| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-53001 | Rejected reason: Reason: This candidate was issued in error.... | R | |
| CVE-2025-53002 | LLaMA-Factory Remote Code Execution (RCE) Vulnerability | | |
| CVE-2025-53003 | Janssen Config API returns results without scope verification | E | |
| CVE-2025-53004 | Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability | E | |
| CVE-2025-53005 | Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability | E | |
| CVE-2025-53006 | Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability | E | |
| CVE-2025-53007 | arduino-esp32 vulnerable to CRLF injection in WebServer.cpp | | |
| CVE-2025-53008 | GLPI's MailCollector Receiver is vulnerable to credential exfiltration | | |
| CVE-2025-53009 | MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit | E S | |
| CVE-2025-53010 | MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereference | E S | |
| CVE-2025-53011 | MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput | E S | |
| CVE-2025-53012 | MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion | E S | |
| CVE-2025-53013 | Himmelblau offline auth permits authentication with invalid Hello PIN | | |
| CVE-2025-53014 | ImageMagick has Heap Buffer Overflow in InterpretImageFilename | E | |
| CVE-2025-53015 | ImageMagick has XMP profile write that triggers hang due to unbounded loop | E | |
| CVE-2025-53017 | Rejected reason: Reason: This candidate was issued in error.... | R | |
| CVE-2025-53018 | Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs | E | |
| CVE-2025-53019 | ImageMagick has Memory Leak in magick stream | E | |
| CVE-2025-53020 | Apache HTTP Server: HTTP/2 DoS by Memory Increase | | |
| CVE-2025-53021 | A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to h... | | |
| CVE-2025-53022 | TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 ... | | |
| CVE-2025-53023 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support... | S | |
| CVE-2025-53024 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53025 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53026 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53027 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53028 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53029 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53030 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ... | | |
| CVE-2025-53031 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora... | S | |
| CVE-2025-53032 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... | S | |
| CVE-2025-53073 | In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and... | | |
| CVE-2025-53074 | Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue a... | | |
| CVE-2025-53075 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This is... | | |
| CVE-2025-53076 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This ... | | |
| CVE-2025-53077 | An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limit... | | |
| CVE-2025-53078 | Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute... | | |
| CVE-2025-53079 | Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Admini... | | |
| CVE-2025-53080 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data M... | | |
| CVE-2025-53081 | An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbit... | | |
| CVE-2025-53082 | An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbit... | | |
| CVE-2025-53084 | A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of ... | E | |
| CVE-2025-53085 | A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Dec... | | |
| CVE-2025-53091 | WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter | E | |
| CVE-2025-53093 | TabberNeue vulnerable to Stored XSS through wikitext | | |
| CVE-2025-53094 | ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp | | |
| CVE-2025-53095 | Sunshine application-wide CSRF in the UI leads to command injection as Administrator | S | |
| CVE-2025-53096 | Sunshine clickjacking in the UI leads to unauthorized actions being performed | S | |
| CVE-2025-53097 | Roo Code extension vulnerable to Potential Information Leakage via JSON Schema | | |
| CVE-2025-53098 | Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol | | |
| CVE-2025-53099 | Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation | | |
| CVE-2025-53100 | RestDB's Codehooks.io MCP Server Vulnerable to Command Injection | | |
| CVE-2025-53101 | ImageMagick has Stack Buffer Overflow in image.c | E | |
| CVE-2025-53102 | Discourse's WebAuthn challenge isn't cleared from user session after authentication | | |
| CVE-2025-53103 | JUnit OpenTestReportGeneratingListener can leak Git credentials | | |
| CVE-2025-53104 | gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow | | |
| CVE-2025-53105 | GLPI permits unauthorized rules execution order | | |
| CVE-2025-53106 | Graylog vulnerable to privilege escalation through API tokens | | |
| CVE-2025-53107 | @cyanheads/git-mcp-server vulnerable to command injection in several tools | | |
| CVE-2025-53108 | HomeBox Missing User Authorization | | |
| CVE-2025-53109 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling | | |
| CVE-2025-53110 | Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix | | |
| CVE-2025-53111 | GLPI exposes data to non-allowed users | | |
| CVE-2025-53112 | GLPI's incomprehensive permission checks can lead to data removal from allowed users | | |
| CVE-2025-53113 | GLPI technicians can access unauthorized information through external links | | |
| CVE-2025-53118 | Securden Unified PAM Authentication Bypass | | |
| CVE-2025-53119 | Securden Unified PAM Unauthenticated Unrestricted File Upload | | |
| CVE-2025-53120 | Securden Unified PAM Path Traversal In File Upload | | |
| CVE-2025-53121 | Stored XSS in multiple 33.0.8files in opennms/opennms | | |
| CVE-2025-53122 | SQLi in OpenNMS Horizon and Meridian | S | |
| CVE-2025-53131 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2025-53132 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2025-53133 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | | |
| CVE-2025-53134 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-53135 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-53136 | NT OS Kernel Information Disclosure Vulnerability | | |
| CVE-2025-53137 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-53138 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-53140 | Windows Kernel Transaction Manager Elevation of Privilege Vulnerability | | |
