scripting
CVE-2025-5178 Realce Tecnologia Queue Ticket Kiosk Image File ajax.php unrestricted upload
CVE-2025-5179 Realce Tecnologia Queue Ticket Kiosk Cadastro de Administrador Page index.php cross site scripting
CVE-2025-5180 Wondershare Filmora Installer NFWCHK.exe uncontrolled search path
E
CVE-2025-5181 Summer Pearl Group Vacation Rental Management Platform updateListing cross site scripting
E S
CVE-2025-5182 Summer Pearl Group Vacation Rental Management Platform Listing authorization
E S
CVE-2025-5183 Summer Pearl Group Vacation Rental Management Platform Header redirect
S
CVE-2025-5184 Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
S
CVE-2025-5185 Summer Pearl Group Vacation Rental Management Platform cross-site request forgery
S
CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
E
CVE-2025-5190 Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie
CVE-2025-5192 Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function
CVE-2025-5194 WP Map Block by aBlocks < 2.0.3 - Contributor+ Stored XSS via Marker
E
CVE-2025-5195 Authorization Bypass Through User-Controlled Key in GitLab
S
CVE-2025-5196 Wing FTP Server Lua Admin Console unnecessary privileges
E S
CVE-2025-5198 Stackrox: xss in stackrox
E M
CVE-2025-5199 LPE on Multipass for macOS
S
CVE-2025-5200 Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 out-of-bounds
E
CVE-2025-5201 Open Asset Import Library Assimp LWOLoader.cpp CountVertsAndFacesLWO2 out-of-bounds
E
CVE-2025-5202 Open Asset Import Library Assimp HL1MDLLoader.cpp validate_header out-of-bounds
E
CVE-2025-5203 Open Asset Import Library Assimp ParsingUtils.h SkipSpaces out-of-bounds
E
CVE-2025-5204 Open Asset Import Library Assimp MDLMaterialLoader.cpp ParseSkinLump_3DGS_MDL7 out-of-bounds
E
CVE-2025-5205 1000 Projects Daily College Class Work Report Book dcwr_entry.php sql injection
E
CVE-2025-5206 Pixelimity Installation index.php sql injection
E
CVE-2025-5207 SourceCodester Client Database Management System superadmin_update_profile.php sql injection
E
CVE-2025-5208 SourceCodester Online Hospital Management System check_availability.php sql injection
E
CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS
E
CVE-2025-5210 PHPGurukul Employee Record Management System loginerms.php sql injection
E
CVE-2025-5211 PHPGurukul Employee Record Management System myprofile.php sql injection
E
CVE-2025-5212 PHPGurukul Employee Record Management System editempexp.php sql injection
E
CVE-2025-5213 projectworlds Responsive E-Learning System delete_file.php sql injection
E
CVE-2025-5214 Kashipara Responsive Online Learing Platform course_detail_user_new.php sql injection
E
CVE-2025-5215 D-Link DCS-5020L ptdc.cgi websReadEvent stack-based overflow
E
CVE-2025-5216 PHPGurukul Student Record System login.php sql injection
E
CVE-2025-5217 FreeFloat FTP Server RMDIR Command buffer overflow
E
CVE-2025-5218 FreeFloat FTP Server LITERAL Command buffer overflow
E
CVE-2025-5219 FreeFloat FTP Server ASCII Command buffer overflow
E
CVE-2025-5220 FreeFloat FTP Server GET Command buffer overflow
E
CVE-2025-5221 FreeFloat FTP Server QUOTE Command buffer overflow
E
CVE-2025-5222 Icu: stack buffer overflow in the srbroot::addtag function
M
CVE-2025-5223 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5224 Campcodes Online Hospital Management System add-doctor.php sql injection
E
CVE-2025-5225 Campcodes Advanced Online Voting System index.php sql injection
E
CVE-2025-5226 PHPGurukul Small CRM change-password.php sql injection
E
CVE-2025-5227 PHPGurukul Small CRM manage-tickets.php sql injection
E
CVE-2025-5228 D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow
E
CVE-2025-5229 Campcodes Online Hospital Management System view-patient.php sql injection
E
CVE-2025-5230 PHPGurukul Online Nurse Hiring System bwdates-report-details.php sql injection
E
CVE-2025-5231 PHPGurukul Company Visitor Management System forgot-password.php sql injection
E
CVE-2025-5232 PHPGurukul Student Study Center Management System report.php sql injection
E
CVE-2025-5233 Color Palette <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter
CVE-2025-5234 Gutenverse News <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via elementId Parameter
CVE-2025-5235 OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
S
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter
S
CVE-2025-5237 Target Video Easy Publish <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5239 Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter
CVE-2025-5241 Denial-of-Service Vulnerability in MELSEC iQ-F Series
CVE-2025-5242 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5244 GNU Binutils ld elflink.c elf_gc_sweep memory corruption
E S
CVE-2025-5245 GNU Binutils objdump debug.c debug_type_samep memory corruption
E S
CVE-2025-5246 Campcodes Online Hospital Management System query-details.php sql injection
E
CVE-2025-5247 Gowabby HFish url.go LoadUrl improper authentication
E
CVE-2025-5248 PHPGurukul Company Visitor Management System bwdates-reports-details.php sql injection
E
CVE-2025-5249 PHPGurukul News Portal Project add-category.php sql injection
E
CVE-2025-5250 PHPGurukul News Portal Project edit-category.php sql injection
E
CVE-2025-5251 PHPGurukul News Portal Project edit-subcategory.php sql injection
E
CVE-2025-5252 PHPGurukul News Portal Project edit-subadmin.php sql injection
E
CVE-2025-5255 TCC Bypass via Dylib Injection in Phoenix Code
S
CVE-2025-5256 Open Redirect vulnerability on user unlock path
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure
CVE-2025-5258 Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-5259 Minimal Share Buttons <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
CVE-2025-5262 Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA...
R
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allo...
CVE-2025-5264 Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker cou...
