| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-51040 | Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /F... | | |
| CVE-2025-51044 | phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in... | E | |
| CVE-2025-51045 | Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/pas... | E | |
| CVE-2025-51052 | A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read a... | | |
| CVE-2025-51053 | A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote... | | |
| CVE-2025-51054 | Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtai... | | |
| CVE-2025-51055 | Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Ve... | | |
| CVE-2025-51056 | An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated ... | E | |
| CVE-2025-51057 | A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated... | E | |
| CVE-2025-51058 | Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in th... | E | |
| CVE-2025-51060 | An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unva... | | |
| CVE-2025-51082 | Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set.... | E | |
| CVE-2025-51085 | Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The man... | E | |
| CVE-2025-51087 | Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo.... | E | |
| CVE-2025-51088 | Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The mani... | E | |
| CVE-2025-51089 | Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.Th... | E | |
| CVE-2025-51092 | The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe constructio... | | |
| CVE-2025-51281 | D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in th... | | |
| CVE-2025-51306 | In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to c... | | |
| CVE-2025-51308 | In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admi... | | |
| CVE-2025-51381 | An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability... | | |
| CVE-2025-51383 | D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the ho... | E | |
| CVE-2025-51384 | D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the rem... | E | |
| CVE-2025-51385 | D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id... | E | |
| CVE-2025-51387 | The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electr... | | |
| CVE-2025-51390 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2025-51396 | A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to exec... | E S | |
| CVE-2025-51397 | A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4... | E S | |
| CVE-2025-51398 | A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper C... | E S | |
| CVE-2025-51400 | A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Cha... | E S | |
| CVE-2025-51401 | A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat ... | E S | |
| CVE-2025-51403 | A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of ... | E S | |
| CVE-2025-51411 | A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 vi... | E | |
| CVE-2025-51451 | In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific reques... | | |
| CVE-2025-51452 | In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specifi... | | |
| CVE-2025-51458 | SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to... | | |
| CVE-2025-51459 | File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0 allow... | | |
| CVE-2025-51462 | Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 ... | | |
| CVE-2025-51463 | Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary file... | | |
| CVE-2025-51464 | Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaS... | | |
| CVE-2025-51471 | Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attac... | | |
| CVE-2025-51472 | Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remot... | | |
| CVE-2025-51475 | Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperA... | | |
| CVE-2025-51479 | Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remo... | | |
| CVE-2025-51480 | Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows a... | | |
| CVE-2025-51481 | Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers wit... | | |
| CVE-2025-51482 | Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Let... | | |
| CVE-2025-51487 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to ... | E | |
| CVE-2025-51488 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing rem... | E | |
| CVE-2025-51489 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing rem... | E | |
| CVE-2025-51497 | An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logg... | | |
| CVE-2025-51501 | Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoi... | E | |
| CVE-2025-51502 | Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/pa... | E | |
| CVE-2025-51503 | A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject m... | | |
| CVE-2025-51504 | Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage end... | E | |
| CVE-2025-51506 | In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was disco... | | |
| CVE-2025-51510 | MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page ... | E | |
| CVE-2025-51529 | Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Secur... | | |
| CVE-2025-51531 | A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows atta... | | |
| CVE-2025-51532 | Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access... | | |
| CVE-2025-51533 | An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized at... | E | |
| CVE-2025-51534 | A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11... | E | |
| CVE-2025-51535 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vu... | | |
| CVE-2025-51536 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Admini... | | |
| CVE-2025-51539 | EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access co... | | |
| CVE-2025-51540 | EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashin... | | |
| CVE-2025-51541 | A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at... | E | |
| CVE-2025-51543 | An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's pass... | | |
| CVE-2025-51569 | A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router... | | |
| CVE-2025-51591 | A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and com... | | |
| CVE-2025-51605 | An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supp... | | |
| CVE-2025-51606 | hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allo... | | |
| CVE-2025-51624 | Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.... | | |
| CVE-2025-51627 | Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated a... | | |
| CVE-2025-51628 | Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Ecc... | E | |
| CVE-2025-51629 | A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.... | | |
| CVE-2025-51630 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort par... | E | |
| CVE-2025-51643 | Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessib... | | |
| CVE-2025-51650 | An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 ... | E | |
| CVE-2025-51651 | An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms ... | E | |
| CVE-2025-51652 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_... | E | |
| CVE-2025-51653 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_... | E | |
| CVE-2025-51654 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_... | E | |
| CVE-2025-51655 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_... | E | |
| CVE-2025-51656 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_L... | E | |
| CVE-2025-51657 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS... | E | |
| CVE-2025-51658 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_I... | E | |
| CVE-2025-51659 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_P... | E | |
| CVE-2025-51660 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS... | E | |
| CVE-2025-51667 | An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface ... | | |
| CVE-2025-51671 | A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3... | E | |
| CVE-2025-51672 | A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Mana... | E | |
| CVE-2025-51691 | Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dc... | | |
| CVE-2025-51726 | CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA... | | |
| CVE-2025-51818 | MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an at... | | |
| CVE-2025-51823 | libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling ... | S | |
| CVE-2025-51824 | libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr... | S | |
| CVE-2025-51825 | JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the... | | |
| CVE-2025-51857 | The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is... | | |
| CVE-2025-51858 | Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows attack... | | |
| CVE-2025-51859 | Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat compo... | | |
| CVE-2025-51860 | Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and char... | | |
| CVE-2025-51862 | Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in it... | | |
| CVE-2025-51863 | Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26 allo... | | |
| CVE-2025-51864 | A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn) thr... | | |
| CVE-2025-51865 | Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Ins... | | |
| CVE-2025-51867 | Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3... | | |
| CVE-2025-51868 | Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers t... | | |
| CVE-2025-51869 | Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to g... | | |
| CVE-2025-51951 | andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.... | E | |
| CVE-2025-51954 | playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerabilit... | E | |
| CVE-2025-51965 | OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete ... | | |
| CVE-2025-51967 | A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndP... | | |
| CVE-2025-51968 | A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System... | | |
| CVE-2025-51969 | A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping Syste... | | |
| CVE-2025-51970 | A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping Sy... | E | |
| CVE-2025-51971 | A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online... | | |
| CVE-2025-51972 | A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advan... | | |
| CVE-2025-51986 | An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 al... | | |
| CVE-2025-51989 | HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster mod... | | |
| CVE-2025-51990 | XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabiliti... | | |
| CVE-2025-51991 | XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administr... | |