| CVE-2025-53141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-53142 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2025-53143 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2025-53144 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2025-53145 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2025-53147 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-53148 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-53149 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-53151 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-53152 | Desktop Windows Manager Remote Code Execution Vulnerability | | |
| CVE-2025-53153 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-53154 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-53155 | Windows Hyper-V Elevation of Privilege Vulnerability | | |
| CVE-2025-53156 | Windows Storage Port Driver Information Disclosure Vulnerability | | |
| CVE-2025-53157 | Rejected reason: Not used... | R | |
| CVE-2025-53158 | Rejected reason: Not used... | R | |
| CVE-2025-53159 | Rejected reason: Not used... | R | |
| CVE-2025-53160 | Rejected reason: Not used... | R | |
| CVE-2025-53161 | Rejected reason: Not used... | R | |
| CVE-2025-53162 | Rejected reason: Not used... | R | |
| CVE-2025-53163 | Rejected reason: Not used... | R | |
| CVE-2025-53164 | Rejected reason: Not used... | R | |
| CVE-2025-53165 | Rejected reason: Not used... | R | |
| CVE-2025-53166 | Rejected reason: Not used... | R | |
| CVE-2025-53167 | Authentication vulnerability in the distributed collaboration framework module Impact: Successful ex... | | |
| CVE-2025-53168 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras ... | | |
| CVE-2025-53169 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras ... | | |
| CVE-2025-53170 | Null pointer dereference vulnerability in the application exit cause module Impact: Successful explo... | | |
| CVE-2025-53171 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53172 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53173 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53174 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53175 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53176 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2025-53177 | Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of th... | | |
| CVE-2025-53178 | Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of th... | | |
| CVE-2025-53179 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53180 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53181 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53182 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53183 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53184 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of ... | | |
| CVE-2025-53185 | Virtual address reuse issue in the memory management module, which can be exploited by non-privilege... | | |
| CVE-2025-53186 | Vulnerability that allows third-party call apps to send broadcasts without verification in the audio... | | |
| CVE-2025-53187 | Unauthenticated RCE | | |
| CVE-2025-53188 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-53189 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-53190 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-53191 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-53192 | Apache Commons OGNL: Expression Injection leading to RCE | | |
| CVE-2025-53193 | WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53194 | WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability | S | |
| CVE-2025-53195 | WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53196 | WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53197 | WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53198 | WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53199 | WordPress HT Slider For Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53200 | WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-53201 | WordPress Jobmonster <= 4.7.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53202 | WordPress Responsive Blocks plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53203 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53204 | WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53205 | WordPress Radio Player Shoutcast & Icecast <= 4.4.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53206 | WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53207 | WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53208 | WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability | S | |
| CVE-2025-53210 | WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53211 | WordPress Audio Editor & Recorder plugin <= 2.2.3 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53212 | WordPress Revolution Video Player With Bottom Playlist <= 2.9.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53213 | WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-53215 | WordPress Yahoo! WebPlayer Plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53216 | WordPress Glamer Theme <= 1.0.2 - Local File Inclusion Vulnerability | | |
| CVE-2025-53219 | WordPress WP-Database-Optimizer-Tools Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53220 | WordPress XmasB Quotes Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53221 | WordPress CodeablePress Plugin <= 1.0.0 - Broken Access Control Vulnerability | | |
| CVE-2025-53223 | WordPress Theme Switcher Reloaded Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53224 | WordPress NextGEN Gallery Search Plugin <= 2.12 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53225 | WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53226 | WordPress Comments Capcha Box Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53227 | WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-53230 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control Vulnerability | | |
| CVE-2025-53241 | WordPress Simplified Plugin <= 1.0.9 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-53243 | WordPress Employee Directory – Staff Listing & Team Directory Plugin for WordPress Plugin <= 4.5.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-53244 | WordPress Magazine Elite Theme <= 1.2.4 - Local File Inclusion Vulnerability | | |
| CVE-2025-53247 | WordPress BlogMarks Theme <= 1.0.8 - Local File Inclusion Vulnerability | | |
| CVE-2025-53248 | WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability | | |
| CVE-2025-53249 | WordPress Build App Online Plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53250 | WordPress Chartbeat Plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-53251 | WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-53253 | WordPress WP Edit plugin <= 4.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53254 | WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53255 | WordPress HurryTimer plugin <= 2.13.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53256 | WordPress YaySMTP plugin <= 2.6.5 - SQL Injection Vulnerability | | |
| CVE-2025-53257 | WordPress Gmedia Photo Gallery plugin <= 1.23.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-53258 | WordPress Hover Effects plugin <= 2.1.2 - SQL Injection Vulnerability | S | |
| CVE-2025-53259 | WordPress Hotel Booking plugin <= 3.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-53260 | WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-53261 | WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53262 | WordPress Writesonic plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53263 | WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53264 | WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53265 | WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53266 | WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability | | |
| CVE-2025-53267 | WordPress Hide Admin Bar From Front End plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53268 | WordPress Import external attachments plugin <= 1.5.12 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53269 | WordPress My Wp Brand plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53270 | WordPress CTA plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53271 | WordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53272 | WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53273 | WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53274 | WordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53275 | WordPress Leyka plugin <= 3.31.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53276 | WordPress Omnipress plugin <= 1.6.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53277 | WordPress IS-theme-companion plugin <= 1.57 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53278 | WordPress WP AdCenter plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53279 | WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53280 | WordPress Football Pool plugin <= 2.12.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53281 | WordPress WPB Category Slider for WooCommerce plugin <= 1.71 - Local File Inclusion Vulnerability | | |
| CVE-2025-53282 | WordPress Thumbnail Editor plugin <= 2.3.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53284 | WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53285 | WordPress Add & Replace Affiliate Links for Amazon plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53287 | WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53288 | WordPress PlatiOnline Payments plugin <= 6.3.2 - Broken Access Control Vulnerability | | |
| CVE-2025-53289 | WordPress Theme Blvd Widget Areas Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53290 | WordPress WP Visual Sitemap plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53292 | WordPress WP DataTable plugin <= 0.2.7 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53293 | WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability | | |
| CVE-2025-53294 | WordPress Smart Agenda plugin <= 4.9 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53295 | WordPress iCount Payment Gateway plugin <= 2.0.6 - Broken Access Control Vulnerability | | |
| CVE-2025-53296 | WordPress EC Stars Rating plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53298 | WordPress Plugin Inspector plugin <= 1.5 - Arbitrary File Download Vulnerability | | |
| CVE-2025-53299 | WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability | | |
| CVE-2025-53300 | WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53301 | WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53304 | WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability | | |
| CVE-2025-53305 | WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53306 | WordPress WP Forum Server plugin <= 1.8.2 - SQL Injection Vulnerability | | |
| CVE-2025-53308 | WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53309 | WordPress Accept Stripe Payments Using Contact Form 7 plugin <= 3.0 - Sensitive Data Exposure Vulnerability | | |
| CVE-2025-53310 | WordPress HidePost plugin <= 2.3.8 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53311 | WordPress Navayan Subscribe plugin <= 1.13 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53312 | WordPress OnionBuzz plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53313 | WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53314 | WordPress WP Optimizer plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53315 | WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53317 | WordPress WPShapere Lite plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53318 | WordPress WP DB Booster plugin <= 1.0.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53319 | WordPress Raptive Ads Plugin <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53320 | WordPress Free Downloads EDD plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53321 | WordPress Raise The Money plugin <= 5.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53322 | WordPress Accept Authorize.NET Payments Using Contact Form 7 plugin <= 2.5 - Sensitive Data Exposure Vulnerability | | |
| CVE-2025-53323 | WordPress Pre-Publish Post Checklist plugin <= 3.1 - Broken Access Control Vulnerability | | |
| CVE-2025-53325 | WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53326 | WordPress Gutenify Plugin <= 1.5.6 - Local File Inclusion Vulnerability | | |
| CVE-2025-53327 | WordPress Aioseo Multibyte Descriptions plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53328 | WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin <= 19.11.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-53329 | WordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53330 | WordPress WP Rentals Theme <= 3.13.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53331 | WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53332 | WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53334 | WordPress Jannah Theme <= 7.4.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-53336 | WordPress My Resume Builder plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53337 | WordPress LifePress Plugin <= 2.1.3 - Broken Access Control Vulnerability | | |
| CVE-2025-53338 | WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53339 | WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability | | |
| CVE-2025-53341 | WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability | | |
| CVE-2025-53342 | WordPress Modernize Theme <= 3.4.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53343 | WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability | | |
| CVE-2025-53347 | WordPress Kalium Theme plugin <= 3.18.3 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-53355 | mcp-server-kubernetes vulnerable to command injection in several tools | E | |
| CVE-2025-53357 | GLPI permits reservation modification by unauthorized users | | |
| CVE-2025-53358 | kotaemon Vulnerable to Path Traversal via Link Upload | | |
| CVE-2025-53359 | ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions | | |
| CVE-2025-53363 | Dpanel has an arbitrary file read vulnerability | | |
| CVE-2025-53364 | Parse Server exposes the data schema via GraphQL API | | |
| CVE-2025-53365 | MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service | | |
| CVE-2025-53366 | MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service | | |
| CVE-2025-53367 | DjVuLibre OOB-Write Vulnerability in MMRDecoder | E | |
| CVE-2025-53368 | Citizen is vulnerable to stored XSS attack in the legacy search bar | E S | |
| CVE-2025-53369 | Citizen Short Description stored XSS vulnerability through wikitext | | |
| CVE-2025-53370 | Citizen stored XSS vulnerability through short descriptions | E S | |
| CVE-2025-53371 | DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs | | |
| CVE-2025-53372 | node-code-sandbox-mcp has a Sandbox Escape via Command Injection | E | |
| CVE-2025-53373 | Natours has a 1 Click Account take over on reset password via Host Header injection | | |
| CVE-2025-53374 | Dokploy Improperly Discloses User Information via user.one Endpoint | | |
| CVE-2025-53375 | Dokploy allows attackers to read any file that the Traefik process user can access | | |
| CVE-2025-53376 | Dokploy allows attackers to run arbitrary OS commands on the Dokploy host. | | |
| CVE-2025-53377 | WebGia allows Cross-Site Scripting (XSS) in cadastro_dependente_pessoa_nova.php via the id_funcionario parameter | E S | |
| CVE-2025-53378 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) ... | | |
| CVE-2025-53380 | Rejected reason: Not used... | R | |
| CVE-2025-53381 | Rejected reason: Not used... | R | |
| CVE-2025-53382 | Rejected reason: Not used... | R | |
| CVE-2025-53383 | Rejected reason: Not used... | R | |
| CVE-2025-53384 | Rejected reason: Not used... | R | |
| CVE-2025-53385 | Rejected reason: Not used... | R | |
| CVE-2025-53386 | Rejected reason: Not used... | R | |
| CVE-2025-53387 | Rejected reason: Not used... | R | |
| CVE-2025-53388 | Rejected reason: Not used... | R | |
| CVE-2025-53391 | The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has in... | E | |
| CVE-2025-53392 | In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary ... | E | |
| CVE-2025-53393 | In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.... | | |
| CVE-2025-53394 | Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with adminis... | | |
| CVE-2025-53395 | Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with a... | | |
| CVE-2025-53396 | Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier ... | | |
| CVE-2025-53397 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-53399 | In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of t... | | |
| CVE-2025-53415 | File Parsing Deserialization of Untrusted Data in DTM Soft | S | |
| CVE-2025-53416 | File Parsing Deserialization of Untrusted Data in DTN Soft | S | |
| CVE-2025-53417 | File Parsing Deserialization of Untrusted Data in DTM Soft | S | |
| CVE-2025-53418 | COMMGR Stack-based Buffer Overflow Vulnerability | S | |
| CVE-2025-53419 | COMMGR Code Injection Vulnerability | S | |
| CVE-2025-53471 | Emerson ValveLink Products Improper Input Validation | S | |
| CVE-2025-53472 | WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS com... | | |
| CVE-2025-53473 | Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Rec... | | |
| CVE-2025-53475 | Advantech iView SQL Injection | S | |
| CVE-2025-53478 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages | | |
| CVE-2025-53479 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message | E | |
| CVE-2025-53480 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages | | |
| CVE-2025-53481 | Denial of service vector on ipinfo/v0/norevision | | |
| CVE-2025-53482 | IPInfo: Message key XSS through several IPInfo messages in infobox and popup | | |
| CVE-2025-53483 | SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery | | |
| CVE-2025-53484 | SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input | | |
| CVE-2025-53485 | SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes | | |
| CVE-2025-53486 | WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function | | |
| CVE-2025-53487 | ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages | | |
| CVE-2025-53488 | Stored XSS in WikiHiero | E | |
| CVE-2025-53489 | XSS in GoogleDocs4MW | | |
| CVE-2025-53490 | Multiple XSS in CampaignEvents | | |
| CVE-2025-53491 | XSS in FlaggedRevs | | |
| CVE-2025-53492 | Stored XSS in MintyDocs | | |
| CVE-2025-53493 | Stored XSS in MintyDocs | | |
| CVE-2025-53494 | Stored XSS in TwoColConflict | | |
| CVE-2025-53495 | Unauthorized Disclosure of IP Reputation in AbuseFilter | | |
| CVE-2025-53496 | Stored XSS in MediaSearch | | |
| CVE-2025-53497 | Stored XSS in RelatedArticles | | |
| CVE-2025-53498 | Lack of Audit Logging in AbuseFilter | E | |
| CVE-2025-53499 | Unauthorized Inspection of Protected Variables in AbuseFilter | | |
| CVE-2025-53500 | Stored XSS in MassEditRegex | | |
| CVE-2025-53501 | Content Access Bypass in Scribunto | | |
| CVE-2025-53502 | HTML injection in FeaturedFeeds | | |
| CVE-2025-53503 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a... | | |
| CVE-2025-53504 | Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross... | | |
| CVE-2025-53505 | Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path ... | | |
| CVE-2025-53506 | Apache Tomcat: DoS via excessive h2 streams at connection start | | |
| CVE-2025-53507 | Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulne... | | |
| CVE-2025-53508 | Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploite... | | |
| CVE-2025-53509 | Advantech iView Argument Injection | S | |
| CVE-2025-53510 | A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image D... | | |
| CVE-2025-53511 | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Pr... | E | |