CVE-2025-5265 Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker c...
CVE-2025-5266 Script elements loading cross-origin resources generated load and error events which leaked informat...
CVE-2025-5267 A clickjacking vulnerability could have been used to trick a user into leaking saved payment card de...
CVE-2025-5268 Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128....
CVE-2025-5269 Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of...
CVE-2025-5270 In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vul...
CVE-2025-5271 Previewing a response in Devtools ignored CSP headers, which could have allowed content injection at...
CVE-2025-5272 Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of...
CVE-2025-5273 All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible...
E
CVE-2025-5275 Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings
CVE-2025-5276 All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SS...
E
CVE-2025-5277 aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that on...
CVE-2025-5278 Coreutils: heap buffer under-read in gnu coreutils sort via key specification
M
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
CVE-2025-5280 Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to poten...
CVE-2025-5281 Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote att...
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
S
CVE-2025-5283 Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potent...
CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter
CVE-2025-5287 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
CVE-2025-5288 REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function
CVE-2025-5289 3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters
S
CVE-2025-5290 Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5291 Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes
S
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2025-5295 FreeFloat FTP Server PORT Command buffer overflow
E
CVE-2025-5297 SourceCodester Computer Store System main.c Add stack-based overflow
E
CVE-2025-5298 Campcodes Online Hospital Management System betweendates-detailsreports.php sql injection
E
CVE-2025-5299 SourceCodester Client Database Management System user_order_customer_update.php unrestricted upload
E
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
E S
CVE-2025-5303 LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter
CVE-2025-5304 PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function
CVE-2025-5306 Command Injection in Netflow path
S
CVE-2025-5307 Santesoft Sante DICOM Viewer Pro Out-of-bounds Read
S
CVE-2025-5309 Remote Support & Privileged Remote Access server side template injection
CVE-2025-5310 Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
S
CVE-2025-5314 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'
CVE-2025-5315 Missing Authorization in GitLab
E S
CVE-2025-5316 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5318 Libssh: out-of-bounds read in sftp_handle()
M
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
E
CVE-2025-5321 aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation
E
CVE-2025-5322 VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload
S
CVE-2025-5323 fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking
E
CVE-2025-5324 TechPowerUp GPU-Z 0x8000645C IOCTL GPU-Z.sys sub_140001880 memory leak
E
CVE-2025-5325 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engine
E
CVE-2025-5326 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserialization
CVE-2025-5327 chshcms mccms Gf.php index server-side request forgery
E
CVE-2025-5328 chshcms mccms Backups.php restore_del path traversal
E
CVE-2025-5330 FreeFloat FTP Server RETR Command buffer overflow
E
CVE-2025-5331 PCMan FTP Server NLST Command buffer overflow
E
CVE-2025-5332 1000 Projects Online Notice Board index.php sql injection
E
CVE-2025-5333 Unauthenticated Remote Code Execution in IT Management Suite
CVE-2025-5334 Exposure of private personal information to an unauthorized actor in the user vaults component of De...
CVE-2025-5335 Privilege Ecalation due to Untrusted Search Path Vulnerability
CVE-2025-5336 Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter
CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter
S
CVE-2025-5338 Royal Elementor Addons <= 1.7.1024 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets
S
CVE-2025-5339 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id'
CVE-2025-5340 Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter
CVE-2025-5341 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters
S
CVE-2025-5349 NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface
CVE-2025-5351 Libssh: double free vulnerability in libssh key export functions
M
CVE-2025-5353 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated a...
CVE-2025-5356 FreeFloat FTP Server BYE Command buffer overflow
E
CVE-2025-5357 FreeFloat FTP Server PWD Command buffer overflow
E
CVE-2025-5358 PHPGurukul/Campcodes Cyber Cafe Management System bwdates-reports-details.php sql injection
E
CVE-2025-5359 Campcodes Online Hospital Management System appointment-history.php sql injection
E
CVE-2025-5360 Campcodes Online Hospital Management System book-appointment.php sql injection
E
CVE-2025-5361 Campcodes Online Hospital Management System contact.php sql injection
E
CVE-2025-5362 Campcodes Online Hospital Management System doctor-specilization.php sql injection
E
CVE-2025-5363 Campcodes Online Hospital Management System index.php sql injection
E
CVE-2025-5364 Campcodes Online Hospital Management System add-patient.php sql injection
E
CVE-2025-5365 Campcodes Online Hospital Management System patient-search.php sql injection
E
CVE-2025-5366 Stored XSS
CVE-2025-5367 PHPGurukul Online Shopping Portal Project category.php sql injection
E
CVE-2025-5368 PHPGurukul Daily Expense Tracker System expense-yearwise-reports-detailed.php sql injection
E
CVE-2025-5369 SourceCodester PHP Display Username After Login login.php sql injection
E
CVE-2025-5370 PHPGurukul News Portal forgot-password.php sql injection
E
CVE-2025-5371 SourceCodester Health Center Patient Record Management System admin.php sql injection
E
CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh
M
CVE-2025-5373 PHPGurukul Online Birth Certificate System users-applications.php sql injection
E
CVE-2025-5374 PHPGurukul Online Birth Certificate System all-applications.php sql injection
E
CVE-2025-5375 PHPGurukul HPGurukul Online Birth Certificate System registered-users.php sql injection
E
CVE-2025-5376 SourceCodester Health Center Patient Record Management System patient.php sql injection
E
CVE-2025-5377 Astun Technology iShare Maps historic1.asp cross site scripting
CVE-2025-5378 Astun Technology iShare Maps mycouncil2.aspx cross site scripting
CVE-2025-5379 NuCom NC-WR744G Console Application hard-coded credentials
CVE-2025-5380 ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal
E
CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal
E
CVE-2025-5382 Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a u...
