CVE-2025-5xxx

There are 893 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-5000 Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi control_panel_sw command injection
E
CVE-2025-5001 GNU PSPP pspp-convert.c calloc integer overflow
E
CVE-2025-5002 SourceCodester Client Database Management System user_proposal_update_order.php sql injection
E
CVE-2025-5003 projectworlds Online Time Table Generator semester_ajax.php sql injection
E
CVE-2025-5004 projectworlds Online Time Table Generator add_course.php sql injection
E
CVE-2025-5006 Campcodes Online Shopping Portal category.php sql injection
E
CVE-2025-5007 Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting
E S
CVE-2025-5008 projectworlds Online Time Table Generator add_teacher.php sql injection
E
CVE-2025-5010 moonlightL hexo-boot Blog Backend index.html cross site scripting
E
CVE-2025-5011 moonlightL hexo-boot Dynamic List Page index.html cross site scripting
E
CVE-2025-5012 Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media'
CVE-2025-5013 HkCms Search index.html cross site scripting
E
CVE-2025-5014 Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-5015 Parsons AccuWeather Widget Cross-site Scripting
S
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights
CVE-2025-5018 Hive Support <= 1.2.4 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox
CVE-2025-5019 Hive Support <= 1.2.4 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function
CVE-2025-5020 Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attack...
CVE-2025-5022 Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system moni...
CVE-2025-5023 Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system m...
CVE-2025-5024 Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
M
CVE-2025-5025 No QUIC certificate pinning with wolfSSL
E
CVE-2025-5026 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5028 Arbitrary file deletion vulnerability in ESET product installers
CVE-2025-5029 Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal
E S
CVE-2025-5030 Ackites KillWxapkg wxapkg File Parser unpack.go processFile os command injection
E
CVE-2025-5031 Ackites KillWxapkg wxapkg File Decompression resource consumption
E
CVE-2025-5032 Campcodes Online Shopping Portal edit-category.php sql injection
E
CVE-2025-5033 XiaoBingby TeaCMS addUser cross-site request forgery
E
CVE-2025-5034 WP File Download < 6.2.6 - Reflected XSS
E
CVE-2025-5035 Firelight Lightbox < 2.3.16 - Contributor+ Stored XSS
E
CVE-2025-5036 RFA File Parsing Use-After-Free Vulnerability
S
CVE-2025-5037 RFA File Parsing Memory Corruption Vulnerability
S
CVE-2025-5038 X_T File Parsing Memory Corruption Vulnerability
S
CVE-2025-5039 Privilege Ecalation due to Untrusted Search Path Vulnerability
S
CVE-2025-5040 RTE File Parsing Heap-Based Overflow Vulnerability
S
CVE-2025-5042 RFA File Parsing Out-of-Bounds Read Vulnerability
S
CVE-2025-5043 3DM File Parsing Heap-Based Overflow Vulnerability
S
CVE-2025-5046 DGN File Parsing Out-of-Bounds Read Vulnerability
S
CVE-2025-5047 DGN File Parsing Uninitialized Variable Vulnerability
S
CVE-2025-5048 DGN File Parsing Memory Corruption Vulnerability
S
CVE-2025-5049 FreeFloat FTP Server APPEND Command buffer overflow
E
CVE-2025-5050 FreeFloat FTP Server BELL Command buffer overflow
E
CVE-2025-5051 FreeFloat FTP Server BINARY Command buffer overflow
E
CVE-2025-5052 FreeFloat FTP Server LS Command buffer overflow
E
CVE-2025-5053 FreeFloat FTP Server MDIR Command buffer overflow
E
CVE-2025-5054 Race Condition in Canonical Apport
E M
CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-5056 Campcodes Online Shopping Portal edit-products.php sql injection
E
CVE-2025-5057 Campcodes Online Shopping Portal insert-product.php sql injection
E
CVE-2025-5058 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image()
E
CVE-2025-5059 Campcodes Online Shopping Portal edit-subcategory.php unrestricted upload
E
CVE-2025-5060 Bravis User <= 1.0.0 - Authentication Bypass to Account Takeover
CVE-2025-5061 WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload
S
CVE-2025-5062 WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting
CVE-2025-5063 Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to p...
CVE-2025-5064 Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed...
CVE-2025-5065 Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed...
CVE-2025-5066 Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed ...
CVE-2025-5067 Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote a...
CVE-2025-5068 Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potenti...
CVE-2025-5071 AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
S
CVE-2025-5072 Resource leaks in cm
CVE-2025-5073 FreeFloat FTP Server MKDIR Command buffer overflow
E
CVE-2025-5074 FreeFloat FTP Server PROMPT Command buffer overflow
E
CVE-2025-5075 FreeFloat FTP Server DEBUG Command buffer overflow
E
CVE-2025-5076 FreeFloat FTP Server SEND Command buffer overflow
E
CVE-2025-5077 Campcodes Online Shopping Portal edit-subcategory.php sql injection
E
CVE-2025-5078 Campcodes Online Shopping Portal subcategory.php sql injection
E
CVE-2025-5079 Campcodes Online Shopping Portal updateorder.php sql injection
E
CVE-2025-5080 Tenda FH451 webExcptypemanFilter stack-based overflow
E
CVE-2025-5081 Campcodes Cybercafe Management System adminprofile.php sql injection
E
CVE-2025-5082 WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter
CVE-2025-5084 Post Grid Master <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text']
E
CVE-2025-5086 Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
CVE-2025-5087 Cleartext Transmission of Sensitive Information in Kaleris Navis N4
S
CVE-2025-5093 Responsive Lightbox & Gallery < 2.5.2 - Contributor+ Stored XSS
E
CVE-2025-5095 Burk Technology ARC Solo Missing Authentication for Critical Function
S
CVE-2025-5096 TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters
S
CVE-2025-5097 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5098 KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure
E
CVE-2025-5099 KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write
E
CVE-2025-5100 KL-001-2025-005: Mobile Dynamix PrinterShare Mobile Print Double-Free Memory Write
CVE-2025-5101 Improper Control of Generation of Code ('Code Injection') in GitLab
E S
CVE-2025-5103 Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function
S
CVE-2025-5104 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5105 TOZED ZLT W51 Service Port 7777 heap inspection
E M
CVE-2025-5106 Fujian Kelixun Filename fax_view.php os command injection
E
CVE-2025-5107 Fujian Kelixun xml_cdr_details.php sql injection
E
CVE-2025-5108 zongzhige ShopXO ZIP File Payment.php Upload unrestricted upload
E
CVE-2025-5109 FreeFloat FTP Server STATUS Command buffer overflow
E
CVE-2025-5110 FreeFloat FTP Server VERBOSE Command buffer overflow
E
CVE-2025-5111 FreeFloat FTP Server TYPE Command buffer overflow
E
CVE-2025-5112 FreeFloat FTP Server MGET Command buffer overflow
E
CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras
CVE-2025-5114 easysoft zentaopms Editor index.php edit deserialization
E
CVE-2025-5115 MadeYouReset HTTP/2 vulnerability
S
CVE-2025-5116 WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter
CVE-2025-5117 Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration
CVE-2025-5119 Emlog Pro api_controller.php sql injection
E
CVE-2025-5120 Sandbox Escape Vulnerability in huggingface/smolagents
E S
CVE-2025-5121 Missing Authorization in GitLab
E S
CVE-2025-5122 Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter
CVE-2025-5123 Contact Us Page – Contact People <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via style Parameter
CVE-2025-5124 Sony SNC-M1 Administrative Interface default credentials
E
CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS
E
CVE-2025-5126 FLIR AX8 settingsregional.php setDataTime command injection
E
CVE-2025-5127 FLIR AX8 prod.php cross site scripting
E
CVE-2025-5128 ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection
E
CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path
E
CVE-2025-5130 Tmall Demo uploadProductImage unrestricted upload
E
CVE-2025-5131 Tmall Demo uploadCategoryImage unrestricted upload
E
CVE-2025-5132 Tmall Demo logout cross-site request forgery
E
CVE-2025-5133 Tmall Demo Search Box cross site scripting
E
CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting
E
CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting
E
CVE-2025-5136 Tmall Demo Payment Identifier pay random values
E
CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
E
CVE-2025-5138 Bitwarden PDF File cross site scripting
E
CVE-2025-5139 Qualitor Office 365-type Connection testaConexaoOffice365.php command injection
E
CVE-2025-5140 Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery
E
CVE-2025-5141 Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache
S
CVE-2025-5142 Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters
S
CVE-2025-5143 TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode
S
CVE-2025-5144 The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
S
CVE-2025-5145 Netcore POWER13 Query String cgi-bin command injection
E
CVE-2025-5146 Netcore NBR200V2 HTTP Header routerd passwd_set command injection
E
CVE-2025-5147 Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection
E
CVE-2025-5148 FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
S
CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication
E
CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution
E M
CVE-2025-5151 defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
E S
CVE-2025-5152 Chanjet CRM newActivityedit.php sql injection
E
CVE-2025-5153 CMS Made Simple Design Manager Module cross site scripting
E
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk
E S
CVE-2025-5155 qianfox FoxCMS Article.php batchCope sql injection
E
CVE-2025-5156 H3C GR-5400AX aspForm EditWlanMacList buffer overflow
E
CVE-2025-5157 H3C SecCenter SMP-E1114P02 fileContent path traversal
CVE-2025-5158 H3C SecCenter SMP-E1114P02 downloadSoftware path traversal
E
CVE-2025-5159 H3C SecCenter SMP-E1114P02 download path traversal
E
CVE-2025-5160 H3C SecCenter SMP-E1114P02 download path traversal
E
CVE-2025-5161 H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal
E
CVE-2025-5162 H3C SecCenter SMP-E1114P02 importFile unrestricted upload
E
CVE-2025-5163 yangshare 技术杨工 warehouseManager 仓库管理系统 access control
E
CVE-2025-5164 PerfreeBlog JWT JwtUtil hard-coded key
E
CVE-2025-5165 Open Asset Import Library Assimp MDCLoader.cpp ValidateSurfaceHeader out-of-bounds
E
CVE-2025-5166 Open Asset Import Library Assimp MDC File Parser MDCLoader.cpp InternReadFile out-of-bounds
E
CVE-2025-5167 Open Asset Import Library Assimp LWOLoader.h GetS0 out-of-bounds
E
CVE-2025-5168 Open Asset Import Library Assimp MDLLoader.cpp ImportUVCoordinate_3DGS_MDL345 out-of-bounds
E
CVE-2025-5169 Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds
E
CVE-2025-5170 llisoft MTA Maita Training System AdminShitiController.java AdminShitiListRequestVo sql injection
E
CVE-2025-5171 llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload
E
CVE-2025-5172 Econtrata valida sql injection
CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization
CVE-2025-5174 erdogant pypickle pypickle.py load deserialization
E S
CVE-2025-5175 erdogant pypickle pypickle.py save improper authorization
E S
CVE-2025-5176 Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php sql injection
CVE-2025-5177 Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scripting
CVE-2025-5178 Realce Tecnologia Queue Ticket Kiosk Image File ajax.php unrestricted upload
CVE-2025-5179 Realce Tecnologia Queue Ticket Kiosk Cadastro de Administrador Page index.php cross site scripting
CVE-2025-5180 Wondershare Filmora Installer NFWCHK.exe uncontrolled search path
E
CVE-2025-5181 Summer Pearl Group Vacation Rental Management Platform updateListing cross site scripting
E S
CVE-2025-5182 Summer Pearl Group Vacation Rental Management Platform Listing authorization
E S
CVE-2025-5183 Summer Pearl Group Vacation Rental Management Platform Header redirect
S
CVE-2025-5184 Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
S
CVE-2025-5185 Summer Pearl Group Vacation Rental Management Platform cross-site request forgery
S
CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery
E
CVE-2025-5187 Nodes can delete themselves by adding an OwnerReference
S
CVE-2025-5190 Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie
CVE-2025-5191 Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows)
S
CVE-2025-5192 Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function
CVE-2025-5194 WP Map Block by aBlocks < 2.0.3 - Contributor+ Stored XSS via Marker
E
CVE-2025-5195 Authorization Bypass Through User-Controlled Key in GitLab
E S
CVE-2025-5196 Wing FTP Server Lua Admin Console unnecessary privileges
E S
CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
E
CVE-2025-5198 Stackrox: xss in stackrox
M
CVE-2025-5199 LPE on Multipass for macOS
E S
CVE-2025-5200 Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 out-of-bounds
E
CVE-2025-5201 Open Asset Import Library Assimp LWOLoader.cpp CountVertsAndFacesLWO2 out-of-bounds
E
CVE-2025-5202 Open Asset Import Library Assimp HL1MDLLoader.cpp validate_header out-of-bounds
E
CVE-2025-5203 Open Asset Import Library Assimp ParsingUtils.h SkipSpaces out-of-bounds
E
CVE-2025-5204 Open Asset Import Library Assimp MDLMaterialLoader.cpp ParseSkinLump_3DGS_MDL7 out-of-bounds
E
CVE-2025-5205 1000 Projects Daily College Class Work Report Book dcwr_entry.php sql injection
E
CVE-2025-5206 Pixelimity Installation index.php sql injection
E
CVE-2025-5207 SourceCodester Client Database Management System superadmin_update_profile.php sql injection
E
CVE-2025-5208 SourceCodester Online Hospital Management System check_availability.php sql injection
E
CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS
E
CVE-2025-5210 PHPGurukul Employee Record Management System loginerms.php sql injection
E
CVE-2025-5211 PHPGurukul Employee Record Management System myprofile.php sql injection
E
CVE-2025-5212 PHPGurukul Employee Record Management System editempexp.php sql injection
E
CVE-2025-5213 projectworlds Responsive E-Learning System delete_file.php sql injection
E
CVE-2025-5214 Kashipara Responsive Online Learing Platform course_detail_user_new.php sql injection
E
CVE-2025-5215 D-Link DCS-5020L ptdc.cgi websReadEvent stack-based overflow
E
CVE-2025-5216 PHPGurukul Student Record System login.php sql injection
E
CVE-2025-5217 FreeFloat FTP Server RMDIR Command buffer overflow
E
CVE-2025-5218 FreeFloat FTP Server LITERAL Command buffer overflow
E
CVE-2025-5219 FreeFloat FTP Server ASCII Command buffer overflow
E
CVE-2025-5220 FreeFloat FTP Server GET Command buffer overflow
E
CVE-2025-5221 FreeFloat FTP Server QUOTE Command buffer overflow
E
CVE-2025-5222 Icu: stack buffer overflow in the srbroot::addtag function
M
CVE-2025-5223 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5224 Campcodes Online Hospital Management System add-doctor.php sql injection
E
CVE-2025-5225 Campcodes Advanced Online Voting System index.php sql injection
E
CVE-2025-5226 PHPGurukul Small CRM change-password.php sql injection
E
CVE-2025-5227 PHPGurukul Small CRM manage-tickets.php sql injection
E
CVE-2025-5228 D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow
E
CVE-2025-5229 Campcodes Online Hospital Management System view-patient.php sql injection
E
CVE-2025-5230 PHPGurukul Online Nurse Hiring System bwdates-report-details.php sql injection
E
CVE-2025-5231 PHPGurukul Company Visitor Management System forgot-password.php sql injection
E
CVE-2025-5232 PHPGurukul Student Study Center Management System report.php sql injection
E
CVE-2025-5233 Color Palette <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter
CVE-2025-5234 Gutenverse News <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via elementId Parameter
S
CVE-2025-5235 OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
S
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter
S
CVE-2025-5237 Target Video Easy Publish <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5239 Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter
CVE-2025-5240 CRM and Lead Management by vcita <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter
CVE-2025-5241 Denial-of-Service Vulnerability in MELSEC iQ-F Series
CVE-2025-5242 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5243 Arbitrary File Upload in SMG Software's Information Portal
CVE-2025-5244 GNU Binutils ld elflink.c elf_gc_sweep memory corruption
E S
CVE-2025-5245 GNU Binutils objdump debug.c debug_type_samep memory corruption
E S
CVE-2025-5246 Campcodes Online Hospital Management System query-details.php sql injection
E
CVE-2025-5247 Gowabby HFish url.go LoadUrl improper authentication
E
CVE-2025-5248 PHPGurukul Company Visitor Management System bwdates-reports-details.php sql injection
E
CVE-2025-5249 PHPGurukul News Portal Project add-category.php sql injection
E
CVE-2025-5250 PHPGurukul News Portal Project edit-category.php sql injection
E
CVE-2025-5251 PHPGurukul News Portal Project edit-subcategory.php sql injection
E
CVE-2025-5252 PHPGurukul News Portal Project edit-subadmin.php sql injection
E
CVE-2025-5253 DoS in Kron Technologies' Kron PAM
CVE-2025-5254 Stored XSS in Kron Technologies' Kron PAM
CVE-2025-5255 TCC Bypass via Dylib Injection in Phoenix Code
S
CVE-2025-5256 Open Redirect vulnerability on user unlock path
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure
CVE-2025-5258 Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-5259 Minimal Share Buttons <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
CVE-2025-5260 SSRF in PozitifIK's Pik Online
CVE-2025-5261 IDOR in PozitifIK's Pik Online
CVE-2025-5262 A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initi...
