| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-52035 | A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of... | | |
| CVE-2025-52036 | A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability ... | | |
| CVE-2025-52037 | A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability ... | | |
| CVE-2025-52046 | Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-52054 | An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware ... | | |
| CVE-2025-52078 | File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing ... | | |
| CVE-2025-52080 | In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD ... | E | |
| CVE-2025-52081 | In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD ... | E | |
| CVE-2025-52082 | In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service throug... | E | |
| CVE-2025-52085 | An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject ar... | | |
| CVE-2025-52089 | A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.5... | E | |
| CVE-2025-52094 | Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute... | | |
| CVE-2025-52095 | An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential... | | |
| CVE-2025-52101 | linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT aut... | | |
| CVE-2025-52122 | Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection ... | | |
| CVE-2025-52130 | File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php cont... | | |
| CVE-2025-52131 | The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color fie... | | |
| CVE-2025-52132 | The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.... | | |
| CVE-2025-52133 | The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.... | | |
| CVE-2025-52136 | In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web inter... | E | |
| CVE-2025-52162 | agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External E... | | |
| CVE-2025-52163 | A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum c... | | |
| CVE-2025-52164 | Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.... | | |
| CVE-2025-52166 | Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated a... | | |
| CVE-2025-52168 | Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v1... | | |
| CVE-2025-52169 | agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross... | E | |
| CVE-2025-52184 | Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileg... | | |
| CVE-2025-52187 | GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in m... | E | |
| CVE-2025-52194 | A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions ... | | |
| CVE-2025-52203 | A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. T... | E | |
| CVE-2025-52207 | PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PH... | | |
| CVE-2025-52217 | SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fi... | | |
| CVE-2025-52218 | SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Inje... | | |
| CVE-2025-52219 | SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerab... | | |
| CVE-2025-52237 | An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute... | | |
| CVE-2025-52239 | An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code vi... | E | |
| CVE-2025-52284 | Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in th... | E | |
| CVE-2025-52287 | OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.... | | |
| CVE-2025-52289 | A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gai... | S | |
| CVE-2025-52294 | Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proxima... | | |
| CVE-2025-52327 | SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensiti... | | |
| CVE-2025-52335 | EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obt... | | |
| CVE-2025-52337 | An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eC... | | |
| CVE-2025-52338 | An issue in the default configuration of the password reset function in LogicData eCommerce Framewor... | | |
| CVE-2025-52351 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in ... | | |
| CVE-2025-52352 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign... | | |
| CVE-2025-52353 | An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticat... | | |
| CVE-2025-52357 | Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-... | | |
| CVE-2025-52358 | A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware ver... | E | |
| CVE-2025-52360 | A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library Managem... | | |
| CVE-2025-52361 | Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 B... | | |
| CVE-2025-52362 | Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHPro... | | |
| CVE-2025-52363 | Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file an... | E | |
| CVE-2025-52364 | Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (t... | E | |
| CVE-2025-52372 | An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmai... | E | |
| CVE-2025-52373 | Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attack... | E | |
| CVE-2025-52374 | Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attac... | E | |
| CVE-2025-52376 | An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NC... | | |
| CVE-2025-52377 | Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below,... | | |
| CVE-2025-52378 | Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 a... | | |
| CVE-2025-52379 | Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command i... | | |
| CVE-2025-52385 | An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a... | | |
| CVE-2025-52386 | CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file... | | |
| CVE-2025-52390 | Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vul... | | |
| CVE-2025-52392 | Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-li... | | |