CVE-2025-5383 Yifang CMS Article Management Module cross site scripting
E
CVE-2025-5384 JeeWMS cgAutoListController.do CgAutoListController sql injection
CVE-2025-5385 JeeWMS cgformTemplateController.do doAdd path traversal
CVE-2025-5386 JeeWMS cgformTransController.do transEditor sql injection
CVE-2025-5387 JeeWMS File generateController.do dogenerate access control
CVE-2025-5388 JeeWMS generateController.do dogenerate sql injection
CVE-2025-5389 JeeWMS File generateController.do dogenerateOne2Many access control
CVE-2025-5390 JeeWMS File filedeal.do filedeal access control
CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution
CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload
CVE-2025-5398 Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI
S
CVE-2025-5399 WebSocket endless loop
CVE-2025-5400 chaitak-gorai Blogbook GET Parameter user.php sql injection
E
CVE-2025-5401 chaitak-gorai Blogbook GET Parameter post.php sql injection
E
CVE-2025-5402 chaitak-gorai Blogbook GET Parameter edit_post.php sql injection
E
CVE-2025-5403 chaitak-gorai Blogbook GET Parameter view_all_posts.php sql injection
E
CVE-2025-5404 chaitak-gorai Blogbook GET Parameter search.php denial of service
E
CVE-2025-5405 chaitak-gorai Blogbook post.php cross site scripting
E
CVE-2025-5406 chaitak-gorai Blogbook posts.php unrestricted upload
E
CVE-2025-5407 chaitak-gorai Blogbook register_script.php cross site scripting
E
CVE-2025-5408 WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow
E
CVE-2025-5409 Mist Community Edition API Token views.py create_token access control
E S
CVE-2025-5410 Mist Community Edition middleware.py session_start_response cross-site request forgery
E S
CVE-2025-5411 Mist Community Edition views.py tag_resources cross site scripting
E S
CVE-2025-5412 Mist Community Edition Authentication Endpoint views.py login cross site scripting
E S
CVE-2025-5416 Keycloak-core: keycloak environment information
M
CVE-2025-5419 Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker...
KEV
CVE-2025-5420 juzaweb CMS Profile Page upload cross site scripting
E
CVE-2025-5421 juzaweb CMS Plugin Editor Page editor access control
E
CVE-2025-5422 juzaweb CMS Email Logs Page email access control
E
CVE-2025-5423 juzaweb CMS General Setting Page general access control
E
CVE-2025-5424 juzaweb CMS Media Page media access control
E
CVE-2025-5425 juzaweb CMS Theme Editor Page default access control
E
CVE-2025-5426 juzaweb CMS Menu Page menus access control
E
CVE-2025-5427 juzaweb CMS Permalinks Page permalinks access control
E
CVE-2025-5428 juzaweb CMS Error Logs Page log-viewer access control
E
CVE-2025-5429 juzaweb CMS Plugins Page install access control
E
CVE-2025-5430 AssamLook CMS product.php sql injection
E
CVE-2025-5431 AssamLook CMS department-profile.php sql injection
E
CVE-2025-5432 AssamLook CMS view_tender.php sql injection
E
CVE-2025-5433 Fengoffice Feng Office index.php sql injection
E
CVE-2025-5434 Aem Solutions CMS page.php sql injection
E
CVE-2025-5435 Marwal Infotech CMS page.php sql injection
E
CVE-2025-5436 Multilaser Sirius RE016 cstecgi.cgi information disclosure
E
CVE-2025-5437 Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication
E
CVE-2025-5438 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection
E
CVE-2025-5439 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection
E
CVE-2025-5440 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection
E
CVE-2025-5441 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 setDeviceURL os command injection
E
CVE-2025-5442 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection
E
CVE-2025-5443 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection
E
CVE-2025-5444 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection
E
CVE-2025-5445 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection
E
CVE-2025-5446 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection
E
CVE-2025-5447 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection
E
CVE-2025-5450 Improper access control in the certificate management component of Ivanti Connect Secure before vers...
CVE-2025-5451 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Sec...
CVE-2025-5455 Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
CVE-2025-5459 OS Command Injection
CVE-2025-5463 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 ...
CVE-2025-5464 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 ...
CVE-2025-5472 Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index
CVE-2025-5473 GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-5474 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability
CVE-2025-5475 Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
S
CVE-2025-5477 Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5478 Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5479 Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5480 Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2025-5481 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-5482 Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber) Privilege Escalation
S
CVE-2025-5484 SinoTrack GPS Receiver Weak Authentication
M
CVE-2025-5485 SinoTrack GPS Receiver Weak Authentication
M
CVE-2025-5486 WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset
CVE-2025-5487 AutomatorWP <= 5.2.5 - Authenticated (Administrator+) SQL Injection via field_conditions
CVE-2025-5488 WP Masonry & Infinite Scroll <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-5490 Football Pool <= 2.12.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2025-5491 Acer ControlCenter - Remote Code Execution
S
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
CVE-2025-5493 Baison Channel Middleware Product ToJsonByControlName sql injection
E
CVE-2025-5495 Netgear WNR614 URL improper authentication
E
CVE-2025-5497 slackero phpwcms Feedimport Module processing.inc.php deserialization
E S
CVE-2025-5498 slackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserialization
E S
CVE-2025-5499 slackero phpwcms image_resized.php getimagesize deserialization
E S
CVE-2025-5501 Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion
E S
CVE-2025-5502 TOTOLINK X15 formMapReboot command injection
E
CVE-2025-5503 TOTOLINK X15 formMapReboot stack-based overflow
E
CVE-2025-5504 TOTOLINK X2000R formWsc command injection
E
CVE-2025-5505 TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting
E
CVE-2025-5506 TOTOLINK A3002RU NAT Mapping Page cross site scripting
E
CVE-2025-5507 TOTOLINK A3002RU MAC Filtering Page cross site scripting
E
CVE-2025-5508 TOTOLINK A3002RU IP Port Filtering Page cross site scripting
E
CVE-2025-5509 quequnlong shiyi-blog upload path traversal
E
CVE-2025-5510 quequnlong shiyi-blog optimize server-side request forgery
E
CVE-2025-5511 quequnlong shiyi-blog photos improper authorization
E
CVE-2025-5512 quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication
E
CVE-2025-5513 quequnlong shiyi-blog add cross site scripting
E
CVE-2025-5515 TOTOLINK X2000R formMapDel command injection
E
CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting
E
CVE-2025-5520 Open5GS AMF/MME emm_state_authentication assertion
E S
CVE-2025-5521 WuKongOpenSource WukongCRM updataPassword cross-site request forgery
E
CVE-2025-5522 jack0240 魏 bskms 蓝天幼儿园管理系统 User Creation addUser improper authorization
E
CVE-2025-5523 enilu web-flash File Upload upload fileService.upload cross site scripting
E
CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag
CVE-2025-5525 Jrohy trojan linux.go LogChan os command injection
E
CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update
E
CVE-2025-5527 Tenda RX3 SetStaticRouteCfg save_staticroute_data stack-based overflow
E
CVE-2025-5528 Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5531 Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5532 Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5534 ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5535 e.nigma buttons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5536 Freemind Viewer <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5537 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting
S
CVE-2025-5538 BNS Featured Category <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5539 Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-5540 Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5541 Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5542 TOTOLINK X2000R Virtual Server Page formPortFw cross site scripting
E
CVE-2025-5543 TOTOLINK X2000R Parent Controls Page cross site scripting
E
CVE-2025-5544 aaluoxiang oa_system UserpanelController.java image path traversal
E
CVE-2025-5545 aaluoxiang oa_system ProcedureController.java image path traversal
E
CVE-2025-5546 PHPGurukul Daily Expense Tracker System expense-reports-detailed.php sql injection
E
CVE-2025-5547 FreeFloat FTP Server CDUP Command buffer overflow
E
CVE-2025-5548 FreeFloat FTP Server NOOP Command buffer overflow
E
CVE-2025-5549 FreeFloat FTP Server PASV Command buffer overflow
E
CVE-2025-5550 FreeFloat FTP Server PBSZ Command buffer overflow
E
CVE-2025-5551 FreeFloat FTP Server SYSTEM Command buffer overflow
E
CVE-2025-5552 ChestnutCMS API Endpoint exec deserialization
E
CVE-2025-5553 PHPGurukul Rail Pass Management System download-pass.php sql injection
E
CVE-2025-5554 PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection
E
CVE-2025-5556 PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection
E
CVE-2025-5557 PHPGurukul Teacher Subject Allocation Management System edit-course.php sql injection
E
CVE-2025-5558 PHPGurukul Teacher Subject Allocation Management System changeimage.php sql injection
E
CVE-2025-5559 TimeZoneCalculator <= 3.37 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5560 PHPGurukul Curfew e-Pass Management System index.php sql injection
E
CVE-2025-5561 PHPGurukul Curfew e-Pass Management System view-pass-detail.php sql injection
E
CVE-2025-5562 PHPGurukul Curfew e-Pass Management System edit-category-detail.php sql injection
E
CVE-2025-5563 WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection
CVE-2025-5564 GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5565 Hide It <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5566 PHPGurukul Notice Board System search-notice.php sql injection
E
CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute
CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5569 IdeaCMS getList.html Goods sql injection
S
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
CVE-2025-5571 D-Link DCS-932L setSystemAdmin os command injection
E
CVE-2025-5572 D-Link DCS-932L setSystemEmail stack-based overflow
E
CVE-2025-5573 D-Link DCS-932L setSystemWizard setSystemControl os command injection
E
CVE-2025-5574 PHPGurukul Dairy Farm Shop Management System add-company.php sql injection
E
CVE-2025-5575 PHPGurukul Dairy Farm Shop Management System add-product.php sql injection
E
CVE-2025-5576 PHPGurukul Dairy Farm Shop Management System bwdate-report-details.php sql injection
E
CVE-2025-5577 PHPGurukul Dairy Farm Shop Management System profile.php sql injection
E
CVE-2025-5578 PHPGurukul Dairy Farm Shop Management System sales-report-details.php sql injection
E
CVE-2025-5579 PHPGurukul Dairy Farm Shop Management System search-product.php sql injection
E
CVE-2025-5580 CodeAstro Real Estate Management System login.php sql injection
E
CVE-2025-5581 CodeAstro Real Estate Management System index.php sql injection
E
CVE-2025-5582 CodeAstro Real Estate Management System profile.php sql injection
E
CVE-2025-5583 CodeAstro Real Estate Management System register.php sql injection
E
CVE-2025-5584 PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting
E
CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute
CVE-2025-5586 WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5588 Image Editor by Pixo <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter
CVE-2025-5589 StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter
CVE-2025-5590 Owl carousel responsive <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter
CVE-2025-5592 FreeFloat FTP Server PASSIVE Command buffer overflow
E
CVE-2025-5593 FreeFloat FTP Server HOST Command buffer overflow
E
CVE-2025-5594 FreeFloat FTP Server SET Command buffer overflow
E
CVE-2025-5595 FreeFloat FTP Server PROGRESS Command buffer overflow
E
CVE-2025-5596 FreeFloat FTP Server REGET Command buffer overflow
E
CVE-2025-5597 WF Steuerungstechnik GmbH - airleader MASTER - Authentication Bypass
CVE-2025-5598 WF Steuerungstechnik GmbH - airleader MASTER - Path Traversal
CVE-2025-5599 PHPGurukul Student Result Management System editmyexp.php sql injection
E
CVE-2025-5600 TOTOLINK EX1200T cstecgi.cgi setLanguageCfg stack-based overflow
E
