| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-50008 | WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability | | |
| CVE-2025-50009 | WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability | | |
| CVE-2025-50010 | WordPress Zapier for WordPress plugin <= 1.5.2 - Broken Access Control Vulnerability | | |
| CVE-2025-50011 | WordPress plugin Recipes manager - WPH <=1.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50012 | WordPress Inventory Presser plugin <= 15.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50013 | WordPress CSV Importer Improved plugin <= 0.6.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50014 | WordPress PDPA Consent for Thailand plugin <= 1.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50015 | WordPress Hand Talk plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50016 | WordPress IP Based Login plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50017 | WordPress WP Voting Contest plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50018 | WordPress Tealium plugin <= 2.1.17 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50019 | WordPress Simple Sticky Footer plugin <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50020 | WordPress RDFa Breadcrumb plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50021 | WordPress Better Random Redirect plugin <= 1.3.20 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50022 | WordPress WP-FB-AutoConnect plugin <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50023 | WordPress CodePen Embed Block plugin <= 1.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50024 | WordPress ATP Call Now plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50025 | WordPress CP Polls plugin <= 1.0.81 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50026 | WordPress Spoki plugin <= 2.16.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50027 | WordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50028 | WordPress Ultimate Push Notifications plugin <= 1.1.9 - Broken Access Control Vulnerability | | |
| CVE-2025-50029 | WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability | | |
| CVE-2025-50030 | WordPress Spark Multipurpose theme <= 1.0.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50031 | WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability | | |
| CVE-2025-50032 | WordPress Paytiko for WooCommerce <= 1.3.14 - Broken Access Control Vulnerability | | |
| CVE-2025-50033 | WordPress Fitness Park theme <= 1.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50034 | WordPress Enhanced Blocks – Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Control Vulnerability | | |
| CVE-2025-50035 | WordPress Fyrebox Quizzes plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50036 | WordPress Mailing Group Listserv plugin <= 3.0.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-50037 | WordPress Buying Buddy IDX CRM plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50038 | WordPress Anant Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50039 | WordPress VG WORT METIS <= 2.0.0 - Broken Access Control Vulnerability | | |
| CVE-2025-50040 | WordPress CF7 Spreadsheets Plugin <= 2.3.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50041 | WordPress Gutenberg Blocks – ACF Blocks Suite plugin <= 2.6.11 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50042 | WordPress WP Register Profile With Shortcode plugin <= 3.6.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50043 | WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50044 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-50045 | WordPress Related Products Manager for WooCommerce plugin <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50046 | WordPress WPComplete plugin <= 2.9.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50047 | WordPress Sitekit plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-50048 | WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50049 | WordPress Modern Footnotes plugin <= 1.4.19 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50050 | WordPress Jobs for WordPress plugin <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50051 | WordPress WP-Members plugin <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-50052 | WordPress Flexo Counter plugin <= 1.0001 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-50054 | Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allo... | | |
| CVE-2025-50056 | Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla | | |
| CVE-2025-50057 | Extension - rsjoomla.com - DOS vulnerability RSFiles! component 1.16.3-1.17.7 for Joomla | | |
| CVE-2025-50058 | Extension - rsjoomla.com - Stored XSS vulnerability in RSDirectory! component 1.16.3-1.17.7 for Joomla | | |
| CVE-2025-50059 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... | | |
| CVE-2025-50060 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Suppo... | S | |
| CVE-2025-50061 | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc... | S | |
| CVE-2025-50062 | Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (com... | S | |
| CVE-2025-50063 | Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Or... | | |
| CVE-2025-50064 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ... | S | |
| CVE-2025-50065 | Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). T... | | |
| CVE-2025-50066 | Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Support... | S | |
| CVE-2025-50067 | Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported v... | S | |
| CVE-2025-50068 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported... | S | |
| CVE-2025-50069 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec... | | |
| CVE-2025-50070 | Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected... | S | |
| CVE-2025-50071 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: We... | S | |
| CVE-2025-50072 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ... | S | |
| CVE-2025-50073 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont... | S | |
| CVE-2025-50076 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi... | | |
| CVE-2025-50077 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... | | |