| CVE-2025-52395 | An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application ... | | |
| CVE-2025-52434 | Apache Tomcat: APR/Native Connector crash leading to DoS | | |
| CVE-2025-52437 | Rejected reason: Not used... | R | |
| CVE-2025-52438 | Rejected reason: Not used... | R | |
| CVE-2025-52439 | Rejected reason: Not used... | R | |
| CVE-2025-52440 | Rejected reason: Not used... | R | |
| CVE-2025-52441 | Rejected reason: Not used... | R | |
| CVE-2025-52442 | Rejected reason: Not used... | R | |
| CVE-2025-52443 | Rejected reason: Not used... | R | |
| CVE-2025-52444 | Rejected reason: Not used... | R | |
| CVE-2025-52445 | Rejected reason: Not used... | R | |
| CVE-2025-52446 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windo... | | |
| CVE-2025-52447 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windo... | | |
| CVE-2025-52448 | Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windo... | | |
| CVE-2025-52449 | Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Window... | | |
| CVE-2025-52450 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sale... | | |
| CVE-2025-52451 | Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api -... | | |
| CVE-2025-52452 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sale... | | |
| CVE-2025-52453 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flo... | | |
| CVE-2025-52454 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Ama... | | |
| CVE-2025-52455 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS... | | |
| CVE-2025-52456 | A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image ... | | |
| CVE-2025-52459 | Advantech iView Argument Injection | S | |
| CVE-2025-52460 | Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (M... | | |
| CVE-2025-52461 | An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project li... | E | |
| CVE-2025-52462 | Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.0600856... | | |
| CVE-2025-52463 | Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earli... | | |
| CVE-2025-52464 | Meshtastic Repeated Public and Private Keypairs | | |
| CVE-2025-52467 | pgai secrets exfiltration via `pull_request_target` | | |
| CVE-2025-52471 | ESP-NOW Integer Underflow Vulnerability Advisory | | |
| CVE-2025-52473 | liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 | S | |
| CVE-2025-52474 | WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint | E S | |
| CVE-2025-52477 | Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow | | |
| CVE-2025-52478 | Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source | | |
| CVE-2025-52479 | HTTP.jl vulnerable to CR/LF Injection in URIs | | |
| CVE-2025-52480 | Registrator.jl Argument Injection Vulnerability | | |
| CVE-2025-52483 | Registrator.jl Vulnerable to Argument Injection and Command Injection | | |
| CVE-2025-52484 | RISC Zero zkVM Underconstrained Vulnerability | | |
| CVE-2025-52485 | DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed | | |
| CVE-2025-52486 | DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects | | |
| CVE-2025-52487 | DNN.PLATFORM possibly allows bypass of IP Filters | | |
| CVE-2025-52488 | DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input | | |
| CVE-2025-52490 | An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sy... | | |
| CVE-2025-52491 | Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.... | | |
| CVE-2025-52492 | A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware ... | | |
| CVE-2025-52496 | Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occu... | E | |
| CVE-2025-52497 | Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_bu... | | |
| CVE-2025-52520 | Apache Tomcat: DoS via integer overflow in multipart file upload | | |
| CVE-2025-52521 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vu... | | |
| CVE-2025-52542 | ... | R | |
| CVE-2025-52552 | FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS | | |
| CVE-2025-52553 | authentik has Insufficient Session verification for Remote Access Control endpoint access | S | |
| CVE-2025-52554 | n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows | | |
| CVE-2025-52555 | CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS | | |
| CVE-2025-52556 | rfc3161-client has insufficient verification for timestamp response signatures | | |
| CVE-2025-52557 | Mail-0 Zero Session Hijacking Via Email | | |
| CVE-2025-52558 | ChangeDetection.io XSS in watch overview | | |
| CVE-2025-52559 | Zulip XSS in digest preview URL | S | |
| CVE-2025-52560 | Kanboard Password Reset Poisoning via Host Header Injection | | |
| CVE-2025-52561 | HTMLSanitizer.jl Possible XSS | | |
| CVE-2025-52562 | Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution | | |
| CVE-2025-52566 | llama.cpp tokenizer signed vs. unsigned heap overflow | E S | |
| CVE-2025-52567 | GLPI has overly permissive URL verification | | |
| CVE-2025-52568 | NeKernal Multiple Memory Corruption Vulnerabilities in mkfs.hefs | | |
| CVE-2025-52569 | GitHub.jl lacks validation for user-provided fields | | |
| CVE-2025-52570 | Letmein connection limiter allows an arbitrary amount of simultaneous connections | | |
| CVE-2025-52571 | Hikka vulnerable to RCE through edits in a channel | | |
| CVE-2025-52572 | Hikka vulnerable to RCE through dangling web interface | | |
| CVE-2025-52573 | Command Injection in MCP Server ios-simulator-mcp | | |
| CVE-2025-52574 | SysmonElixir path traversal in /read endpoint allows arbitrary file read | | |
| CVE-2025-52575 | EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements | E S | |
| CVE-2025-52576 | Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass | E S | |
| CVE-2025-52577 | Advantech iView SQL Injection | S | |
| CVE-2025-52579 | Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory | S | |