CVE-2025-5601 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
S
CVE-2025-5602 Campcodes Hospital Management System registration.php sql injection
E
CVE-2025-5603 Campcodes Hospital Management System registration.php sql injection
E
CVE-2025-5604 Campcodes Hospital Management System user-login.php sql injection
E
CVE-2025-5606 Tenda AC18 SetIPTVCfg formSetIptv command injection
E
CVE-2025-5607 Tenda AC18 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5608 Tenda AC18 SetSysAutoRebbotCfg formsetreboottimer buffer overflow
E
CVE-2025-5609 Tenda AC18 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5610 CodeAstro Real Estate Management System submitpropertydelete.php sql injection
E
CVE-2025-5611 CodeAstro Real Estate Management System submitpropertyupdate.php sql injection
E S
CVE-2025-5612 PHPGurukul Online Fire Reporting System reporting.php sql injection
E
CVE-2025-5613 PHPGurukul Online Fire Reporting System request-details.php sql injection
E
CVE-2025-5614 PHPGurukul Online Fire Reporting System search-report-result.php sql injection
E
CVE-2025-5615 PHPGurukul Online Fire Reporting System details.php sql injection
E
CVE-2025-5616 PHPGurukul Online Fire Reporting System profile.php sql injection
E
CVE-2025-5617 PHPGurukul Online Fire Reporting System manage-teams.php sql injection
E
CVE-2025-5618 PHPGurukul Online Fire Reporting System edit-team.php sql injection
E
CVE-2025-5619 Tenda CH22 addUserName formaddUserName stack-based overflow
E
CVE-2025-5620 D-Link DIR-816 setipsec_config os command injection
E
CVE-2025-5621 D-Link DIR-816 qosClassifier os command injection
E
CVE-2025-5622 D-Link DIR-816 wirelessApcli_5g stack-based overflow
E
CVE-2025-5623 D-Link DIR-816 qosClassifier stack-based overflow
E
CVE-2025-5624 D-Link DIR-816 QoSPortSetup stack-based overflow
E
CVE-2025-5625 Campcodes Online Teacher Record Management System search-teacher.php sql injection
E
CVE-2025-5626 Campcodes Online Teacher Record Management System edit-subjects-detail.php sql injection
E
CVE-2025-5627 code-projects Patient Record Management System sputum_form.php sql injection
E
CVE-2025-5628 SourceCodester Food Menu Manager Add Menu index.php cross site scripting
E
CVE-2025-5629 Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow
E
CVE-2025-5630 D-Link DIR-816 form2lansetup.cgi stack-based overflow
E
CVE-2025-5631 code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection
E
CVE-2025-5632 code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
E
CVE-2025-5633 code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
E
CVE-2025-5634 PCMan FTP Server NOOP Command buffer overflow
E
CVE-2025-5635 PCMan FTP Server PLS Command buffer overflow
E
CVE-2025-5636 PCMan FTP Server SET Command buffer overflow
E
CVE-2025-5637 PCMan FTP Server SYSTEM Command buffer overflow
E
CVE-2025-5638 PHPGurukul Notice Board System admin-profile.php sql injection
E
CVE-2025-5639 PHPGurukul Notice Board System forgot-password.php sql injection
E
CVE-2025-5640 PX4-Autopilot TRAJECTORY_REPRESENTATION_WAYPOINTS Message mavlink_receiver.cpp stack-based overflow
E
CVE-2025-5641 Radare2 radiff2 cons.c r_cons_is_breaked memory corruption
E S
CVE-2025-5642 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
E S
CVE-2025-5643 Radare2 radiff2 cons.c cons_stack_load memory corruption
E S
CVE-2025-5644 Radare2 radiff2 cons.c r_cons_flush use after free
E S
CVE-2025-5645 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
E S
CVE-2025-5646 Radare2 radiff2 pal.c r_cons_rainbow_free memory corruption
E S
CVE-2025-5647 Radare2 radiff2 cons.c r_cons_context_break_pop memory corruption
E S
CVE-2025-5648 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
E S
CVE-2025-5649 SourceCodester Student Result Management System Register Interface new_user access control
E
CVE-2025-5650 1000projects Online Notice Board register.php sql injection
E
CVE-2025-5651 code-projects Traffic Offense Reporting System saveuser.php cross site scripting
E
CVE-2025-5652 PHPGurukul Complaint Management System between-date-complaintreport.php sql injection
E
CVE-2025-5653 PHPGurukul Complaint Management System between-date-userreport.php sql injection
E
CVE-2025-5654 PHPGurukul Complaint Management System edit-state.php sql injection
E
CVE-2025-5655 PHPGurukul Complaint Management System edit-subcategory.php sql injection
E
CVE-2025-5656 PHPGurukul Complaint Management System edit-category.php sql injection
E
CVE-2025-5657 PHPGurukul Complaint Management System manage-users.php sql injection
E
CVE-2025-5658 PHPGurukul Complaint Management System updatecomplaint.php sql injection
E
CVE-2025-5659 PHPGurukul Complaint Management System profile.php sql injection
E
CVE-2025-5660 PHPGurukul Complaint Management System register-complaint.php sql injection
E
CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting
E
CVE-2025-5663 PHPGurukul Auto Taxi Stand Management System search-autoortaxi.php sql injection
E
CVE-2025-5664 FreeFloat FTP Server RESTART Command buffer overflow
E
CVE-2025-5665 FreeFloat FTP Server XCWD Command buffer overflow
E
CVE-2025-5666 FreeFloat FTP Server XMKD Command buffer overflow
E
CVE-2025-5667 FreeFloat FTP Server REIN Command buffer overflow
E
CVE-2025-5668 PHPGurukul Medical Card Generation System readenq.php sql injection
E
CVE-2025-5669 PHPGurukul Medical Card Generation System unreadenq.php sql injection
E
CVE-2025-5670 PHPGurukul Medical Card Generation System manage-card.php sql injection
E
CVE-2025-5671 TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow
E
CVE-2025-5672 TOTOLINK N302R Plus HTTP POST Request formFilter buffer overflow
E
CVE-2025-5673 Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter
CVE-2025-5674 code-projects Patient Record Management System urinalysis_form.php sql injection
E
CVE-2025-5675 Campcodes Online Teacher Record Management System bwdates-reports-details.php sql injection
E
CVE-2025-5676 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-5677 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter
CVE-2025-5679 Shenzhen Dashi Tongzhou Information Technology AgileBPM SysToolsController.java parseStrByFreeMarker deserialization
E
CVE-2025-5680 Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserialization
E
CVE-2025-5682 Klaro Cookie & Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-080
CVE-2025-5683 When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. T...