| CVE-2025-53512 | Sensitive log retrieval in Juju | E | |
| CVE-2025-53513 | Zip slip vulnerability in Juju | E | |
| CVE-2025-53514 | Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin | S | |
| CVE-2025-53515 | Advantech iView SQL Injection | S | |
| CVE-2025-53518 | An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libb... | E | |
| CVE-2025-53519 | Advantech iView Cross-site Scripting | S | |
| CVE-2025-53520 | EG4 Electronics EG4 Inverters Download of Code Without Integrity Check | M | |
| CVE-2025-53522 | Movable Type contains an issue with use of less trusted source. If exploited, tampered email to rese... | | |
| CVE-2025-53525 | WebGia allows Cross-Site Scripting (XSS) in profile_familiar.php via the id_dependente parameter | E S | |
| CVE-2025-53526 | WeGIA allows Stored XSS attacks in novo_memorando.php | E S | |
| CVE-2025-53527 | WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint | E S | |
| CVE-2025-53528 | Cadwyn is vulnerable to an XSS attack through its docs page | | |
| CVE-2025-53529 | WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter) | E S | |
| CVE-2025-53530 | WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter | E | |
| CVE-2025-53531 | WeGIA allows Uncontrolled Resource Consumption via the fid parameter | E | |
| CVE-2025-53532 | giscus allows unauthorized discussion creation | | |
| CVE-2025-53534 | RatPanel can perform remote command execution without authorization | E | |
| CVE-2025-53535 | Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes | | |
| CVE-2025-53536 | Roo Code allows Potential Remote Code Execution via .vscode/settings.json | | |
| CVE-2025-53537 | LibHTP's memory leak with lzma can lead to resource starvation | S | |
| CVE-2025-53538 | Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation | | |
| CVE-2025-53539 | ReDoS in fastapi-guard's penetration attempts detector | | |
| CVE-2025-53540 | CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution | | |
| CVE-2025-53541 | Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact | E S | |
| CVE-2025-53542 | Kubernetes Headlamp Allows Arbitrary Command Injection in macOS Process headlamp@codeSign | | |
| CVE-2025-53543 | Kestra allows Stored XSS before 0.22 | | |
| CVE-2025-53544 | Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval | E | |
| CVE-2025-53545 | Press has a potential 2FA bypass | | |
| CVE-2025-53546 | Folo allows secrets exfiltration via `pull_request_target` | E | |
| CVE-2025-53547 | Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution | | |
| CVE-2025-53548 | @clerk/backend Performs Insufficient Verification of Data Authenticity | | |
| CVE-2025-53549 | Matrix Rust SDK allows SQL injection in the EventCache implementation | | |
| CVE-2025-53557 | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Pr... | E | |
| CVE-2025-53558 | ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. ... | | |
| CVE-2025-53559 | WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53560 | WordPress Noisa theme <= 2.6.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53561 | WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability | S | |
| CVE-2025-53562 | WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53563 | WordPress Youtube Vimeo Video Player and Slider <= 3.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53564 | WordPress HTML5 Radio Player - WPBakery Page Builder Addon <= 2.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53565 | WordPress Widget for Google Reviews <= 1.0.15 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53566 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53567 | WordPress Ghost Kit <= 3.4.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53568 | WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53569 | WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53572 | WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53575 | WordPress Primer MyData for Woocommerce Plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53576 | WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53577 | WordPress Global DNS Plugin <= 3.1.0 - Remote Code Execution (RCE) Vulnerability | S | |
| CVE-2025-53578 | WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53579 | WordPress Captcha.eu Plugin < 1.0.61 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53580 | WordPress Simple Business Directory Pro Plugin < 15.6.9 - Privilege Escalation Vulnerability | S | |
| CVE-2025-53581 | WordPress RSS Feed Pro Plugin <= 1.1.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53582 | WordPress WordLift Plugin <= 3.54.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53583 | WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53584 | WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53587 | WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-53588 | WordPress UPC/EAN/GTIN Code Generator Plugin <= 2.0.2 - Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-53599 | Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browse... | | |
| CVE-2025-53600 | Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab en... | | |
| CVE-2025-53602 | Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a s... | | |
| CVE-2025-53603 | In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer d... | E | |
| CVE-2025-53604 | The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the bui... | | |
| CVE-2025-53605 | The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_... | | |
| CVE-2025-53606 | Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server | | |
| CVE-2025-53610 | Rejected reason: Not used... | R | |
| CVE-2025-53611 | Rejected reason: Not used... | R | |
| CVE-2025-53612 | Rejected reason: Not used... | R | |
| CVE-2025-53613 | Rejected reason: Not used... | R | |
| CVE-2025-53614 | Rejected reason: Not used... | R | |
| CVE-2025-53615 | Rejected reason: Not used... | R | |
| CVE-2025-53616 | Rejected reason: Not used... | R | |
| CVE-2025-53617 | Rejected reason: Not used... | R | |
| CVE-2025-53620 | Crashing any Qwik Server | | |
| CVE-2025-53621 | DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources | | |
| CVE-2025-53622 | DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file | | |
| CVE-2025-53623 | Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class | | |
| CVE-2025-53624 | docusaurus-plugin-content-gists Exposes GitHub Personal Access Token | | |
| CVE-2025-53625 | DynamicPageList3 exposes hidden/suppressed usernames | E | |
| CVE-2025-53626 | pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation | E | |
| CVE-2025-53628 | cpp-httplib does not limit the length of a line | E S | |