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allo...
CVE-2025-5264 Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker cou...
CVE-2025-5265 Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker c...
CVE-2025-5266 Script elements loading cross-origin resources generated load and error events which leaked informat...
CVE-2025-5267 A clickjacking vulnerability could have been used to trick a user into leaking saved payment card de...
CVE-2025-5268 Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128....
CVE-2025-5269 Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of...
CVE-2025-5270 In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vul...
CVE-2025-5271 Previewing a response in Devtools ignored CSP headers, which could have allowed content injection at...
CVE-2025-5272 Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of...
CVE-2025-5273 All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible...
E
CVE-2025-5275 Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings
CVE-2025-5276 All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SS...
E
CVE-2025-5277 aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that on...
CVE-2025-5278 Coreutils: heap buffer under-read in gnu coreutils sort via key specification
M
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
CVE-2025-5280 Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to poten...
CVE-2025-5281 Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote att...
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
S
CVE-2025-5283 Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potent...
CVE-2025-5284 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter
CVE-2025-5287 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
CVE-2025-5288 REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function
CVE-2025-5289 3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters
S
CVE-2025-5290 Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5291 Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes
S
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2025-5295 FreeFloat FTP Server PORT Command buffer overflow
E
CVE-2025-5296 CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that cou...
CVE-2025-5297 SourceCodester Computer Store System main.c Add stack-based overflow
E
CVE-2025-5298 Campcodes Online Hospital Management System betweendates-detailsreports.php sql injection
E
CVE-2025-5299 SourceCodester Client Database Management System user_order_customer_update.php unrestricted upload
E
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
E S
CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index
CVE-2025-5303 LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter
CVE-2025-5304 PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function
CVE-2025-5306 Command Injection in Netflow path
S
CVE-2025-5307 Santesoft Sante DICOM Viewer Pro Out-of-bounds Read
S
CVE-2025-5309 Remote Support & Privileged Remote Access server side template injection
M
CVE-2025-5310 Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
S
CVE-2025-5314 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'
CVE-2025-5315 Missing Authorization in GitLab
E S
CVE-2025-5316 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5318 Libssh: out-of-bounds read in sftp_handle()
M
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
E
CVE-2025-5321 aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation
E
CVE-2025-5322 VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload
S
CVE-2025-5323 fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking
E
CVE-2025-5324 TechPowerUp GPU-Z 0x8000645C IOCTL GPU-Z.sys sub_140001880 memory leak
E
CVE-2025-5325 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testService special elements used in a template engine
E
CVE-2025-5326 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserialization
CVE-2025-5327 chshcms mccms Gf.php index server-side request forgery
E
CVE-2025-5328 chshcms mccms Backups.php restore_del path traversal
E
CVE-2025-5330 FreeFloat FTP Server RETR Command buffer overflow
E
CVE-2025-5331 PCMan FTP Server NLST Command buffer overflow
E
CVE-2025-5332 1000 Projects Online Notice Board index.php sql injection
E
CVE-2025-5333 Unauthenticated Remote Code Execution in IT Management Suite
CVE-2025-5334 Exposure of private personal information to an unauthorized actor in the user vaults component of De...
CVE-2025-5335 Privilege Ecalation due to Untrusted Search Path Vulnerability
S
CVE-2025-5336 Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter
CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter
S
CVE-2025-5338 Royal Elementor Addons <= 1.7.1024 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets
S
CVE-2025-5339 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id'
CVE-2025-5340 Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter
CVE-2025-5341 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters
S
CVE-2025-5344 Exposed AIDL service allowing for tampering of system secure settings in Bluebird kiosk application
CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application
CVE-2025-5346 File removal via path traversal in unsecured broadcast receiver in Bluebird barcode scanner application
CVE-2025-5349 NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface
CVE-2025-5351 Libssh: double free vulnerability in libssh key export functions
M
CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary
CVE-2025-5353 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated a...
CVE-2025-5356 FreeFloat FTP Server BYE Command buffer overflow
E
CVE-2025-5357 FreeFloat FTP Server PWD Command buffer overflow
E
CVE-2025-5358 PHPGurukul/Campcodes Cyber Cafe Management System bwdates-reports-details.php sql injection
E
CVE-2025-5359 Campcodes Online Hospital Management System appointment-history.php sql injection
E
CVE-2025-5360 Campcodes Online Hospital Management System book-appointment.php sql injection
E
CVE-2025-5361 Campcodes Online Hospital Management System contact.php sql injection
E
CVE-2025-5362 Campcodes Online Hospital Management System doctor-specilization.php sql injection
E
CVE-2025-5363 Campcodes Online Hospital Management System index.php sql injection
E
CVE-2025-5364 Campcodes Online Hospital Management System add-patient.php sql injection
E
CVE-2025-5365 Campcodes Online Hospital Management System patient-search.php sql injection
E
CVE-2025-5366 Stored XSS
CVE-2025-5367 PHPGurukul Online Shopping Portal Project category.php sql injection
E
CVE-2025-5368 PHPGurukul Daily Expense Tracker System expense-yearwise-reports-detailed.php sql injection
E
CVE-2025-5369 SourceCodester PHP Display Username After Login login.php sql injection
E
CVE-2025-5370 PHPGurukul News Portal forgot-password.php sql injection
E
CVE-2025-5371 SourceCodester Health Center Patient Record Management System admin.php sql injection
E
CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh
M
CVE-2025-5373 PHPGurukul Online Birth Certificate System users-applications.php sql injection
E
CVE-2025-5374 PHPGurukul Online Birth Certificate System all-applications.php sql injection
E
CVE-2025-5375 PHPGurukul HPGurukul Online Birth Certificate System registered-users.php sql injection
E
CVE-2025-5376 SourceCodester Health Center Patient Record Management System patient.php sql injection
E
CVE-2025-5377 Astun Technology iShare Maps historic1.asp cross site scripting
CVE-2025-5378 Astun Technology iShare Maps mycouncil2.aspx cross site scripting
CVE-2025-5379 NuCom NC-WR744G Console Application hard-coded credentials
CVE-2025-5380 ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 Image File Upload upload path traversal
E
CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal
E
CVE-2025-5382 Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a u...