CVE-2025-5685 Tenda CH22 Natlimit formNatlimit stack-based overflow
E
CVE-2025-5686 Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5687 A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *Thi...
CVE-2025-5688 Out of Bounds Write in FreeRTOS-Plus-TCP
CVE-2025-5689 Improper Permission Management in SSH Session Handling
CVE-2025-5690 Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
M
CVE-2025-5692 Lead Form Data Collection to CRM <= 3.1 - Authenticated (Subscriber+) Arbitrary Options Update
S
CVE-2025-5693 PHPGurukul Human Metapneumovirus Testing Management System bwdates-report-result.php sql injection
E
CVE-2025-5694 PHPGurukul Human Metapneumovirus Testing Management System search-report-result.php sql injection
E
CVE-2025-5695 FLIR AX8 Backend subscriptions.php subscribe_to_alarm command injection
E S
CVE-2025-5696 Brilliance Golden Link Secondary System rentChangeCheckInfoPage.htm sql injection
E
CVE-2025-5697 Brilliance Golden Link Secondary System tcCustDeferPosiQuery.htm sql injection
E
CVE-2025-5698 Brilliance Golden Link Secondary System logSelect.htm sql injection
E
CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS
CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5701 HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update
CVE-2025-5702 The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and ...
M
CVE-2025-5703 StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter
CVE-2025-5704 code-projects Real Estate Property Management System User.php sql injection
E
CVE-2025-5705 code-projects Real Estate Property Management System Property.php sql injection
E
CVE-2025-5706 PHPGurukul Human Metapneumovirus Testing Management System new-user-testing.php sql injection
E
CVE-2025-5707 PHPGurukul Human Metapneumovirus Testing Management System registered-user-testing.php sql injection
E
CVE-2025-5708 code-projects Real Estate Property Management System NewsReport.php sql injection
E
CVE-2025-5709 code-projects Real Estate Property Management System InsertCategory.php sql injection
E
CVE-2025-5710 code-projects Real Estate Property Management System InsertState.php sql injection
E
CVE-2025-5711 code-projects Real Estate Property Management System InsertCity.php sql injection
E
CVE-2025-5712 SourceCodester Open Source Clinic Management System appointment.php sql injection
E
CVE-2025-5713 SoluçõesCoop iSoluçõesWEB Flow fluxos-dashboard cross site scripting
E
CVE-2025-5714 SoluçõesCoop iSoluçõesWEB Profile Information Update up.upload.php path traversal
E
CVE-2025-5715 Signal App Biometric Authentication missing critical step in authentication
E
CVE-2025-5716 SourceCodester Open Source Clinic Management System login.php sql injection
E
CVE-2025-5719 The wallet has an authentication bypass vulnerability that allows access to specific pages....
CVE-2025-5721 SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting
E
CVE-2025-5722 SourceCodester Student Result Management System Add Academic Term terms cross site scripting
E
CVE-2025-5723 SourceCodester Student Result Management System Classes Page classes cross site scripting
E
CVE-2025-5724 SourceCodester Student Result Management System Subjects Page subjects cross site scripting
E
CVE-2025-5725 SourceCodester Student Result Management System Grading System Page grading-system cross site scripting
E
CVE-2025-5726 SourceCodester Student Result Management System Division System Page division-system cross site scripting
E
CVE-2025-5727 SourceCodester Student Result Management System Announcement Page announcement cross site scripting
E
CVE-2025-5728 SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload
E
CVE-2025-5729 code-projects Health Center Patient Record Management System birthing_record.php sql injection
E
CVE-2025-5730 Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS
E
CVE-2025-5731 Infinispan: credential leakage in infinispan cli
M
CVE-2025-5732 code-projects Traffic Offense Reporting System cross-site request forgery
E
CVE-2025-5733 Modern Events Calendar <= 7.21.9 - Information Exposure
CVE-2025-5734 TOTOLINK X15 HTTP POST Request formWlanRedirect buffer overflow
E
CVE-2025-5735 TOTOLINK X15 HTTP POST Request formSetLg buffer overflow
E
CVE-2025-5736 TOTOLINK X15 HTTP POST Request formNtp buffer overflow
E
CVE-2025-5737 TOTOLINK X15 HTTP POST Request formDosCfg buffer overflow
E
CVE-2025-5738 TOTOLINK X15 HTTP POST Request formStats buffer overflow
E
CVE-2025-5739 TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow
E
CVE-2025-5740 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
CVE-2025-5741 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
CVE-2025-5742 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnera...
CVE-2025-5743 CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
CVE-2025-5745 The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and...