| CVE-2025-53629 | cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability | E S | |
| CVE-2025-53630 | Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf | | |
| CVE-2025-53631 | flaskBlog XSS Vulnerability in postContent | | |
| CVE-2025-53632 | Chall-Manager's scenario decoding process does not check for zip slips | S | |
| CVE-2025-53633 | Chall-Manager's scenario decoding process does not check for zip bombs | S | |
| CVE-2025-53634 | Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks | S | |
| CVE-2025-53636 | Open OnDemand Shell App closed websocket DoS | | |
| CVE-2025-53637 | Meshtastic allows Command Injection in GitHub Action | | |
| CVE-2025-53638 | Solady lacks extcodesize validation on implementation in ERC4337Factory | | |
| CVE-2025-53639 | Metersphere has SQL Injection Vulnerability in Sorting Field | | |
| CVE-2025-53640 | Indico vulnerable to user enumeration via API endpoint | | |
| CVE-2025-53641 | Postiz allows header mutation in middleware facilitates resulting in SSRF | | |
| CVE-2025-53642 | haxcms-nodejs and haxcms-php Improperly Terminate Sessions | | |
| CVE-2025-53643 | AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections | S | |
| CVE-2025-53644 | OpenCV contains a use after free buffer write due to an uninitialized pointer | | |
| CVE-2025-53645 | Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is... | | |
| CVE-2025-53649 | "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnera... | | |
| CVE-2025-53650 | Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., repl... | | |
| CVE-2025-53651 | Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths ... | | |
| CVE-2025-53652 | Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git paramete... | | |
| CVE-2025-53653 | Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypte... | | |
| CVE-2025-53654 | Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its gl... | | |
| CVE-2025-53655 | Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global ... | | |
| CVE-2025-53656 | Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client s... | | |
| CVE-2025-53657 | Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, c... | | |
| CVE-2025-53658 | Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build pa... | | |
| CVE-2025-53659 | Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted... | | |
| CVE-2025-53660 | Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys disp... | | |
| CVE-2025-53661 | Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on... | | |
| CVE-2025-53662 | Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in j... | | |
| CVE-2025-53663 | Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypte... | | |
| CVE-2025-53664 | Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unenc... | | |
| CVE-2025-53665 | Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication token... | | |
| CVE-2025-53666 | Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml f... | | |
| CVE-2025-53667 | Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job con... | | |
| CVE-2025-53668 | Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml file... | | |
| CVE-2025-53669 | Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job config... | | |
| CVE-2025-53670 | Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encrypti... | | |
| CVE-2025-53671 | Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials E... | | |
| CVE-2025-53672 | Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global co... | | |
| CVE-2025-53673 | Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token une... | | |
| CVE-2025-53674 | Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration to... | | |
| CVE-2025-53675 | Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml file... | | |
| CVE-2025-53676 | Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global con... | | |
| CVE-2025-53677 | Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configur... | | |
| CVE-2025-53678 | Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its globa... | | |
| CVE-2025-53682 | Rejected reason: Not used... | R | |
| CVE-2025-53683 | Rejected reason: Not used... | R | |
| CVE-2025-53684 | Rejected reason: Not used... | R | |
| CVE-2025-53685 | Rejected reason: Not used... | R | |
| CVE-2025-53686 | Rejected reason: Not used... | R | |
| CVE-2025-53687 | Rejected reason: Not used... | R | |
| CVE-2025-53688 | Rejected reason: Not used... | R | |
| CVE-2025-53689 | Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons | | |
| CVE-2025-53695 | OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gai... | | |
| CVE-2025-53696 | iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect cert... | | |
| CVE-2025-53703 | DuraComm DP-10iN-100-MU Cleartext Transmission of Sensitive Information | S | |
| CVE-2025-53705 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Write | S | |
| CVE-2025-53709 | Access control issues impacting secure-upload service | | |
| CVE-2025-53711 | TP-Link TL-WR841N WlanNetworkRpm.htm buffer overflow | | |
| CVE-2025-53712 | TP-Link TL-WR841N WlanNetworkRpm_AP.htm buffer overflow | | |
| CVE-2025-53713 | TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow | | |
| CVE-2025-53714 | TP-Link TL-WR841N WzdWlanSiteSurveyRpm_AP.htm buffer overflow | | |
| CVE-2025-53715 | TP-Link TL-WR841N Wan6to4TunnelCfgRpm.htm buffer overflow | | |
| CVE-2025-53716 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | | |
| CVE-2025-53718 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | | |
| CVE-2025-53719 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | | |
| CVE-2025-53720 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2025-53721 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | | |
| CVE-2025-53722 | Windows Remote Desktop Services Denial of Service Vulnerability | | |
| CVE-2025-53723 | Windows Hyper-V Elevation of Privilege Vulnerability | | |
| CVE-2025-53724 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | | |
| CVE-2025-53725 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | | |
| CVE-2025-53726 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | | |
| CVE-2025-53727 | Microsoft SQL Server Elevation of Privilege Vulnerability | | |
| CVE-2025-53728 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | | |
| CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | | |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-53732 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-53733 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-53734 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2025-53735 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-53736 | Microsoft Word Information Disclosure Vulnerability | | |