| CVE-2025-50078 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi... | | |
| CVE-2025-50079 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50080 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Su... | | |
| CVE-2025-50081 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported... | | |
| CVE-2025-50082 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50083 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50084 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50085 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... | | |
| CVE-2025-50086 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). ... | | |
| CVE-2025-50087 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50088 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... | | |
| CVE-2025-50089 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50090 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe... | | |
| CVE-2025-50091 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50092 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... | | |
| CVE-2025-50093 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi... | | |
| CVE-2025-50094 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi... | | |
| CVE-2025-50095 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50096 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... | | |
| CVE-2025-50097 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).... | | |
| CVE-2025-50098 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50099 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... | | |
| CVE-2025-50100 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supp... | | |
| CVE-2025-50101 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50102 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | | |
| CVE-2025-50103 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). ... | | |
| CVE-2025-50104 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi... | | |
| CVE-2025-50105 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work... | S | |
| CVE-2025-50106 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ... | | |
| CVE-2025-50107 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Requ... | S | |
| CVE-2025-50108 | Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Work... | S | |
| CVE-2025-50109 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory | S | |
| CVE-2025-50121 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... | | |
| CVE-2025-50122 | A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when t... | | |
| CVE-2025-50123 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... | | |
| CVE-2025-50124 | A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escala... | | |
| CVE-2025-50125 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticat... | | |
| CVE-2025-50126 | Extension - rsjoomla.com - Stored XSS vulnerability RSBlog! component 1.11.6-1.14.5 for Joomla | | |
| CVE-2025-50127 | Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla | | |
| CVE-2025-50128 | A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functio... | E | |
| CVE-2025-50129 | A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image D... | | |
| CVE-2025-50130 | A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provid... | | |
| CVE-2025-50142 | Rejected reason: Not used... | R | |
| CVE-2025-50143 | Rejected reason: Not used... | R | |
| CVE-2025-50144 | Rejected reason: Not used... | R | |
| CVE-2025-50145 | Rejected reason: Not used... | R | |
| CVE-2025-50146 | Rejected reason: Not used... | R | |
| CVE-2025-50147 | Rejected reason: Not used... | R | |
| CVE-2025-50148 | Rejected reason: Not used... | R | |
| CVE-2025-50149 | Rejected reason: Not used... | R | |
| CVE-2025-50150 | Rejected reason: Not used... | R | |
| CVE-2025-50151 | Apache Jena: Configuration files uploaded by administrative users are not check properly | | |
| CVE-2025-50153 | Desktop Windows Manager Elevation of Privilege Vulnerability | | |
| CVE-2025-50154 | Microsoft Windows File Explorer Spoofing Vulnerability | | |
| CVE-2025-50155 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | | |
| CVE-2025-50156 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-50157 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-50158 | Windows NTFS Information Disclosure Vulnerability | | |
| CVE-2025-50159 | Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability | | |
| CVE-2025-50160 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-50161 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-50162 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-50163 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-50164 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-50165 | Windows Graphics Component Remote Code Execution Vulnerability | | |
| CVE-2025-50166 | Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability | | |
| CVE-2025-50167 | Windows Hyper-V Elevation of Privilege Vulnerability | | |
| CVE-2025-50168 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-50169 | Windows SMB Remote Code Execution Vulnerability | | |
| CVE-2025-50170 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability | | |
| CVE-2025-50172 | DirectX Graphics Kernel Denial of Service Vulnerability | | |
| CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability | | |
| CVE-2025-50176 | DirectX Graphics Kernel Remote Code Execution Vulnerability | | |
| CVE-2025-50177 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2025-50178 | GitForge.jl lacks validation for user provided fields | | |
| CVE-2025-50179 | Tuleap missing CSRF protection on tracker reports manipulation | S | |
| CVE-2025-50181 | urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation | | |
| CVE-2025-50182 | urllib3 does not control redirects in browsers and Node.js | | |
| CVE-2025-50183 | OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer | | |
| CVE-2025-50184 | DbGate allows for File Traversal via file parameter | | |
| CVE-2025-50185 | DbGate allows Unauthorized File Access via CSV Plugin | E | |
| CVE-2025-50200 | RabbitMQ Node can log Basic Auth header from an HTTP request | E | |