CVE-2025-5383 Yifang CMS Article Management Module cross site scripting
E
CVE-2025-5384 JeeWMS cgAutoListController.do CgAutoListController sql injection
CVE-2025-5385 JeeWMS cgformTemplateController.do doAdd path traversal
CVE-2025-5386 JeeWMS cgformTransController.do transEditor sql injection
CVE-2025-5387 JeeWMS File generateController.do dogenerate access control
CVE-2025-5388 JeeWMS generateController.do dogenerate sql injection
CVE-2025-5389 JeeWMS File generateController.do dogenerateOne2Many access control
CVE-2025-5390 JeeWMS File filedeal.do filedeal access control
CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution
CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion
CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload
CVE-2025-5396 Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution
CVE-2025-5398 Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI
S
CVE-2025-5399 WebSocket endless loop
E
CVE-2025-5400 chaitak-gorai Blogbook GET Parameter user.php sql injection
E
CVE-2025-5401 chaitak-gorai Blogbook GET Parameter post.php sql injection
E
CVE-2025-5402 chaitak-gorai Blogbook GET Parameter edit_post.php sql injection
E
CVE-2025-5403 chaitak-gorai Blogbook GET Parameter view_all_posts.php sql injection
E
CVE-2025-5404 chaitak-gorai Blogbook GET Parameter search.php denial of service
E
CVE-2025-5405 chaitak-gorai Blogbook post.php cross site scripting
E
CVE-2025-5406 chaitak-gorai Blogbook posts.php unrestricted upload
E
CVE-2025-5407 chaitak-gorai Blogbook register_script.php cross site scripting
E
CVE-2025-5408 WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow
E
CVE-2025-5409 Mist Community Edition API Token views.py create_token access control
E S
CVE-2025-5410 Mist Community Edition middleware.py session_start_response cross-site request forgery
E S
CVE-2025-5411 Mist Community Edition views.py tag_resources cross site scripting
E S
CVE-2025-5412 Mist Community Edition Authentication Endpoint views.py login cross site scripting
E S
CVE-2025-5416 Keycloak-core: keycloak environment information
M
CVE-2025-5417 Rhdh: red hat developer hub user permissions
M
CVE-2025-5419 Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker...
KEV
CVE-2025-5420 juzaweb CMS Profile Page upload cross site scripting
E
CVE-2025-5421 juzaweb CMS Plugin Editor Page editor access control
E
CVE-2025-5422 juzaweb CMS Email Logs Page email access control
E
CVE-2025-5423 juzaweb CMS General Setting Page general access control
E
CVE-2025-5424 juzaweb CMS Media Page media access control
E
CVE-2025-5425 juzaweb CMS Theme Editor Page default access control
E
CVE-2025-5426 juzaweb CMS Menu Page menus access control
E
CVE-2025-5427 juzaweb CMS Permalinks Page permalinks access control
E
CVE-2025-5428 juzaweb CMS Error Logs Page log-viewer access control
E
CVE-2025-5429 juzaweb CMS Plugins Page install access control
E
CVE-2025-5430 AssamLook CMS product.php sql injection
E
CVE-2025-5431 AssamLook CMS department-profile.php sql injection
E
CVE-2025-5432 AssamLook CMS view_tender.php sql injection
E
CVE-2025-5433 Fengoffice Feng Office index.php sql injection
E
CVE-2025-5434 Aem Solutions CMS page.php sql injection
E
CVE-2025-5435 Marwal Infotech CMS page.php sql injection
E
CVE-2025-5436 Multilaser Sirius RE016 cstecgi.cgi information disclosure
E
CVE-2025-5437 Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication
E
CVE-2025-5438 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection
E
CVE-2025-5439 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection
E
CVE-2025-5440 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection
E
CVE-2025-5441 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 setDeviceURL os command injection
E
CVE-2025-5442 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection
E
CVE-2025-5443 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection
E
CVE-2025-5444 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection
E
CVE-2025-5445 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection
E
CVE-2025-5446 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection
E
CVE-2025-5447 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection
E
CVE-2025-5449 Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service
S
CVE-2025-5450 Improper access control in the certificate management component of Ivanti Connect Secure before vers...
CVE-2025-5451 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Sec...
CVE-2025-5455 Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
CVE-2025-5456 A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy S...
CVE-2025-5459 OS Command Injection
CVE-2025-5462 A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secur...
CVE-2025-5463 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 ...
CVE-2025-5464 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 ...
CVE-2025-5466 XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti...
CVE-2025-5468 Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivan...
CVE-2025-5472 Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index
E S
CVE-2025-5473 GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2025-5474 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability
CVE-2025-5475 Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
S
CVE-2025-5477 Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5478 Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5479 Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
S
CVE-2025-5480 Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVE-2025-5481 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-5482 Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber) Privilege Escalation
S
CVE-2025-5484 SinoTrack GPS Receiver Weak Authentication
M
CVE-2025-5485 SinoTrack GPS Receiver Weak Authentication
M
CVE-2025-5486 WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset
CVE-2025-5487 AutomatorWP <= 5.2.5 - Authenticated (Administrator+) SQL Injection via field_conditions
CVE-2025-5488 WP Masonry & Infinite Scroll <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-5490 Football Pool <= 2.12.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2025-5491 Acer ControlCenter - Remote Code Execution
S
CVE-2025-5492 D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection
CVE-2025-5493 Baison Channel Middleware Product ToJsonByControlName sql injection
E
CVE-2025-5495 Netgear WNR614 URL improper authentication
E
CVE-2025-5497 slackero phpwcms Feedimport processing.inc.php deserialization
E S
CVE-2025-5498 slackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserialization
E S
CVE-2025-5499 slackero phpwcms image_resized.php getimagesize deserialization
E S
CVE-2025-5501 Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion
E S
CVE-2025-5502 TOTOLINK X15 formMapReboot command injection
E
CVE-2025-5503 TOTOLINK X15 formMapReboot stack-based overflow
E
CVE-2025-5504 TOTOLINK X2000R formWsc command injection
E
CVE-2025-5505 TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting
E
CVE-2025-5506 TOTOLINK A3002RU NAT Mapping Page cross site scripting
E
CVE-2025-5507 TOTOLINK A3002RU MAC Filtering Page cross site scripting
E
CVE-2025-5508 TOTOLINK A3002RU IP Port Filtering Page cross site scripting
E
CVE-2025-5509 quequnlong shiyi-blog upload path traversal
E
CVE-2025-5510 quequnlong shiyi-blog optimize server-side request forgery
E
CVE-2025-5511 quequnlong shiyi-blog photos improper authorization
E
CVE-2025-5512 quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication
E
CVE-2025-5513 quequnlong shiyi-blog add cross site scripting
E
CVE-2025-5514 Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC iQ-F Series CPU module
CVE-2025-5515 TOTOLINK X2000R formMapDel command injection