| CVE-2025-53737 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-53738 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-53739 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | | |
| CVE-2025-53741 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-53742 | Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job conf... | | |
| CVE-2025-53743 | Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the... | | |
| CVE-2025-53744 | An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 t... | S | |
| CVE-2025-53746 | Rejected reason: Not used... | R | |
| CVE-2025-53747 | Rejected reason: Not used... | R | |
| CVE-2025-53748 | Rejected reason: Not used... | R | |
| CVE-2025-53749 | Rejected reason: Not used... | R | |
| CVE-2025-53750 | Rejected reason: Not used... | R | |
| CVE-2025-53751 | Rejected reason: Not used... | R | |
| CVE-2025-53752 | Rejected reason: Not used... | R | |
| CVE-2025-53753 | Rejected reason: Not used... | R | |
| CVE-2025-53754 | Hard-coded Credentials Vulnerability in Digisol DG-GR6821AC Router | S | |
| CVE-2025-53755 | Cleartext Storage Vulnerability in Digisol DG-GR6821AC Router | S | |
| CVE-2025-53756 | Cleartext Transmission Vulnerability in Digisol DG-GR6821AC Router | S | |
| CVE-2025-53757 | Insecure Cookie Flags Vulnerability in Digisol DG-GR6821AC Router | S | |
| CVE-2025-53758 | Default Credential Vulnerability in Digisol DG-GR6821AC Router | S | |
| CVE-2025-53759 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2025-53760 | Microsoft SharePoint Elevation of Privilege Vulnerability | | |
| CVE-2025-53761 | Microsoft PowerPoint Remote Code Execution Vulnerability | | |
| CVE-2025-53762 | Microsoft Purview Elevation of Privilege Vulnerability | | |
| CVE-2025-53763 | Azure Databricks Elevation of Privilege Vulnerability | | |
| CVE-2025-53765 | Azure Stack Hub Information Disclosure Vulnerability | | |
| CVE-2025-53766 | GDI+ Remote Code Execution Vulnerability | | |
| CVE-2025-53767 | Azure OpenAI Elevation of Privilege Vulnerability | | |
| CVE-2025-53769 | Windows Security App Spoofing Vulnerability | | |
| CVE-2025-53770 | Microsoft SharePoint Server Remote Code Execution Vulnerability | KEV E M | |
| CVE-2025-53771 | Microsoft SharePoint Server Spoofing Vulnerability | | |
| CVE-2025-53772 | Web Deploy Remote Code Execution Vulnerability | | |
| CVE-2025-53773 | GitHub Copilot and Visual Studio Remote Code Execution Vulnerability | E | |
| CVE-2025-53774 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | | |
| CVE-2025-53778 | Windows NTLM Elevation of Privilege Vulnerability | | |
| CVE-2025-53779 | Windows Kerberos Elevation of Privilege Vulnerability | | |
| CVE-2025-53781 | Azure Virtual Machines Information Disclosure Vulnerability | | |
| CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability | | |
| CVE-2025-53784 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability | | |
| CVE-2025-53787 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | | |
| CVE-2025-53788 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | | |
| CVE-2025-53789 | Windows StateRepository API Server file Elevation of Privilege Vulnerability | | |
| CVE-2025-53792 | Azure Portal Elevation of Privilege Vulnerability | | |
| CVE-2025-53793 | Azure Stack Hub Information Disclosure Vulnerability | | |
| CVE-2025-53795 | Microsoft PC Manager Elevation of Privilege Vulnerability | | |
| CVE-2025-53811 | TCC Bypass via misconfigured Node fuses in Mosh-Pro | | |
| CVE-2025-53813 | TCC Bypass via misconfigured Node fuses in Nozbe | | |
| CVE-2025-53816 | GHSL-2025-058 - 7-Zip Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder | E | |
| CVE-2025-53817 | GHSL-2025-059 - 7-Zip - Null pointer array write attempt in NArchive::NCom::CHandler::GetStream | E | |
| CVE-2025-53818 | github-kanban-mcp-server Command Injection vulnerability | E | |
| CVE-2025-53819 | Nix's privilege dropping to build user broke for macOS | | |
| CVE-2025-53820 | WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro' | E | |
| CVE-2025-53821 | WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage' | E | |
| CVE-2025-53822 | WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio' | E | |
| CVE-2025-53823 | WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_socio` | E | |
| CVE-2025-53824 | WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg' | E | |
| CVE-2025-53825 | Dokploy's Preview Deployments are vulnerable to Remote Code Execution | E | |
| CVE-2025-53826 | FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout | E | |
| CVE-2025-53832 | @translated/lara-mcp vulnerable to command injection in import_tmx tool | | |
| CVE-2025-53833 | LaRecipe is vulnerable to Server-Side Template Injection attacks | | |
| CVE-2025-53834 | Caido Toast Vulnerable to Reflected Cross-site Scripting | | |
| CVE-2025-53835 | XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax | E S | |
| CVE-2025-53836 | XWiki Rendering is vulnerable to RCE attacks when processing nested macros | E S | |
| CVE-2025-53839 | DRACOON Branding Service vulnerable to Cross-site Scripting | | |
| CVE-2025-53840 | Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability | | |
| CVE-2025-53842 | Use of hard-coded credentials issue exists in ZWX-2000CSW2-HN prior to 0.3.19 and ZWX-2000CS2-HN fir... | | |
| CVE-2025-53848 | Rejected reason: Not used... | R | |
| CVE-2025-53849 | Rejected reason: Not used... | R | |
| CVE-2025-53850 | Rejected reason: Not used... | R | |
| CVE-2025-53851 | Rejected reason: Not used... | R | |
| CVE-2025-53852 | Rejected reason: Not used... | R | |
| CVE-2025-53853 | A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig P... | E | |
| CVE-2025-53857 | Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin | S | |
| CVE-2025-53859 | NGINX ngx_mail_smtp_module vulnerability | | |
| CVE-2025-53861 | Aap: sensitive cookie(s) set without security flags | M | |
| CVE-2025-53862 | Aap: aap-gateway: automation-hub: sensitive information disclosure | M | |
| CVE-2025-53864 | Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via... | E | |
| CVE-2025-53865 | In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (dev... | | |
| CVE-2025-53867 | Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.... | | |
| CVE-2025-53871 | Rejected reason: Not used... | R | |
| CVE-2025-53872 | Rejected reason: Not used... | R | |
| CVE-2025-53873 | Rejected reason: Not used... | R | |
| CVE-2025-53874 | Rejected reason: Not used... | R | |
| CVE-2025-53875 | Rejected reason: Not used... | R | |
