| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-53001 | Rejected reason: Reason: This candidate was issued in error.... | R | |
| CVE-2025-53002 | LLaMA-Factory Remote Code Execution (RCE) Vulnerability | | |
| CVE-2025-53003 | Janssen Config API returns results without scope verification | E | |
| CVE-2025-53004 | Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability | E | |
| CVE-2025-53005 | Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability | E | |
| CVE-2025-53006 | Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability | E | |
| CVE-2025-53007 | arduino-esp32 vulnerable to CRLF injection in WebServer.cpp | | |
| CVE-2025-53013 | Himmelblau offline auth permits authentication with invalid Hello PIN | | |
| CVE-2025-53017 | Rejected reason: Reason: This candidate was issued in error.... | R | |
| CVE-2025-53018 | Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs | E | |
| CVE-2025-53020 | Apache HTTP Server: HTTP/2 DoS by Memory Increase | | |
| CVE-2025-53021 | A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to h... | | |
| CVE-2025-53073 | In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and... | | |
| CVE-2025-53074 | Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue a... | | |
| CVE-2025-53075 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This is... | | |
| CVE-2025-53076 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This ... | | |
| CVE-2025-53091 | WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter | E | |
| CVE-2025-53093 | TabberNeue vulnerable to Stored XSS through wikitext | | |
| CVE-2025-53094 | ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp | | |
| CVE-2025-53095 | Sunshine application-wide CSRF in the UI leads to command injection as Administrator | | |
| CVE-2025-53096 | Sunshine clickjacking in the UI leads to unauthorized actions being performed | | |
| CVE-2025-53097 | Roo Code extension vulnerable to Potential Information Leakage via JSON Schema | | |
| CVE-2025-53098 | Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol | | |
| CVE-2025-53099 | Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation | | |
| CVE-2025-53100 | RestDB's Codehooks.io MCP Server Vulnerable to Command Injection | | |
| CVE-2025-53103 | JUnit OpenTestReportGeneratingListener can leak Git credentials | | |
| CVE-2025-53104 | gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow | | |
| CVE-2025-53106 | Graylog vulnerable to privilege escalation through API tokens | | |
| CVE-2025-53107 | @cyanheads/git-mcp-server vulnerable to command injection in several tools | | |
| CVE-2025-53108 | HomeBox Missing User Authorization | | |
| CVE-2025-53109 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling | | |
| CVE-2025-53110 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix | | |
| CVE-2025-53121 | Stored XSS in multiple 33.0.8files in opennms/opennms | | |
| CVE-2025-53122 | SQLi in OpenNMS Horizon and Meridian | S | |
| CVE-2025-53157 | Rejected reason: Not used... | R | |
| CVE-2025-53158 | Rejected reason: Not used... | R | |
| CVE-2025-53159 | Rejected reason: Not used... | R | |
| CVE-2025-53160 | Rejected reason: Not used... | R | |
| CVE-2025-53161 | Rejected reason: Not used... | R | |
| CVE-2025-53162 | Rejected reason: Not used... | R | |
| CVE-2025-53163 | Rejected reason: Not used... | R | |
| CVE-2025-53164 | Rejected reason: Not used... | R | |
| CVE-2025-53165 | Rejected reason: Not used... | R | |
| CVE-2025-53166 | Rejected reason: Not used... | R | |
| CVE-2025-53167 | Authentication vulnerability in the distributed collaboration framework module Impact: Successful ex... | | |
| CVE-2025-53168 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras ... | | |
| CVE-2025-53169 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras ... | | |
| CVE-2025-53170 | Null pointer dereference vulnerability in the application exit cause module Impact: Successful explo... | | |
| CVE-2025-53171 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53172 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53173 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53174 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53175 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53176 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53177 | Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of th... | | |
| CVE-2025-53178 | Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of th... | | |
| CVE-2025-53179 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53180 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53181 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53182 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53183 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53184 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53185 | Virtual address reuse issue in the memory management module, which can be exploited by non-privilege... | | |
| CVE-2025-53186 | Vulnerability that allows third-party call apps to send broadcasts without verification in the audio... | | |