E
CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting
E
CVE-2025-5520 Open5GS AMF/MME emm_state_authentication assertion
E S
CVE-2025-5521 WuKongOpenSource WukongCRM updataPassword cross-site request forgery
E
CVE-2025-5522 jack0240 魏 bskms 蓝天幼儿园管理系统 User Creation addUser improper authorization
E
CVE-2025-5523 enilu web-flash File Upload upload fileService.upload cross site scripting
E
CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag
CVE-2025-5525 Jrohy trojan linux.go LogChan os command injection
E
CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update
E
CVE-2025-5527 Tenda RX3 SetStaticRouteCfg save_staticroute_data stack-based overflow
E
CVE-2025-5528 Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
CVE-2025-5529 Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-5531 Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5532 Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5534 ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5535 e.nigma buttons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5536 Freemind Viewer <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5537 Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting
S
CVE-2025-5538 BNS Featured Category <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5539 Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-5540 Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5541 Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5542 TOTOLINK X2000R Virtual Server Page formPortFw cross site scripting
E
CVE-2025-5543 TOTOLINK X2000R Parent Controls Page cross site scripting
E
CVE-2025-5544 aaluoxiang oa_system UserpanelController.java image path traversal
E
CVE-2025-5545 aaluoxiang oa_system ProcedureController.java image path traversal
E
CVE-2025-5546 PHPGurukul Daily Expense Tracker System expense-reports-detailed.php sql injection
E
CVE-2025-5547 FreeFloat FTP Server CDUP Command buffer overflow
E
CVE-2025-5548 FreeFloat FTP Server NOOP Command buffer overflow
E
CVE-2025-5549 FreeFloat FTP Server PASV Command buffer overflow
E
CVE-2025-5550 FreeFloat FTP Server PBSZ Command buffer overflow
E
CVE-2025-5551 FreeFloat FTP Server SYSTEM Command buffer overflow
E
CVE-2025-5552 ChestnutCMS API Endpoint exec deserialization
E
CVE-2025-5553 PHPGurukul Rail Pass Management System download-pass.php sql injection
E
CVE-2025-5554 PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection
E
CVE-2025-5556 PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection
E
CVE-2025-5557 PHPGurukul Teacher Subject Allocation Management System edit-course.php sql injection
E
CVE-2025-5558 PHPGurukul Teacher Subject Allocation Management System changeimage.php sql injection
E
CVE-2025-5559 TimeZoneCalculator <= 3.37 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5560 PHPGurukul Curfew e-Pass Management System index.php sql injection
E
CVE-2025-5561 PHPGurukul Curfew e-Pass Management System view-pass-detail.php sql injection
E
CVE-2025-5562 PHPGurukul Curfew e-Pass Management System edit-category-detail.php sql injection
E
CVE-2025-5563 WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection
CVE-2025-5564 GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5565 Hide It <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5566 PHPGurukul Notice Board System search-notice.php sql injection
E
CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute
CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2025-5569 IdeaCMS getList.html Goods sql injection
S
CVE-2025-5570 AI Engine <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via `mwai_chatbot` Shortcode `id` Parameter
CVE-2025-5571 D-Link DCS-932L setSystemAdmin os command injection
E
CVE-2025-5572 D-Link DCS-932L setSystemEmail stack-based overflow
E
CVE-2025-5573 D-Link DCS-932L setSystemWizard setSystemControl os command injection
E
CVE-2025-5574 PHPGurukul Dairy Farm Shop Management System add-company.php sql injection
E
CVE-2025-5575 PHPGurukul Dairy Farm Shop Management System add-product.php sql injection
E
CVE-2025-5576 PHPGurukul Dairy Farm Shop Management System bwdate-report-details.php sql injection
E
CVE-2025-5577 PHPGurukul Dairy Farm Shop Management System profile.php sql injection
E
CVE-2025-5578 PHPGurukul Dairy Farm Shop Management System sales-report-details.php sql injection
E
CVE-2025-5579 PHPGurukul Dairy Farm Shop Management System search-product.php sql injection
E
CVE-2025-5580 CodeAstro Real Estate Management System login.php sql injection
E
CVE-2025-5581 CodeAstro Real Estate Management System index.php sql injection
E
CVE-2025-5582 CodeAstro Real Estate Management System profile.php sql injection
E
CVE-2025-5583 CodeAstro Real Estate Management System register.php sql injection
E
CVE-2025-5584 PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting
E
CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute
CVE-2025-5586 WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5587 Appzend <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
CVE-2025-5588 Image Editor by Pixo <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter
CVE-2025-5589 StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter
CVE-2025-5590 Owl carousel responsive <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter
CVE-2025-5592 FreeFloat FTP Server PASSIVE Command buffer overflow
E
CVE-2025-5593 FreeFloat FTP Server HOST Command buffer overflow
E
CVE-2025-5594 FreeFloat FTP Server SET Command buffer overflow
E
CVE-2025-5595 FreeFloat FTP Server PROGRESS Command buffer overflow
E
CVE-2025-5596 FreeFloat FTP Server REGET Command buffer overflow
E
CVE-2025-5597 WF Steuerungstechnik GmbH - airleader MASTER - Authentication Bypass
CVE-2025-5598 WF Steuerungstechnik GmbH - airleader MASTER - Path Traversal
CVE-2025-5599 PHPGurukul Student Result Management System editmyexp.php sql injection
E
CVE-2025-5600 TOTOLINK EX1200T cstecgi.cgi setLanguageCfg stack-based overflow
E
CVE-2025-5601 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
E S
CVE-2025-5602 Campcodes Hospital Management System registration.php sql injection
E
CVE-2025-5603 Campcodes Hospital Management System registration.php sql injection
E
CVE-2025-5604 Campcodes Hospital Management System user-login.php sql injection
E
CVE-2025-5606 Tenda AC18 SetIPTVCfg formSetIptv command injection
E
CVE-2025-5607 Tenda AC18 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5608 Tenda AC18 SetSysAutoRebbotCfg formsetreboottimer buffer overflow
E
CVE-2025-5609 Tenda AC18 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5610 CodeAstro Real Estate Management System submitpropertydelete.php sql injection
E
CVE-2025-5611 CodeAstro Real Estate Management System submitpropertyupdate.php sql injection
E S
CVE-2025-5612 PHPGurukul Online Fire Reporting System reporting.php sql injection
E
CVE-2025-5613 PHPGurukul Online Fire Reporting System request-details.php sql injection
E
CVE-2025-5614 PHPGurukul Online Fire Reporting System search-report-result.php sql injection
E
CVE-2025-5615 PHPGurukul Online Fire Reporting System details.php sql injection
E
CVE-2025-5616 PHPGurukul Online Fire Reporting System profile.php sql injection
E
CVE-2025-5617 PHPGurukul Online Fire Reporting System manage-teams.php sql injection
E
CVE-2025-5618 PHPGurukul Online Fire Reporting System edit-team.php sql injection
E
CVE-2025-5619 Tenda CH22 addUserName formaddUserName stack-based overflow
E
CVE-2025-5620 D-Link DIR-816 setipsec_config os command injection
E
CVE-2025-5621 D-Link DIR-816 qosClassifier os command injection
E
CVE-2025-5622 D-Link DIR-816 wirelessApcli_5g stack-based overflow
E
CVE-2025-5623 D-Link DIR-816 qosClassifier stack-based overflow
E
CVE-2025-5624 D-Link DIR-816 QoSPortSetup stack-based overflow