| CVE-2025-52580 | Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior ... | | |
| CVE-2025-52581 | An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libb... | E | |
| CVE-2025-52584 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Heap-based Buffer Overflow | S | |
| CVE-2025-52585 | BIG-IP Client SSL profile vulnerability | | |
| CVE-2025-52586 | EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information | M | |
| CVE-2025-52618 | HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability | | |
| CVE-2025-52619 | HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure | | |
| CVE-2025-52620 | HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2025-52621 | HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning | | |
| CVE-2025-52687 | JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface | S | |
| CVE-2025-52688 | Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface | E S | |
| CVE-2025-52689 | Weak Session ID Check in the OmniAccess Stellar Web Management Interface | E S | |
| CVE-2025-52690 | Command Injection Vulnerability in the OmniAccess Stellar over UDP Service | E S | |
| CVE-2025-52707 | WordPress Firelight Lightbox plugin <= 2.3.16 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52708 | WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52709 | WordPress Everest Forms plugin <= 3.2.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-52710 | WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52711 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-52712 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability | S | |
| CVE-2025-52713 | WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Server Side Request Forgery (SSRF) Vulnerability | S | |
| CVE-2025-52714 | WordPress Traveler < 3.2.2 - SQL Injection Vulnerability | S | |
| CVE-2025-52715 | WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52716 | WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52717 | WordPress LifterLMS plugin <= 8.0.6 - SQL Injection Vulnerability | S | |
| CVE-2025-52718 | WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability | S | |
| CVE-2025-52719 | WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability | S | |
| CVE-2025-52720 | WordPress Super Store Finder Plugin <= 7.5 - SQL Injection Vulnerability | S | |
| CVE-2025-52721 | WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-52722 | WordPress Classiera theme <= 4.0.34 - SQL Injection Vulnerability | S | |
| CVE-2025-52723 | WordPress Networker theme <= 1.2.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52724 | WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-52725 | WordPress CouponXxL theme <= 3.0.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-52726 | WordPress CouponXxL Custom Post Types plugin <= 3.0 - Privilege Escalation Vulnerability | S | |
| CVE-2025-52727 | WordPress CSS3 Vertical Web Pricing Tables plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52728 | WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52729 | WordPress Diza theme <= 1.3.9 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability | S | |
| CVE-2025-52732 | WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability | S | |
| CVE-2025-52733 | WordPress ANON::form embedded secure form plugin <= 1.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-52761 | WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability | | |
| CVE-2025-52765 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52767 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52769 | WordPress flexo-social-gallery Plugin <= 1.0006 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52771 | WordPress Video Expander Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52772 | WordPress Virtual Moderator plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52774 | WordPress Infility Global plugin <= 2.12.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52775 | WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability | | |
| CVE-2025-52776 | WordPress Video List Manager <= 1.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52777 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52778 | WordPress xili-dictionary plugin <= 2.12.5.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52779 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52780 | WordPress Logo Manager For Samandehi plugin <= 0.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52781 | WordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52782 | WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52783 | WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52784 | WordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52785 | WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability | | |
| CVE-2025-52786 | WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52787 | WordPress Tennis Court Bookings plugin <= 1.2.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52788 | WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52789 | WordPress Lewe ChordPress plugin <= 3.9.7 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability | | |
| CVE-2025-52790 | WordPress WP-DownloadCounter plugin <= 1.01 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52791 | WordPress Knowledge Base – Knowledge Base Maker plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52792 | WordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52793 | WordPress Esselink.nu Settings plugin <= 2.94 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52794 | WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52795 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52796 | WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52797 | WordPress StoryMap Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52798 | WordPress JobSearch <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52799 | WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52800 | WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability | | |
| CVE-2025-52801 | WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability | | |
| CVE-2025-52802 | WordPress Import YouTube videos as WP Posts plugin <= 2.1 - Broken Access Control Vulnerability | | |
| CVE-2025-52803 | WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability | | |
| CVE-2025-52804 | WordPress Nuss theme <= 1.3.3 - Broken Access Control Vulnerability | | |
| CVE-2025-52805 | WordPress Leyka <= 3.31.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-52806 | WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-52807 | WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability | | |
| CVE-2025-52808 | WordPress RealtyElite theme <= 1.0.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-52809 | WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-52810 | WordPress Katerio - Magazine theme <= 1.5.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-52811 | WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulnerability | | |
| CVE-2025-52812 | WordPress Domnoo theme <= 1.49 - Local File Inclusion Vulnerability | | |
| CVE-2025-52813 | WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability | | |
| CVE-2025-52814 | WordPress BRW plugin <= 1.7.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-52815 | WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-52816 | WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-52817 | WordPress Abandoned Contact Form 7 plugin <= 2.0 - Broken Access Control Vulnerability | | |
| CVE-2025-52818 | WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability | | |
| CVE-2025-52819 | WordPress Pakke Envíos plugin <= 1.0.2 - SQL Injection Vulnerability | | |
| CVE-2025-52820 | WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability | | |
| CVE-2025-52821 | WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability | | |
| CVE-2025-52822 | WordPress WP Roadmap plugin <= 2.1.3 - SQL Injection Vulnerability | | |
| CVE-2025-52823 | WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability | | |
| CVE-2025-52824 | WordPress Mobile DJ Manager plugin <= 1.7.6 - Privilege Escalation Vulnerability | | |
| CVE-2025-52825 | WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-52826 | WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-52827 | WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-52828 | WordPress Red Art <= 3.7 - PHP Object Injection Vulnerability | | |
| CVE-2025-52829 | WordPress DirectIQ Email Marketing plugin <= 2.0 - SQL Injection Vulnerability | | |
| CVE-2025-52830 | WordPress bSecure – Your Universal Checkout <= 1.7.9 - SQL Injection Vulnerability | | |
| CVE-2025-52831 | WordPress Video List Manager <= 1.7 - SQL Injection Vulnerability | | |
| CVE-2025-52832 | WordPress NGG Smart Image Search <= 3.4.1 - SQL Injection Vulnerability | S | |
| CVE-2025-52833 | WordPress LMS <= 9.1 - SQL Injection Vulnerability | | |
| CVE-2025-52834 | WordPress Homey theme <= 2.4.5 - SQL Injection Vulnerability | | |
| CVE-2025-52836 | WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability | | |
| CVE-2025-52837 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Followi... | | |
| CVE-2025-52841 | Laundry 2.3.0 - Account Takeover via CSRF | E | |
| CVE-2025-52842 | Laundry 2.3.0 - Account Takeover via Reflected XSS | E | |
| CVE-2025-52856 | VioStor | S | |
| CVE-2025-52861 | VioStor | S | |
| CVE-2025-52875 | In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible... | | |
| CVE-2025-52876 | In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible... | | |
| CVE-2025-52877 | In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible... | | |
| CVE-2025-52878 | In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permission... | | |
| CVE-2025-52879 | In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible... | | |
| CVE-2025-52880 | Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File | | |
| CVE-2025-52882 | Claude Code IDE extensions allow websocket connections from arbitrary origins | | |
| CVE-2025-52883 | Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted | | |
| CVE-2025-52884 | risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment | | |
| CVE-2025-52886 | Poppler Use After Free Vulnerability | | |
| CVE-2025-52887 | cpp-httplib has unlimited number of http header fields, which causes memory leak | E S | |
| CVE-2025-52888 | Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction | | |
| CVE-2025-52889 | Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs | E | |
| CVE-2025-52890 | Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs | E | |
| CVE-2025-52891 | ModSecurity empty XML tag causes segmentation fault | | |
| CVE-2025-52892 | EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache | | |
| CVE-2025-52893 | OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data | S | |
| CVE-2025-52894 | OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation | S | |
| CVE-2025-52895 | Frappe possibility of SQL injection due to improper validations | S | |
| CVE-2025-52896 | Frappe authenticated XSS via data import | S | |
| CVE-2025-52897 | GLPI is vulnerable to XSS and open redirection attacks through planning feature | | |
| CVE-2025-52898 | Frappe account takeover via password reset token leakage | S | |
| CVE-2025-52899 | Tuleap vulnerable to user enumeration via the lost password form | S | |
| CVE-2025-52900 | File Browser has Insecure File Permissions | E S | |
| CVE-2025-52901 | File Browser allows sensitive data to be transferred in URL | E S | |