| CVE-2025-53193 | WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53197 | WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53199 | WordPress HT Slider For Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53200 | WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-53202 | WordPress Responsive Blocks plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53203 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53206 | WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53211 | WordPress Audio Editor & Recorder plugin <= 2.2.3 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53253 | WordPress WP Edit plugin <= 4.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53254 | WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53255 | WordPress HurryTimer plugin <= 2.13.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53256 | WordPress YaySMTP plugin <= 2.6.5 - SQL Injection Vulnerability | | |
| CVE-2025-53257 | WordPress Gmedia Photo Gallery plugin <= 1.23.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-53258 | WordPress Hover Effects plugin <= 2.1.2 - SQL Injection Vulnerability | S | |
| CVE-2025-53259 | WordPress Hotel Booking plugin <= 3.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-53260 | WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-53261 | WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53262 | WordPress Writesonic plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53263 | WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53264 | WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53265 | WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53266 | WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability | | |
| CVE-2025-53267 | WordPress Hide Admin Bar From Front End plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53268 | WordPress Import external attachments plugin <= 1.5.12 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53269 | WordPress My Wp Brand plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53270 | WordPress CTA plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53271 | WordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53272 | WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53273 | WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53274 | WordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53275 | WordPress Leyka plugin <= 3.31.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53276 | WordPress Omnipress plugin <= 1.6.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53277 | WordPress IS-theme-companion plugin <= 1.57 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53278 | WordPress WP AdCenter plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53279 | WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53280 | WordPress Football Pool plugin <= 2.12.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53281 | WordPress WPB Category Slider for WooCommerce plugin <= 1.71 - Local File Inclusion Vulnerability | | |
| CVE-2025-53282 | WordPress Thumbnail Editor plugin <= 2.3.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53284 | WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53285 | WordPress Add & Replace Affiliate Links for Amazon plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53287 | WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53288 | WordPress PlatiOnline Payments plugin <= 6.3.2 - Broken Access Control Vulnerability | | |
| CVE-2025-53290 | WordPress WP Visual Sitemap plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53292 | WordPress WP DataTable plugin <= 0.2.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53293 | WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability | | |
| CVE-2025-53294 | WordPress Smart Agenda plugin <= 4.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53295 | WordPress iCount Payment Gateway plugin <= 2.0.6 - Broken Access Control Vulnerability | | |
| CVE-2025-53296 | WordPress EC Stars Rating plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53298 | WordPress Plugin Inspector plugin <= 1.5 - Arbitrary File Download Vulnerability | | |
| CVE-2025-53300 | WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53301 | WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53304 | WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability | | |
| CVE-2025-53305 | WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53306 | WordPress WP Forum Server plugin <= 1.8.2 - SQL Injection Vulnerability | | |
| CVE-2025-53308 | WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53309 | WordPress Accept Stripe Payments Using Contact Form 7 plugin <= 3.0 - Sensitive Data Exposure Vulnerability | | |