M
CVE-2025-5746 Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload
CVE-2025-5747 WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability
CVE-2025-5748 WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2025-5749 WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability
CVE-2025-5750 WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5751 WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability
CVE-2025-5755 SourceCodester Open Source Clinic Management System email_config.php sql injection
E
CVE-2025-5756 code-projects Real Estate Property Management System EditCity.php sql injection
E
CVE-2025-5757 code-projects Traffic Offense Reporting System save-reported.php cross site scripting
E
CVE-2025-5758 SourceCodester Open Source Clinic Management System doctor.php sql injection
E
CVE-2025-5759 PHPGurukul Local Services Search Engine Management System edit-person-detail.php sql injection
E
CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode
CVE-2025-5761 PHPGurukul BP Monitoring Management System edit-family-member.php sql injection
E
CVE-2025-5762 code-projects Patient Record Management System view_hematology.php sql injection
E
CVE-2025-5763 Tenda CP3 apollo sub_F3C8C command injection
E
CVE-2025-5764 code-projects Laundry System insert_laundry.php cross site scripting
E
CVE-2025-5765 code-projects Laundry System edit_laundry.php cross site scripting
E
CVE-2025-5766 code-projects Laundry System cross-site request forgery
E
CVE-2025-5777 NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
KEV
CVE-2025-5778 1000 Projects ABC Courier Management System admin sql injection
E
CVE-2025-5779 code-projects Patient Record Management System birthing.php sql injection
E
CVE-2025-5780 code-projects Patient Record Management System view_dental.php sql injection
E
CVE-2025-5782 PHPGurukul Employee Record Management System resetpassword.php sql injection
E
CVE-2025-5783 PHPGurukul Employee Record Management System editmyexp.php sql injection
E
CVE-2025-5784 PHPGurukul Employee Record Management System myexp.php sql injection
E
CVE-2025-5785 TOTOLINK X15 HTTP POST Request formWirelessTbl buffer overflow
E
CVE-2025-5786 TOTOLINK X15 HTTP POST Request formDMZ buffer overflow
E
CVE-2025-5787 TOTOLINK X15 HTTP POST Request formWsc buffer overflow
E
CVE-2025-5788 TOTOLINK X15 HTTP POST Request formReflashClientTbl buffer overflow
E
CVE-2025-5789 TOTOLINK X15 HTTP POST Request formPortFw buffer overflow
E
CVE-2025-5790 TOTOLINK X15 HTTP POST Request formIpQoS buffer overflow
E
CVE-2025-5791 Users: `root` appended to group listings
CVE-2025-5792 TOTOLINK EX1200T HTTP POST Request formWlanRedirect buffer overflow
E
CVE-2025-5793 TOTOLINK EX1200T HTTP POST Request formPortFw buffer overflow
E
CVE-2025-5794 Tenda AC5 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5795 Tenda AC5 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5796 code-projects Laundry System edit_type.php cross site scripting
E
CVE-2025-5797 code-projects Laundry System insert_type.php cross site scripting
E
CVE-2025-5798 Tenda AC8 SetSysTimeCfg fromSetSysTime stack-based overflow
E
CVE-2025-5799 Tenda AC8 WifiExtraSet fromSetWirelessRepeat stack-based overflow
E
CVE-2025-5806 Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Con...
CVE-2025-5807 Gwolle Guestbook <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter
CVE-2025-5812 VG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
CVE-2025-5813 Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation
CVE-2025-5814 Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration
CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update
CVE-2025-5817 Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery
CVE-2025-5820 Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability
S
CVE-2025-5822 Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability
CVE-2025-5823 Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability
CVE-2025-5824 Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability
CVE-2025-5825 Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability
CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability
CVE-2025-5827 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5828 Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5829 Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5830 Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5832 Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability
CVE-2025-5833 Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability
CVE-2025-5834 Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
CVE-2025-5836 Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection
E
CVE-2025-5837 PHPGurukul Employee Record Management System allemployees.php sql injection
E
CVE-2025-5838 PHPGurukul Employee Record Management System adminprofile.php sql injection
E
CVE-2025-5839 Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5840 SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload
E
CVE-2025-5841 ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
CVE-2025-5842 Modern Design Library <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
S
CVE-2025-5846 Missing Authorization in GitLab
S
CVE-2025-5847 Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
E
CVE-2025-5848 Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5849 Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
E
CVE-2025-5850 Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow
E
CVE-2025-5851 Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5852 Tenda AC6 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5853 Tenda AC6 SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
E
CVE-2025-5854 Tenda AC6 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5855 Tenda AC6 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2025-5856 PHPGurukul BP Monitoring Management System registration.php sql injection
E
CVE-2025-5857 code-projects Patient Record Management System urinalysis_record.php sql injection
E
CVE-2025-5858 PHPGurukul Nipah Virus Testing Management System patient-report.php sql injection
E
CVE-2025-5859 PHPGurukul Nipah Virus Testing Management System test-details.php sql injection
E
CVE-2025-5860 PHPGurukul Maid Hiring Management System search-booking-request.php sql injection
E
CVE-2025-5861 Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5862 Tenda AC7 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5863 Tenda AC5 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2025-5864 Tenda TDSEE App Password Reset Confirmation Code ConfirmSmsCode excessive authentication
E
CVE-2025-5865 RT-Thread Parameter lwp_syscall.c sys_select memory corruption
E
CVE-2025-5866 RT-Thread lwp_syscall.c sys_sigprocmask array index
E
CVE-2025-5867 RT-Thread lwp_syscall.c csys_sendto null pointer dereference
E
CVE-2025-5868 RT-Thread lwp_syscall.c sys_thread_sigprocmask array index
E
CVE-2025-5869 RT-Thread lwp_syscall.c sys_recvfrom memory corruption
E
CVE-2025-5870 TRENDnet TV-IP121W Web Interface setup.cgi improper authentication
E
CVE-2025-5871 Papendorf SOL Connect Center Web Interface missing authentication
E
CVE-2025-5872 eGauge EG3000 Energy Monitor Setting missing authentication
E
CVE-2025-5873 eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload
E
CVE-2025-5874 Redash getattr python.py run_query sandbox
E