| CVE-2025-50201 | WeGIA OS Command Injection in debug_info.php parameter 'branch' | E S | |
| CVE-2025-50202 | Lychee Path Traversal Vulnerability | | |
| CVE-2025-50213 | Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator | S | |
| CVE-2025-50233 | A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the se... | | |
| CVE-2025-50234 | MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api... | E | |
| CVE-2025-50240 | nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter ... | | |
| CVE-2025-50251 | Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery... | | |
| CVE-2025-50258 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the ... | E | |
| CVE-2025-50260 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via... | E | |
| CVE-2025-50262 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the... | E | |
| CVE-2025-50263 | Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via... | E | |
| CVE-2025-50270 | A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3... | | |
| CVE-2025-50286 | A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upl... | | |
| CVE-2025-50340 | An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, ... | | |
| CVE-2025-50341 | A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter... | | |
| CVE-2025-50348 | PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-... | E | |
| CVE-2025-50349 | PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-... | E | |
| CVE-2025-50350 | PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-... | E | |
| CVE-2025-50367 | A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generatio... | | |
| CVE-2025-50369 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/adm... | | |
| CVE-2025-50370 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mc... | | |
| CVE-2025-50383 | alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via ... | | |
| CVE-2025-50404 | Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent func... | E | |
| CVE-2025-50405 | Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the Firmware... | E | |
| CVE-2025-50420 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an inf... | | |
| CVE-2025-50422 | Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion ... | | |
| CVE-2025-50428 | In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/... | E | |
| CVE-2025-50434 | A security issue has been identified in Appian Enterprise Business Process Management version 25.3. ... | | |
| CVE-2025-50454 | An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthori... | | |
| CVE-2025-50460 | A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsa... | E | |
| CVE-2025-50461 | A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model... | | |
| CVE-2025-50464 | A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. ... | E | |
| CVE-2025-50465 | OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da... | | |
| CVE-2025-50466 | OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da... | E | |
| CVE-2025-50467 | OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da... | | |
| CVE-2025-50468 | OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da... | E | |
| CVE-2025-50472 | The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deseria... | | |
| CVE-2025-50475 | An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowi... | | |
| CVE-2025-50477 | A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-cont... | | |
| CVE-2025-50481 | A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1... | E | |
| CVE-2025-50484 | Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0... | E | |
| CVE-2025-50485 | Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course ... | E | |
| CVE-2025-50486 | Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rent... | E | |
| CVE-2025-50487 | Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank &... | E | |
| CVE-2025-50488 | Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Lib... | E | |
| CVE-2025-50489 | Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Resul... | E | |
| CVE-2025-50490 | Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Re... | E | |
| CVE-2025-50491 | Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker... | | |
| CVE-2025-50492 | Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Manag... | | |
| CVE-2025-50493 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appo... | | |
| CVE-2025-50494 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing... | E | |
| CVE-2025-50503 | A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an atta... | | |
| CVE-2025-50515 | An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attacke... | | |
| CVE-2025-50518 | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the l... | E | |
| CVE-2025-50528 | A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05... | E | |
| CVE-2025-50567 | Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, wh... | | |
| CVE-2025-50572 | An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execu... | | |
| CVE-2025-50578 | LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP he... | E | |
| CVE-2025-50579 | A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensiti... | | |
| CVE-2025-50581 | MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ... | E | |
| CVE-2025-50582 | StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add ... | E | |
| CVE-2025-50583 | StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add ... | E | |
| CVE-2025-50584 | StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add ... | E | |
| CVE-2025-50585 | StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/... | E | |
| CVE-2025-50586 | StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).... | | |
| CVE-2025-50592 | Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/d... | | |
| CVE-2025-50594 | An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.... | | |
| CVE-2025-50608 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 f... | E | |
| CVE-2025-50609 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465... | E | |
| CVE-2025-50610 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 f... | E | |
| CVE-2025-50611 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 f... | E | |