| CVE-2025-53310 | WordPress HidePost plugin <= 2.3.8 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53311 | WordPress Navayan Subscribe plugin <= 1.13 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53312 | WordPress OnionBuzz plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53313 | WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53314 | WordPress WP Optimizer plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53315 | WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53317 | WordPress WPShapere Lite plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53318 | WordPress WP DB Booster plugin <= 1.0.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53320 | WordPress Free Downloads EDD plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53321 | WordPress Raise The Money plugin <= 5.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53322 | WordPress Accept Authorize.NET Payments Using Contact Form 7 plugin <= 2.5 - Sensitive Data Exposure Vulnerability | | |
| CVE-2025-53323 | WordPress Pre-Publish Post Checklist plugin <= 3.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53325 | WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53327 | WordPress Aioseo Multibyte Descriptions plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53329 | WordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53331 | WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53332 | WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53336 | WordPress My Resume Builder plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53338 | WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53339 | WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-53355 | mcp-server-kubernetes vulnerable to command injection in several tools | E | |
| CVE-2025-53358 | kotaemon Vulnerable to Path Traversal via Link Upload | | |
| CVE-2025-53359 | ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions | | |
| CVE-2025-53364 | Parse Server exposes the data schema via GraphQL API | | |
| CVE-2025-53365 | MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service | | |
| CVE-2025-53366 | MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service | | |
| CVE-2025-53367 | DjVuLibre OOB-Write Vulnerability in MMRDecoder | E | |
| CVE-2025-53368 | Citizen is vulnerable to stored XSS attack in the legacy search bar | | |
| CVE-2025-53369 | Citizen Short Description stored XSS vulnerability through wikitext | | |
| CVE-2025-53370 | Citizen stored XSS vulnerability through short descriptions | | |
| CVE-2025-53371 | DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs | | |
| CVE-2025-53372 | node-code-sandbox-mcp has a Sandbox Escape via Command Injection | E | |
| CVE-2025-53373 | Natours has a 1 Click Account take over on reset password via Host Header injection | | |
| CVE-2025-53374 | Dokploy Improperly Discloses User Information via user.one Endpoint | | |
| CVE-2025-53375 | Dokploy allows attackers to read any file that the Traefik process user can access | | |
| CVE-2025-53376 | Dokploy allows attackers to run arbitrary OS commands on the Dokploy host. | | |
| CVE-2025-53377 | WebGia allows Cross-Site Scripting (XSS) in cadastro_dependente_pessoa_nova.php via the id_funcionario parameter | E S | |
| CVE-2025-53378 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) ... | | |
| CVE-2025-53380 | Rejected reason: Not used... | R | |
| CVE-2025-53381 | Rejected reason: Not used... | R | |
| CVE-2025-53382 | Rejected reason: Not used... | R | |
| CVE-2025-53383 | Rejected reason: Not used... | R | |
| CVE-2025-53384 | Rejected reason: Not used... | R | |
| CVE-2025-53385 | Rejected reason: Not used... | R | |
| CVE-2025-53386 | Rejected reason: Not used... | R | |
| CVE-2025-53387 | Rejected reason: Not used... | R | |
| CVE-2025-53388 | Rejected reason: Not used... | R | |
| CVE-2025-53391 | The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has in... | E | |
| CVE-2025-53392 | In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary ... | E | |
| CVE-2025-53393 | In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.... | | |
| CVE-2025-53397 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-53415 | File Parsing Deserialization of Untrusted Data in DTM Soft | S | |
| CVE-2025-53416 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-53471 | Emerson ValveLink Products Improper Input Validation | S | |
| CVE-2025-53473 | Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Rec... | | |
| CVE-2025-53475 | Advantech iView SQL Injection | S | |
| CVE-2025-53478 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages | | |
| CVE-2025-53479 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message | E | |
| CVE-2025-53480 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages | | |
| CVE-2025-53481 | Denial of service vector on ipinfo/v0/norevision | | |
| CVE-2025-53482 | IPInfo: Message key XSS through several IPInfo messages in infobox and popup | | |
| CVE-2025-53483 | SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery | | |
| CVE-2025-53484 | SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input | | |
| CVE-2025-53485 | SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes | | |
| CVE-2025-53486 | WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function | | |