E
CVE-2025-5625 Campcodes Online Teacher Record Management System search-teacher.php sql injection
E
CVE-2025-5626 Campcodes Online Teacher Record Management System edit-subjects-detail.php sql injection
E
CVE-2025-5627 code-projects Patient Record Management System sputum_form.php sql injection
E
CVE-2025-5628 SourceCodester Food Menu Manager Add Menu index.php cross site scripting
E
CVE-2025-5629 Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow
E
CVE-2025-5630 D-Link DIR-816 form2lansetup.cgi stack-based overflow
E
CVE-2025-5631 code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection
E
CVE-2025-5632 code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
E
CVE-2025-5633 code-projects/anirbandutta9 Content Management System/News-Buzz users.php sql injection
E
CVE-2025-5634 PCMan FTP Server NOOP Command buffer overflow
E
CVE-2025-5635 PCMan FTP Server PLS Command buffer overflow
E
CVE-2025-5636 PCMan FTP Server SET Command buffer overflow
E
CVE-2025-5637 PCMan FTP Server SYSTEM Command buffer overflow
E
CVE-2025-5638 PHPGurukul Notice Board System admin-profile.php sql injection
E
CVE-2025-5639 PHPGurukul Notice Board System forgot-password.php sql injection
E
CVE-2025-5640 PX4-Autopilot TRAJECTORY_REPRESENTATION_WAYPOINTS Message mavlink_receiver.cpp stack-based overflow
E
CVE-2025-5641 Radare2 radiff2 cons.c r_cons_is_breaked memory corruption
E S
CVE-2025-5642 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
E S
CVE-2025-5643 Radare2 radiff2 cons.c cons_stack_load memory corruption
E S
CVE-2025-5644 Radare2 radiff2 cons.c r_cons_flush use after free
E S
CVE-2025-5645 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
E S
CVE-2025-5646 Radare2 radiff2 pal.c r_cons_rainbow_free memory corruption
E S
CVE-2025-5647 Radare2 radiff2 cons.c r_cons_context_break_pop memory corruption
E S
CVE-2025-5648 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
E S
CVE-2025-5649 SourceCodester Student Result Management System Register Interface new_user access control
E
CVE-2025-5650 1000projects Online Notice Board register.php sql injection
E
CVE-2025-5651 code-projects Traffic Offense Reporting System saveuser.php cross site scripting
E
CVE-2025-5652 PHPGurukul Complaint Management System between-date-complaintreport.php sql injection
E
CVE-2025-5653 PHPGurukul Complaint Management System between-date-userreport.php sql injection
E
CVE-2025-5654 PHPGurukul Complaint Management System edit-state.php sql injection
E
CVE-2025-5655 PHPGurukul Complaint Management System edit-subcategory.php sql injection
E
CVE-2025-5656 PHPGurukul Complaint Management System edit-category.php sql injection
E
CVE-2025-5657 PHPGurukul Complaint Management System manage-users.php sql injection
E
CVE-2025-5658 PHPGurukul Complaint Management System updatecomplaint.php sql injection
E
CVE-2025-5659 PHPGurukul Complaint Management System profile.php sql injection
E
CVE-2025-5660 PHPGurukul Complaint Management System register-complaint.php sql injection
E
CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting
E
CVE-2025-5663 PHPGurukul Auto Taxi Stand Management System search-autoortaxi.php sql injection
E
CVE-2025-5664 FreeFloat FTP Server RESTART Command buffer overflow
E
CVE-2025-5665 FreeFloat FTP Server XCWD Command buffer overflow
E
CVE-2025-5666 FreeFloat FTP Server XMKD Command buffer overflow
E
CVE-2025-5667 FreeFloat FTP Server REIN Command buffer overflow
E
CVE-2025-5668 PHPGurukul Medical Card Generation System readenq.php sql injection
E
CVE-2025-5669 PHPGurukul Medical Card Generation System unreadenq.php sql injection
E
CVE-2025-5670 PHPGurukul Medical Card Generation System manage-card.php sql injection
E
CVE-2025-5671 TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow
E
CVE-2025-5672 TOTOLINK N302R Plus HTTP POST Request formFilter buffer overflow
E
CVE-2025-5673 Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter
CVE-2025-5674 code-projects Patient Record Management System urinalysis_form.php sql injection
E
CVE-2025-5675 Campcodes Online Teacher Record Management System bwdates-reports-details.php sql injection
E
CVE-2025-5676 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-5677 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-5678 Kadence Blocks – Gutenberg Blocks for Page Builder Features <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via `redirectURL` Parameter
CVE-2025-5679 Shenzhen Dashi Tongzhou Information Technology AgileBPM SysToolsController.java parseStrByFreeMarker deserialization
E
CVE-2025-5680 Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script SysScriptController.java executeScript deserialization
E
CVE-2025-5681 IDOR in Turtek Software's Eyotek
CVE-2025-5682 Klaro Cookie & Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-080
CVE-2025-5683 When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. T...
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element
CVE-2025-5685 Tenda CH22 Natlimit formNatlimit stack-based overflow
E
CVE-2025-5686 Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5687 A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *Thi...
CVE-2025-5688 Out of Bounds Write in FreeRTOS-Plus-TCP
CVE-2025-5689 Improper Permission Management in SSH Session Handling
S
CVE-2025-5690 Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data
M
CVE-2025-5692 Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions
S
CVE-2025-5693 PHPGurukul Human Metapneumovirus Testing Management System bwdates-report-result.php sql injection
E
CVE-2025-5694 PHPGurukul Human Metapneumovirus Testing Management System search-report-result.php sql injection
E
CVE-2025-5695 FLIR AX8 Backend subscriptions.php subscribe_to_alarm command injection
E S
CVE-2025-5696 Brilliance Golden Link Secondary System rentChangeCheckInfoPage.htm sql injection
E
CVE-2025-5697 Brilliance Golden Link Secondary System tcCustDeferPosiQuery.htm sql injection
E
CVE-2025-5698 Brilliance Golden Link Secondary System logSelect.htm sql injection
E
CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS
CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5701 HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update
CVE-2025-5702 The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and ...
M
CVE-2025-5703 StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter
CVE-2025-5704 code-projects Real Estate Property Management System User.php sql injection
E
CVE-2025-5705 code-projects Real Estate Property Management System Property.php sql injection
E
CVE-2025-5706 PHPGurukul Human Metapneumovirus Testing Management System new-user-testing.php sql injection
E
CVE-2025-5707 PHPGurukul Human Metapneumovirus Testing Management System registered-user-testing.php sql injection
E
CVE-2025-5708 code-projects Real Estate Property Management System NewsReport.php sql injection
E
CVE-2025-5709 code-projects Real Estate Property Management System InsertCategory.php sql injection
E
CVE-2025-5710 code-projects Real Estate Property Management System InsertState.php sql injection
E
CVE-2025-5711 code-projects Real Estate Property Management System InsertCity.php sql injection
E
CVE-2025-5712 SourceCodester Open Source Clinic Management System appointment.php sql injection
E
CVE-2025-5713 SoluçõesCoop iSoluçõesWEB Flow fluxos-dashboard cross site scripting
E
CVE-2025-5714 SoluçõesCoop iSoluçõesWEB Profile Information Update up.upload.php path traversal
E
CVE-2025-5715 Signal App Biometric Authentication missing critical step in authentication
E
CVE-2025-5716 SourceCodester Open Source Clinic Management System login.php sql injection
E
CVE-2025-5719 The wallet has an authentication bypass vulnerability that allows access to specific pages....