| CVE-2025-50612 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743... | E | |
| CVE-2025-50613 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c f... | E | |
| CVE-2025-50614 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004715... | E | |
| CVE-2025-50615 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 f... | E | |
| CVE-2025-50616 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 f... | E | |
| CVE-2025-50617 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 f... | E | |
| CVE-2025-50635 | A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerabilit... | E | |
| CVE-2025-50641 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via th... | E | |
| CVE-2025-50674 | An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/us... | | |
| CVE-2025-50675 | GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissio... | E | |
| CVE-2025-50688 | A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input saniti... | | |
| CVE-2025-50690 | A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.or... | | |
| CVE-2025-50691 | MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (includin... | | |
| CVE-2025-50692 | FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.... | E | |
| CVE-2025-50693 | PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference... | E | |
| CVE-2025-50695 | PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /a... | E | |
| CVE-2025-50699 | PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in od... | E | |
| CVE-2025-50706 | An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck fun... | E | |
| CVE-2025-50707 | An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php c... | E | |
| CVE-2025-50708 | An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information vi... | E | |
| CVE-2025-50722 | Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrar... | | |
| CVE-2025-50733 | NextChat contains a cross-site scripting (XSS) vulnerability in the HTMLPreview component of artifac... | E | |
| CVE-2025-50738 | The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbit... | E | |
| CVE-2025-50740 | AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. ... | E | |
| CVE-2025-50753 | Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default she... | | |
| CVE-2025-50754 | Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" f... | E | |
| CVE-2025-50756 | Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm f... | | |
| CVE-2025-50777 | The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) conta... | | |
| CVE-2025-50817 | A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the uninte... | | |
| CVE-2025-50819 | Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3... | | |
| CVE-2025-50847 | Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products ... | | |
| CVE-2025-50848 | A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary ... | | |
| CVE-2025-50849 | CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functional... | | |
| CVE-2025-50850 | An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential secu... | | |
| CVE-2025-50858 | Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (E... | | |
| CVE-2025-50859 | Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) ... | | |
| CVE-2025-50860 | SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows auth... | | |
| CVE-2025-50861 | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushD... | | |
| CVE-2025-50862 | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manif... | | |
| CVE-2025-50864 | An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Or... | | |
| CVE-2025-50866 | CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the ... | | |
| CVE-2025-50867 | A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-P... | | |
| CVE-2025-50868 | A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1... | | |
| CVE-2025-50869 | A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-o... | | |
| CVE-2025-50870 | Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.... | | |
| CVE-2025-50891 | Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie hijack... | | |
| CVE-2025-50897 | A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid ... | | |
| CVE-2025-50900 | An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.w... | | |
| CVE-2025-50901 | JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypas... | E | |
| CVE-2025-50902 | Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_apple... | | |
| CVE-2025-50904 | There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-... | | |
| CVE-2025-50926 | Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability v... | | |
| CVE-2025-50927 | A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.0... | | |
| CVE-2025-50928 | Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability v... | | |
| CVE-2025-50938 | Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php.... | | |
| CVE-2025-50946 | OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service... | | |
| CVE-2025-50952 | openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt... | | |
| CVE-2025-50971 | Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to ga... | | |
| CVE-2025-50972 | SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitra... | | |
| CVE-2025-50974 | The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sa... | | |
| CVE-2025-50975 | IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters su... | E | |
| CVE-2025-50976 | IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the... | | |
| CVE-2025-50977 | A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identifi... | E | |
| CVE-2025-50978 | In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository... | | |
| CVE-2025-50979 | NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/c... | | |
| CVE-2025-50983 | SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API end... | | |
| CVE-2025-50984 | diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection fl... | | |
| CVE-2025-50985 | diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS)... | | |
| CVE-2025-50986 | diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulner... | | |
| CVE-2025-50989 | OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface Edit... | |