| CVE-2025-53487 | ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages | | |
| CVE-2025-53488 | Stored XSS in WikiHiero | E | |
| CVE-2025-53489 | XSS in GoogleDocs4MW | | |
| CVE-2025-53490 | Multiple XSS in CampaignEvents | | |
| CVE-2025-53491 | XSS in FlaggedRevs | | |
| CVE-2025-53492 | Stored XSS in MintyDocs | | |
| CVE-2025-53493 | Stored XSS in MintyDocs | | |
| CVE-2025-53494 | Stored XSS in TwoColConflict | | |
| CVE-2025-53495 | Unauthorized Disclosure of IP Reputation in AbuseFilter | | |
| CVE-2025-53496 | Stored XSS in MediaSearch | | |
| CVE-2025-53497 | Stored XSS in RelatedArticles | | |
| CVE-2025-53498 | Lack of Audit Logging in AbuseFilter | E | |
| CVE-2025-53499 | Unauthorized Inspection of Protected Variables in AbuseFilter | | |
| CVE-2025-53500 | Stored XSS in MassEditRegex | | |
| CVE-2025-53501 | Content Access Bypass in Scribunto | | |
| CVE-2025-53502 | HTML injection in FeaturedFeeds | | |
| CVE-2025-53503 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a... | | |
| CVE-2025-53506 | Apache Tomcat: DoS via excessive h2 streams at connection start | | |
| CVE-2025-53509 | Advantech iView Argument Injection | S | |
| CVE-2025-53512 | Sensitive log retrieval in Juju | | |
| CVE-2025-53513 | Zip slip vulnerability in Juju | E | |
| CVE-2025-53515 | Advantech iView SQL Injection | S | |
| CVE-2025-53519 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-53525 | WebGia allows Cross-Site Scripting (XSS) in profile_familiar.php via the id_dependente parameter | E S | |
| CVE-2025-53526 | WeGIA allows Stored XSS attacks in novo_memorando.php | E S | |
| CVE-2025-53527 | WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint | E S | |
| CVE-2025-53529 | WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter) | E S | |
| CVE-2025-53530 | WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter | E | |
| CVE-2025-53531 | WeGIA allows Uncontrolled Resource Consumption via the fid parameter | E | |
| CVE-2025-53532 | giscus allows unauthorized discussion creation | | |
| CVE-2025-53535 | Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes | | |
| CVE-2025-53536 | Roo Code allows Potential Remote Code Execution via .vscode/settings.json | | |
| CVE-2025-53539 | ReDoS in fastapi-guard's penetration attempts detector | | |
| CVE-2025-53540 | CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution | | |
| CVE-2025-53542 | Kubernetes Headlamp Allows Arbitrary Command Injection in macOS Process headlamp@codeSign | | |
| CVE-2025-53543 | Kestra allows Stored XSS before 0.22 | | |
| CVE-2025-53545 | Press has a potential 2FA bypass | | |
| CVE-2025-53546 | Folo allows secrets exfiltration via `pull_request_target` | E | |
| CVE-2025-53547 | Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution | | |
| CVE-2025-53548 | @clerk/backend Performs Insufficient Verification of Data Authenticity | | |
| CVE-2025-53549 | Matrix Rust SDK allows SQL injection in the EventCache implementation | | |
| CVE-2025-53566 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53568 | WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53569 | WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53599 | Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browse... | | |
| CVE-2025-53600 | Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab en... | | |
| CVE-2025-53602 | Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a s... | | |
| CVE-2025-53603 | In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer d... | E | |
| CVE-2025-53604 | The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the bui... | | |
| CVE-2025-53605 | The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_... | | |
| CVE-2025-53610 | Rejected reason: Not used... | R | |
| CVE-2025-53611 | Rejected reason: Not used... | R | |
| CVE-2025-53612 | Rejected reason: Not used... | R | |
| CVE-2025-53613 | Rejected reason: Not used... | R | |
| CVE-2025-53614 | Rejected reason: Not used... | R | |
| CVE-2025-53615 | Rejected reason: Not used... | R | |
| CVE-2025-53616 | Rejected reason: Not used... | R | |
| CVE-2025-53617 | Rejected reason: Not used... | R | |
| CVE-2025-53620 | Crashing any Qwik Server | | |
| CVE-2025-53624 | docusaurus-plugin-content-gists Exposes GitHub Personal Access Token | | |
| CVE-2025-53625 | DynamicPageList3 exposes hidden/suppressed usernames | E | |
| CVE-2025-53626 | pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation | E | |
| CVE-2025-53628 | cpp-httplib does not limit the length of a line | E | |
| CVE-2025-53629 | cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability | E | |
| CVE-2025-53630 | Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf | | |
| CVE-2025-53632 | Chall-Manager's scenario decoding process does not check for zip slips | | |
| CVE-2025-53633 | Chall-Manager's scenario decoding process does not check for zip bombs | | |
| CVE-2025-53634 | Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks | | |
| CVE-2025-53636 | Open OnDemand Shell App closed websocket DoS | | |