CVE-2025-5720 Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter
CVE-2025-5721 SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting
E
CVE-2025-5722 SourceCodester Student Result Management System Add Academic Term terms cross site scripting
E
CVE-2025-5723 SourceCodester Student Result Management System Classes Page classes cross site scripting
E
CVE-2025-5724 SourceCodester Student Result Management System Subjects Page subjects cross site scripting
E
CVE-2025-5725 SourceCodester Student Result Management System Grading System Page grading-system cross site scripting
E
CVE-2025-5726 SourceCodester Student Result Management System Division System Page division-system cross site scripting
E
CVE-2025-5727 SourceCodester Student Result Management System Announcement Page announcement cross site scripting
E
CVE-2025-5728 SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload
E
CVE-2025-5729 code-projects Health Center Patient Record Management System birthing_record.php sql injection
E
CVE-2025-5730 Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS
E
CVE-2025-5731 Infinispan: credential leakage in infinispan cli
M
CVE-2025-5732 code-projects Traffic Offense Reporting System cross-site request forgery
E
CVE-2025-5733 Modern Events Calendar <= 7.21.9 - Information Exposure
CVE-2025-5734 TOTOLINK X15 HTTP POST Request formWlanRedirect buffer overflow
E
CVE-2025-5735 TOTOLINK X15 HTTP POST Request formSetLg buffer overflow
E
CVE-2025-5736 TOTOLINK X15 HTTP POST Request formNtp buffer overflow
E
CVE-2025-5737 TOTOLINK X15 HTTP POST Request formDosCfg buffer overflow
E
CVE-2025-5738 TOTOLINK X15 HTTP POST Request formStats buffer overflow
E
CVE-2025-5739 TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow
E
CVE-2025-5740 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
CVE-2025-5741 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
CVE-2025-5742 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnera...
CVE-2025-5743 CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
CVE-2025-5745 The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and...
M
CVE-2025-5746 Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload
CVE-2025-5747 WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability
CVE-2025-5748 WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2025-5749 WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability
CVE-2025-5750 WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5751 WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability
CVE-2025-5752 Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
CVE-2025-5753 Valuation Calculator <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter
CVE-2025-5754 Useful Tab Block – Responsive & AMP-Compatible <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-5755 SourceCodester Open Source Clinic Management System email_config.php sql injection
E
CVE-2025-5756 code-projects Real Estate Property Management System EditCity.php sql injection
E
CVE-2025-5757 code-projects Traffic Offense Reporting System save-reported.php cross site scripting
E
CVE-2025-5758 SourceCodester Open Source Clinic Management System doctor.php sql injection
E
CVE-2025-5759 PHPGurukul Local Services Search Engine Management System edit-person-detail.php sql injection
E
CVE-2025-5760 Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode
CVE-2025-5761 PHPGurukul BP Monitoring Management System edit-family-member.php sql injection
E
CVE-2025-5762 code-projects Patient Record Management System view_hematology.php sql injection
E
CVE-2025-5763 Tenda CP3 apollo sub_F3C8C command injection
E
CVE-2025-5764 code-projects Laundry System insert_laundry.php cross site scripting
E
CVE-2025-5765 code-projects Laundry System edit_laundry.php cross site scripting
E
CVE-2025-5766 code-projects Laundry System cross-site request forgery
E
CVE-2025-5767 Crowdfunding for WooCommerce <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
CVE-2025-5777 NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
KEV
CVE-2025-5778 1000 Projects ABC Courier Management System admin sql injection
E
CVE-2025-5779 code-projects Patient Record Management System birthing.php sql injection
E
CVE-2025-5780 code-projects Patient Record Management System view_dental.php sql injection
E
CVE-2025-5782 PHPGurukul Employee Record Management System resetpassword.php sql injection
E
CVE-2025-5783 PHPGurukul Employee Record Management System editmyexp.php sql injection
E
CVE-2025-5784 PHPGurukul Employee Record Management System myexp.php sql injection
E
CVE-2025-5785 TOTOLINK X15 HTTP POST Request formWirelessTbl buffer overflow
E
CVE-2025-5786 TOTOLINK X15 HTTP POST Request formDMZ buffer overflow
E
CVE-2025-5787 TOTOLINK X15 HTTP POST Request formWsc buffer overflow
E
CVE-2025-5788 TOTOLINK X15 HTTP POST Request formReflashClientTbl buffer overflow
E
CVE-2025-5789 TOTOLINK X15 HTTP POST Request formPortFw buffer overflow
E
CVE-2025-5790 TOTOLINK X15 HTTP POST Request formIpQoS buffer overflow
E
CVE-2025-5791 Users: `root` appended to group listings
CVE-2025-5792 TOTOLINK EX1200T HTTP POST Request formWlanRedirect buffer overflow
E
CVE-2025-5793 TOTOLINK EX1200T HTTP POST Request formPortFw buffer overflow
E
CVE-2025-5794 Tenda AC5 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5795 Tenda AC5 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5796 code-projects Laundry System edit_type.php cross site scripting
E
CVE-2025-5797 code-projects Laundry System insert_type.php cross site scripting
E
CVE-2025-5798 Tenda AC8 SetSysTimeCfg fromSetSysTime stack-based overflow
E
CVE-2025-5799 Tenda AC8 WifiExtraSet fromSetWirelessRepeat stack-based overflow
E
CVE-2025-5800 Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter
CVE-2025-5806 Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Con...
CVE-2025-5807 Gwolle Guestbook <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter
CVE-2025-5808 Authentication Bypass vulnerability discovered in the OpenText™ Self-Service Password Reset
CVE-2025-5811 Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion
CVE-2025-5812 VG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
CVE-2025-5813 Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation
CVE-2025-5814 Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration
CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update
CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details
CVE-2025-5817 Amazon Products to WooCommerce <= 1.2.7 - Unauthenticated Server-Side Request Forgery
CVE-2025-5818 Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.4 - Authenticated (Admin+) Server-Side Request Forgery
CVE-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab
E S
CVE-2025-5820 Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability
S
CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login
CVE-2025-5822 Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability
CVE-2025-5823 Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability
CVE-2025-5824 Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability
CVE-2025-5825 Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability
CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability
CVE-2025-5827 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5828 Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5829 Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5830 Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5831 Droip <= 2.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-5832 Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability
CVE-2025-5833 Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability
CVE-2025-5834 Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
CVE-2025-5835 Droip <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Many Actions
CVE-2025-5836 Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection
E
CVE-2025-5837 PHPGurukul Employee Record Management System allemployees.php sql injection
E
CVE-2025-5838 PHPGurukul Employee Record Management System adminprofile.php sql injection
E
CVE-2025-5839 Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5840 SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload
E
CVE-2025-5841 ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
CVE-2025-5842 Modern Design Library <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
S
CVE-2025-5843 Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
CVE-2025-5844 Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter
CVE-2025-5845 Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter
CVE-2025-5846 Missing Authorization in GitLab
S
CVE-2025-5847 Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
E
CVE-2025-5848 Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5849 Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
E
CVE-2025-5850 Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow
E
CVE-2025-5851 Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5852 Tenda AC6 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5853 Tenda AC6 SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
E
CVE-2025-5854 Tenda AC6 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5855 Tenda AC6 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2025-5856 PHPGurukul BP Monitoring Management System registration.php sql injection
E
CVE-2025-5857 code-projects Patient Record Management System urinalysis_record.php sql injection