CVE-2025-5875 TP-LINK Technologies TL-IPC544EP-W4 main sub_69064 buffer overflow
E
CVE-2025-5876 Lucky LM-520-SC/LM-520-FSC/LM-520-FSC-SAM missing authentication
E
CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
E
CVE-2025-5878 ESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special element
S
CVE-2025-5879 WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting
E
CVE-2025-5880 Whistle get-temp-file path traversal
CVE-2025-5881 code-projects Chat System confirm_password.php sql injection
E
CVE-2025-5884 Konica Minolta bizhub Display MFP Information List cross site scripting
E
CVE-2025-5885 Konica Minolta bizhub cross-site request forgery
E
CVE-2025-5886 Emlog article.php cross site scripting
E
CVE-2025-5887 jsnjfz WebStack-Guns File Upload UserMgrController.java cross site scripting
E
CVE-2025-5888 jsnjfz WebStack-Guns cross-site request forgery
E
CVE-2025-5889 juliangruber brace-expansion index.js expand redos
E S
CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos
CVE-2025-5891 Unitech pm2 Config.js redos
E S
CVE-2025-5892 RocketChat parseMessage.js parseMessage redos
E S
CVE-2025-5893 Honding Technology Smart Parking Management System - Exposure of Sensitive Information
S
CVE-2025-5894 Honding Technology Smart Parking Management System - Missing Authorization
S
CVE-2025-5895 Metabase dom.js parseDataUri redos
E S
CVE-2025-5896 tarojs taro index.js redos
E S
CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
E S
CVE-2025-5898 GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write
E
CVE-2025-5899 GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
E
CVE-2025-5900 Tenda AC9 cross-site request forgery
E
CVE-2025-5901 TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow
E
CVE-2025-5902 TOTOLINK T10 POST Request cstecgi.cgi setUpgradeFW buffer overflow
E S
CVE-2025-5903 TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow
E
CVE-2025-5904 TOTOLINK T10 POST Request cstecgi.cgi setWiFiMeshName buffer overflow
E
CVE-2025-5905 TOTOLINK T10 POST Request cstecgi.cgi setWiFiRepeaterCfg buffer overflow
E
CVE-2025-5906 code-projects Laundry System data missing authentication
E
CVE-2025-5907 TOTOLINK EX1200T HTTP POST Request formFilter buffer overflow
E
CVE-2025-5908 TOTOLINK EX1200T HTTP POST Request formIpQoS buffer overflow
E
CVE-2025-5909 TOTOLINK EX1200T HTTP POST Request formReflashClientTbl buffer overflow
E
CVE-2025-5910 TOTOLINK EX1200T HTTP POST Request formWsc buffer overflow
E
CVE-2025-5911 TOTOLINK EX1200T HTTP POST Request formDMZ buffer overflow
E
CVE-2025-5912 D-Link DIR-632 HTTP POST Request do_file stack-based overflow
E
CVE-2025-5913 PHPGurukul Vehicle Record Management System search-vehicle.php sql injection
E
CVE-2025-5914 Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
E S
CVE-2025-5915 Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c
M
CVE-2025-5916 Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c
M
CVE-2025-5917 Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
M
CVE-2025-5918 Libarchive: reading past eof may be triggered for piped file streams
M
CVE-2025-5920 Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access
E
CVE-2025-5923 Game Review Block <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-5924 WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification
CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update
CVE-2025-5926 Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-5927 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion
CVE-2025-5928 WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update
CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter
CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update
CVE-2025-5932 Homerunner <= 1.0.29 - Cross-Site Request Forgery to Settings Update
CVE-2025-5933 RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update
CVE-2025-5934 Netgear EX3700 mtd sub_41619C stack-based overflow
E
CVE-2025-5935 Open5GS AMF/MME emm-sm.c common_register_state denial of service
E S
CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync
CVE-2025-5937 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset
S
CVE-2025-5938 Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import
CVE-2025-5939 Telegram for WP <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-5940 Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter
CVE-2025-5943 MicroDicom DICOM Viewer Out-of-bounds Write
S
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute
E S
CVE-2025-5945 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5950 IndieBlocks <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter
CVE-2025-5951 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5952 Zend.To NSSDropoff.php exec os command injection
E
CVE-2025-5953 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX Action
CVE-2025-5956 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function
CVE-2025-5957 Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion
CVE-2025-5958 Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potent...
CVE-2025-5959 Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute a...
CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload
E S
CVE-2025-5963 TCC Bypass via Dylib Injection in Postbox
CVE-2025-5964 Path traversal in M-Files API
S
CVE-2025-5966 Stored XSS
CVE-2025-5967 A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbit...
CVE-2025-5969 D-Link DIR-632 HTTP POST Request biurl_grou FUN_00425fd8 stack-based overflow
E
CVE-2025-5970 PHPGurukul Restaurant Table Booking System add-subadmin.php cross site scripting
E
CVE-2025-5971 code-projects School Fees Payment System ajx.php sql injection
E
CVE-2025-5972 PHPGurukul Restaurant Table Booking System manage-subadmins.php cross site scripting
E
CVE-2025-5973 PHPGurukul Restaurant Table Booking System add-table.php cross site scripting
E
CVE-2025-5974 PHPGurukul Restaurant Table Booking System check-status.php cross site scripting
E
CVE-2025-5975 PHPGurukul Rail Pass Management System download-pass.php cross site scripting
E
CVE-2025-5976 PHPGurukul Rail Pass Management System add-pass.php cross site scripting
E
CVE-2025-5977 code-projects School Fees Payment System datatable.php sql injection
E
CVE-2025-5978 Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow
E
CVE-2025-5979 code-projects School Fees Payment System branch.php sql injection
E
CVE-2025-5980 code-projects Restaurant Order System order.php sql injection
E
CVE-2025-5981 Arbitrary File write in OSV-SCALIBR
CVE-2025-5982 Insufficient Granularity of Access Control in GitLab
S
CVE-2025-5984 SourceCodester Online Student Clearance System add-fee.php cross site scripting
CVE-2025-5985 code-projects School Fees Payment System improper authentication
E
CVE-2025-5986 A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf fi...
CVE-2025-5987 Libssh: invalid return code for chacha20 poly1305 with openssl backend
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
S
CVE-2025-5991 Use after free in QHttp2ProtocolHandler
CVE-2025-5992 Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service
CVE-2025-5995 Canon EOS Webcam Utility Pro for MAC OS contains an insecure permission issue potentially leading to code execution and privilege escalation
M
CVE-2025-5996 Allocation of Resources Without Limits or Throttling in GitLab
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.