| CVE-2025-53637 | Meshtastic allows Command Injection in GitHub Action | | |
| CVE-2025-53641 | Postiz allows header mutation in middleware facilitates resulting in SSRF | | |
| CVE-2025-53642 | haxcms-nodejs and haxcms-php Improperly Terminate Sessions | | |
| CVE-2025-53645 | Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.... | | |
| CVE-2025-53650 | Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., repl... | | |
| CVE-2025-53651 | Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths ... | | |
| CVE-2025-53652 | Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git paramete... | | |
| CVE-2025-53653 | Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypte... | | |
| CVE-2025-53654 | Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its gl... | | |
| CVE-2025-53655 | Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global ... | | |
| CVE-2025-53656 | Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client s... | | |
| CVE-2025-53657 | Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, c... | | |
| CVE-2025-53658 | Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build pa... | | |
| CVE-2025-53659 | Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted... | | |
| CVE-2025-53660 | Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys disp... | | |
| CVE-2025-53661 | Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on... | | |
| CVE-2025-53662 | Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in j... | | |
| CVE-2025-53663 | Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypte... | | |
| CVE-2025-53664 | Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unenc... | | |
| CVE-2025-53665 | Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication token... | | |
| CVE-2025-53666 | Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml f... | | |
| CVE-2025-53667 | Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job con... | | |
| CVE-2025-53668 | Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml file... | | |
| CVE-2025-53669 | Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job config... | | |
| CVE-2025-53670 | Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encrypti... | | |
| CVE-2025-53671 | Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials E... | | |
| CVE-2025-53672 | Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global co... | | |
| CVE-2025-53673 | Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token une... | | |
| CVE-2025-53674 | Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration to... | | |
| CVE-2025-53675 | Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml file... | | |
| CVE-2025-53676 | Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global con... | | |
| CVE-2025-53677 | Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configur... | | |
| CVE-2025-53678 | Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its globa... | | |
| CVE-2025-53682 | Rejected reason: Not used... | R | |
| CVE-2025-53683 | Rejected reason: Not used... | R | |
| CVE-2025-53684 | Rejected reason: Not used... | R | |
| CVE-2025-53685 | Rejected reason: Not used... | R | |
| CVE-2025-53686 | Rejected reason: Not used... | R | |
| CVE-2025-53687 | Rejected reason: Not used... | R | |
| CVE-2025-53688 | Rejected reason: Not used... | R | |
| CVE-2025-53709 | Access control issues impacting secure-upload service | | |
| CVE-2025-53742 | Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job conf... | | |
| CVE-2025-53743 | Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the... | | |
| CVE-2025-53746 | Rejected reason: Not used... | R | |
| CVE-2025-53747 | Rejected reason: Not used... | R | |
| CVE-2025-53748 | Rejected reason: Not used... | R | |
| CVE-2025-53749 | Rejected reason: Not used... | R | |
| CVE-2025-53750 | Rejected reason: Not used... | R | |
| CVE-2025-53751 | Rejected reason: Not used... | R | |
| CVE-2025-53752 | Rejected reason: Not used... | R | |
| CVE-2025-53753 | Rejected reason: Not used... | R | |
| CVE-2025-53848 | Rejected reason: Not used... | R | |
| CVE-2025-53849 | Rejected reason: Not used... | R | |
| CVE-2025-53850 | Rejected reason: Not used... | R | |
| CVE-2025-53851 | Rejected reason: Not used... | R | |
| CVE-2025-53852 | Rejected reason: Not used... | R | |
| CVE-2025-53861 | Aap: sensitive cookie(s) set without security flags | M | |
| CVE-2025-53862 | Aap: aap-gateway: automation-hub: sensitive information disclosure | M | |
| CVE-2025-53864 | Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via... | E | |
| CVE-2025-53871 | Rejected reason: Not used... | R | |
| CVE-2025-53872 | Rejected reason: Not used... | R | |
| CVE-2025-53873 | Rejected reason: Not used... | R | |
| CVE-2025-53874 | Rejected reason: Not used... | R | |
| CVE-2025-53875 | Rejected reason: Not used... | R | |
| CVE-2025-53876 | Rejected reason: Not used... | R | |
| CVE-2025-53877 | Rejected reason: Not used... | R | |
| CVE-2025-53878 | Rejected reason: Not used... | R | |
| CVE-2025-53879 | Rejected reason: Not used... | R |