E
CVE-2025-5858 PHPGurukul Nipah Virus Testing Management System patient-report.php sql injection
E
CVE-2025-5859 PHPGurukul Nipah Virus Testing Management System test-details.php sql injection
E
CVE-2025-5860 PHPGurukul Maid Hiring Management System search-booking-request.php sql injection
E
CVE-2025-5861 Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow
E
CVE-2025-5862 Tenda AC7 setPptpUserList formSetPPTPUserList buffer overflow
E
CVE-2025-5863 Tenda AC5 SetRebootTimer formSetRebootTimer stack-based overflow
E
CVE-2025-5864 Tenda TDSEE App Password Reset Confirmation Code ConfirmSmsCode excessive authentication
E
CVE-2025-5865 RT-Thread Parameter lwp_syscall.c sys_select memory corruption
E
CVE-2025-5866 RT-Thread lwp_syscall.c sys_sigprocmask array index
E
CVE-2025-5867 RT-Thread lwp_syscall.c csys_sendto null pointer dereference
E
CVE-2025-5868 RT-Thread lwp_syscall.c sys_thread_sigprocmask array index
E
CVE-2025-5869 RT-Thread lwp_syscall.c sys_recvfrom memory corruption
E
CVE-2025-5870 TRENDnet TV-IP121W Web Interface setup.cgi improper authentication
E
CVE-2025-5871 Papendorf SOL Connect Center Web Interface missing authentication
E
CVE-2025-5872 eGauge EG3000 Energy Monitor Setting missing authentication
E
CVE-2025-5873 eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload
E
CVE-2025-5874 Redash getattr python.py run_query sandbox
E
CVE-2025-5875 TP-LINK Technologies TL-IPC544EP-W4 main sub_69064 buffer overflow
E
CVE-2025-5876 Lucky LM-520-SC/LM-520-FSC/LM-520-FSC-SAM missing authentication
E
CVE-2025-5877 Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
E
CVE-2025-5878 ESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special element
S
CVE-2025-5879 WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting
E
CVE-2025-5880 Whistle get-temp-file path traversal
CVE-2025-5881 code-projects Chat System confirm_password.php sql injection
E
CVE-2025-5884 Konica Minolta bizhub Display MFP Information List cross site scripting
E
CVE-2025-5885 Konica Minolta bizhub cross-site request forgery
E
CVE-2025-5886 Emlog article.php cross site scripting
E
CVE-2025-5887 jsnjfz WebStack-Guns File Upload UserMgrController.java cross site scripting
E
CVE-2025-5888 jsnjfz WebStack-Guns cross-site request forgery
E
CVE-2025-5889 juliangruber brace-expansion index.js expand redos
E S
CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos
CVE-2025-5891 Unitech pm2 Config.js redos
E S
CVE-2025-5892 RocketChat parseMessage.js parseMessage redos
E S
CVE-2025-5893 Honding Technology Smart Parking Management System - Exposure of Sensitive Information
S
CVE-2025-5894 Honding Technology Smart Parking Management System - Missing Authorization
S
CVE-2025-5895 Metabase dom.js parseDataUri redos
E S
CVE-2025-5896 tarojs taro index.js redos
E S
CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
E S
CVE-2025-5898 GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write
E
CVE-2025-5899 GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
E
CVE-2025-5900 Tenda AC9 cross-site request forgery
E
CVE-2025-5901 TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow
E
CVE-2025-5902 TOTOLINK T10 POST Request cstecgi.cgi setUpgradeFW buffer overflow
E S
CVE-2025-5903 TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow
E
CVE-2025-5904 TOTOLINK T10 POST Request cstecgi.cgi setWiFiMeshName buffer overflow
E
CVE-2025-5905 TOTOLINK T10 POST Request cstecgi.cgi setWiFiRepeaterCfg buffer overflow
E
CVE-2025-5906 code-projects Laundry System data missing authentication
E
CVE-2025-5907 TOTOLINK EX1200T HTTP POST Request formFilter buffer overflow
E
CVE-2025-5908 TOTOLINK EX1200T HTTP POST Request formIpQoS buffer overflow
E
CVE-2025-5909 TOTOLINK EX1200T HTTP POST Request formReflashClientTbl buffer overflow
E
CVE-2025-5910 TOTOLINK EX1200T HTTP POST Request formWsc buffer overflow
E
CVE-2025-5911 TOTOLINK EX1200T HTTP POST Request formDMZ buffer overflow
E
CVE-2025-5912 D-Link DIR-632 HTTP POST Request do_file stack-based overflow
E
CVE-2025-5913 PHPGurukul Vehicle Record Management System search-vehicle.php sql injection
E
CVE-2025-5914 Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
E S
CVE-2025-5915 Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c
S
CVE-2025-5916 Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c
S
CVE-2025-5917 Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
S
CVE-2025-5918 Libarchive: reading past eof may be triggered for piped file streams
S
CVE-2025-5920 Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access
E
CVE-2025-5921 SureForms < 1.7.2 - Reflected XSS
E
CVE-2025-5922 Retrievable password hash protecting TSplus admin console
CVE-2025-5923 Game Review Block <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
CVE-2025-5924 WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification
CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update
CVE-2025-5926 Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-5927 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion
CVE-2025-5928 WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update
CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter
CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update
CVE-2025-5931 Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation
CVE-2025-5932 Homerunner <= 1.0.29 - Cross-Site Request Forgery to Settings Update
CVE-2025-5933 RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update
CVE-2025-5934 Netgear EX3700 mtd sub_41619C stack-based overflow
E
CVE-2025-5935 Open5GS AMF/MME emm-sm.c common_register_state denial of service
E S
CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync
CVE-2025-5937 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset
S
CVE-2025-5938 Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import
CVE-2025-5939 Telegram for WP <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2025-5940 Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter
CVE-2025-5941 Out-of-Bounds Read Vulnerability in Netskope Client
S
CVE-2025-5942 Heap Overflow in Netskope Endpoint DLP Driver
S
CVE-2025-5943 MicroDicom DICOM Viewer Out-of-bounds Write
S
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute
E S
CVE-2025-5945 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5947 Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
CVE-2025-5950 IndieBlocks <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter
CVE-2025-5951 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-5952 Zend.To NSSDropoff.php exec os command injection
E
CVE-2025-5953 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX Action
CVE-2025-5954 Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation
CVE-2025-5956 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function
CVE-2025-5957 Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Ticket Deletion
CVE-2025-5958 Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potent...
CVE-2025-5959 Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute a...
CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload
E S
CVE-2025-5963 TCC Bypass via Dylib Injection in Postbox
CVE-2025-5964 Path traversal in M-Files API
S
CVE-2025-5966 Stored XSS
CVE-2025-5967 A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbit...
CVE-2025-5969 D-Link DIR-632 HTTP POST Request biurl_grou FUN_00425fd8 stack-based overflow
E
CVE-2025-5970 PHPGurukul Restaurant Table Booking System add-subadmin.php cross site scripting
E
CVE-2025-5971 code-projects School Fees Payment System ajx.php sql injection
E
CVE-2025-5972 PHPGurukul Restaurant Table Booking System manage-subadmins.php cross site scripting
E
CVE-2025-5973 PHPGurukul Restaurant Table Booking System add-table.php cross site scripting
E
CVE-2025-5974 PHPGurukul Restaurant Table Booking System check-status.php cross site scripting
E
CVE-2025-5975 PHPGurukul Rail Pass Management System download-pass.php cross site scripting
E
CVE-2025-5976 PHPGurukul Rail Pass Management System add-pass.php cross site scripting
E
CVE-2025-5977 code-projects School Fees Payment System datatable.php sql injection
E
CVE-2025-5978 Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow
E
CVE-2025-5979 code-projects School Fees Payment System branch.php sql injection
E
CVE-2025-5980 code-projects Restaurant Order System order.php sql injection
E
CVE-2025-5981 Arbitrary File write in OSV-SCALIBR
S
CVE-2025-5982 Insufficient Granularity of Access Control in GitLab
S
CVE-2025-5984 SourceCodester Online Student Clearance System add-fee.php cross site scripting
CVE-2025-5985 code-projects School Fees Payment System improper authentication
E
CVE-2025-5986 A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf fi...
CVE-2025-5987 Libssh: invalid return code for chacha20 poly1305 with openssl backend
CVE-2025-5988 Aap-gateway: csrf origin checking is disabled
M
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
E S
CVE-2025-5991 Use after free in QHttp2ProtocolHandler
CVE-2025-5992 Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack
S
CVE-2025-5995 Canon EOS Webcam Utility Pro for MAC OS contains an insecure permission issue potentially leading to code execution and privilege escalation
M
CVE-2025-5996 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2025-5997 Privilege Escalation in Beamsec PhishPro
CVE-2025-5998 PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API
E
CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.