| CVE-2025-52902 | File Browser has Stored Cross-Site Scripting vulnerability | E S | |
| CVE-2025-52903 | File Browser Allows Execution of Shell Commands That Can Spawn Other Commands | E M | |
| CVE-2025-52904 | File Browser: Command Execution not Limited to Scope | E M | |
| CVE-2025-52913 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (... | | |
| CVE-2025-52914 | A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 ... | | |
| CVE-2025-52916 | Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration... | | |
| CVE-2025-52917 | The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosu... | | |
| CVE-2025-52918 | Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowin... | | |
| CVE-2025-52919 | In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certifi... | | |
| CVE-2025-52920 | Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the ... | | |
| CVE-2025-52921 | In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the... | | |
| CVE-2025-52922 | Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated at... | | |
| CVE-2025-52923 | Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command.... | | |
| CVE-2025-52924 | In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the ... | E | |
| CVE-2025-52925 | In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken w... | | |
| CVE-2025-52926 | In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the intera... | | |
| CVE-2025-52930 | A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image D... | | |
| CVE-2025-52931 | Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin | S | |
| CVE-2025-52933 | Rejected reason: 3rd party vulnerability... | R | |
| CVE-2025-52934 | Rejected reason: Not a vulnerability.... | R | |
| CVE-2025-52935 | Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly | S | |
| CVE-2025-52936 | Improper Link Resolution Before File Access vulnerability in yrutschle/sslh | S | |
| CVE-2025-52937 | Vulnerability in PointCloudLibrary PCL | S | |
| CVE-2025-52938 | Potential heap-based buffer over-read vulnerability in NotepadNext | S | |
| CVE-2025-52939 | Potential heap-buffer overflow vulnerability in NotepadNext | S | |
| CVE-2025-52946 | Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash | S | |
| CVE-2025-52947 | Junos OS: ACX Series: When 'hot-standby' mode is configured for an L2 circuit, interface flap causes the FEB to crash | S | |
| CVE-2025-52948 | Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled | S | |
| CVE-2025-52949 | Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash | S | |
| CVE-2025-52950 | Juniper Security Director: Insufficient authorization for multiple endpoints in web interface | S | |
| CVE-2025-52951 | Junos OS: IPv6 firewall filter fails to match payload-protocol | S | |
| CVE-2025-52952 | Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash | S | |
| CVE-2025-52953 | Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset | S | |
| CVE-2025-52954 | Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system | S | |
| CVE-2025-52955 | Junos OS and Junos OS Evolved: When jflow/sflow is configured continuous logical interface flaps causes rpd crash and restart | S | |
| CVE-2025-52958 | Junos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crash | S | |
| CVE-2025-52963 | Junos OS: A low-privileged user can disable an interface | S | |
| CVE-2025-52964 | Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured | S | |
| CVE-2025-52967 | gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.... | | |
| CVE-2025-52968 | xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can ... | | |
| CVE-2025-52969 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-52970 | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and ... | E S | |
| CVE-2025-52971 | Rejected reason: Not used... | R | |
| CVE-2025-52972 | Rejected reason: Not used... | R | |
| CVE-2025-52973 | Rejected reason: Not used... | R | |
| CVE-2025-52974 | Rejected reason: Not used... | R | |
| CVE-2025-52975 | Rejected reason: Not used... | R | |
| CVE-2025-52976 | Rejected reason: Not used... | R | |
| CVE-2025-52977 | Rejected reason: Not used... | R | |
| CVE-2025-52978 | Rejected reason: Not used... | R | |
| CVE-2025-52979 | Rejected reason: Not used... | R | |
| CVE-2025-52980 | Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message | S | |
| CVE-2025-52981 | Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash | S | |
| CVE-2025-52982 | Junos OS: MX Series: When specific SIP packets are processed the MS-MPC will crash | S | |
| CVE-2025-52983 | Junos OS: After removing ssh public key authentication root can still log in | S | |
| CVE-2025-52984 | Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes | S | |
| CVE-2025-52985 | Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching | S | |
| CVE-2025-52986 | Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks | S | |
| CVE-2025-52988 | Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout' | S | |
| CVE-2025-52989 | Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration | S | |
| CVE-2025-52991 | The Nix, Lix, and Guix package managers default to using temporary build directories in a world-read... | | |
| CVE-2025-52992 | The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fai... | | |
| CVE-2025-52993 | A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitr... | | |
| CVE-2025-52994 | gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a craft... | | |
| CVE-2025-52995 | File Browser vulnerable to command execution allowlist bypass | E S | |
| CVE-2025-52996 | File Browser's Password Protection of Links Vulnerable to Bypass | E | |
| CVE-2025-52997 | File Browser Insecurely Handles Passwords | E S | |
| CVE-2025-52999 | jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data | |