| CVE-2025-53876 | Rejected reason: Not used... | R | |
| CVE-2025-53877 | Rejected reason: Not used... | R | |
| CVE-2025-53878 | Rejected reason: Not used... | R | |
| CVE-2025-53879 | Rejected reason: Not used... | R | |
| CVE-2025-53882 | python-mailman logrotate configuration allows potential escalation from mailman to root | | |
| CVE-2025-53885 | Directus doesn't redact sensitive user data when logging via event hooks | S | |
| CVE-2025-53886 | Directus doesn't redact tokens in Flow logs | S | |
| CVE-2025-53887 | Directus's exact version number is exposed by the OpenAPI Spec | S | |
| CVE-2025-53888 | RIOT-OS has an ineffective size check that can lead to buffer overflow in link layer address filter /sys/net/link_layer/l2filter/l2filter.c | | |
| CVE-2025-53889 | Directus missing permission checks for manual trigger Flows | S | |
| CVE-2025-53890 | pyLoad vulnerable to remote code execution through js2py onCaptchaResult | E | |
| CVE-2025-53891 | TIME LINE has Improper File Validation in Upload Section | | |
| CVE-2025-53892 | Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror | E | |
| CVE-2025-53893 | File Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File Processing | E | |
| CVE-2025-53895 | ZITADEL has broken authN and authZ in session API and resulting session tokens | | |
| CVE-2025-53901 | Wasmtime has host panic with `fd_renumber` WASIp1 function | | |
| CVE-2025-53902 | Tuleap exposes artifacts to a mentioned user via email notifications | E S | |
| CVE-2025-53903 | The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability | E | |
| CVE-2025-53904 | The Scratch Channel Has Potential Reflected Cross-Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53905 | Vim has path traversial issue with tar.vim and special crafted tar files | E S | |
| CVE-2025-53906 | Vim has path traversal issue with zip.vim and special crafted zip archives | E S | |
| CVE-2025-53908 | RomM vulnerable to Authenticated Path Traversal | E | |
| CVE-2025-53909 | mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template | | |
| CVE-2025-53910 | Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin | S | |
| CVE-2025-53923 | Emlog vulnerable to reflected Cross-site Scripting in admin panel | E | |
| CVE-2025-53924 | Emlog vulnerable to stored Cross-site Scripting in links functionality | E | |
| CVE-2025-53925 | Emlog has Stored Cross-site Scripting vulnerability in file upload functionality | E | |
| CVE-2025-53926 | Emlog has Stored Cross-site Scripting vulnerability due to error | E | |
| CVE-2025-53927 | MaxKB sandbox bypass | E | |
| CVE-2025-53928 | MaxKB has RCE in MCP call | E | |
| CVE-2025-53929 | WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint `adicionar_cor.php` parameter `cor` | E | |
| CVE-2025-53930 | WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint 'adicionar_especie.php' parameter 'especie' | E | |
| CVE-2025-53931 | WeGIA vulnerable to Stored Cross-Site Scripting via endpoint `adicionar_raca.php` parameter `raca` | E | |
| CVE-2025-53932 | WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint 'cadastro_adotante.php' parameter 'cpf' | E | |
| CVE-2025-53933 | WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'adicionar_enfermidade.php' parameter 'nome' | E | |
| CVE-2025-53934 | WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'control.php' parameter 'descricao_emergencia' | E | |
| CVE-2025-53935 | WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `id` | E | |
| CVE-2025-53936 | WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `nome_car` | E | |
| CVE-2025-53937 | WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint | E | |
| CVE-2025-53938 | WeGIA vulnerable to Authentication Bypass due to Missing Session Validation in multiple endpoints | E | |
| CVE-2025-53940 | Quiet uses insecure, inconsistent verification on local backend token | | |
| CVE-2025-53941 | Hollo renders posts received with form elements and allows submission | E | |
| CVE-2025-53942 | authentik has an insufficient check for account active status during OAuth/SAML authentication | S | |
| CVE-2025-53943 | VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution | | |
| CVE-2025-53944 | AutoGPT Platform Exposes Graph Execution Results via Authorization Gap | E S | |
| CVE-2025-53945 | apko has incorrect permission (0666) in /etc/ld.so.cache and other files | | |
| CVE-2025-53946 | WeGIA vulnerable to SQL Injection in endpoint profile_paciente.php parameter id_fichamedica | E | |
| CVE-2025-53948 | Santesoft Sante PACS Server Double Free | S | |
| CVE-2025-53952 | Rejected reason: Not used... | R | |
| CVE-2025-53953 | Rejected reason: Not used... | R | |
| CVE-2025-53954 | Rejected reason: Not used... | R | |
| CVE-2025-53955 | Rejected reason: Not used... | R | |
| CVE-2025-53956 | Rejected reason: Not used... | R | |
| CVE-2025-53957 | Rejected reason: Not used... | R | |
| CVE-2025-53958 | Rejected reason: Not used... | R | |
| CVE-2025-53959 | In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an admini... | | |
| CVE-2025-53964 | GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files w... | | |
| CVE-2025-53970 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated at... | | |
| CVE-2025-53971 | Channel and Team Membership APIs inadvertently allow loss of Member privileges. | S | |
| CVE-2025-53982 | WordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53983 | WordPress JetElements For Elementor <= 2.7.7 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53984 | WordPress JetTabs plugin <= 2.2.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53985 | WordPress JetTabs <= 2.2.9 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53986 | WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability | S | |
| CVE-2025-53987 | WordPress JetMenu <= 2.4.11.1 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53988 | WordPress JetBlocks For Elementor <= 1.3.18 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53989 | WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53990 | WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53991 | WordPress JetTricks plugin <= 1.5.4.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53992 | WordPress JetTricks <= 1.5.4.1 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53993 | WordPress JetPopup <= 2.0.15 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-53994 | WordPress JetPopup plugin <= 2.0.15 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53995 | WordPress JetPopup plugin <= 2.0.15.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53996 | WordPress JetSearch plugin <= 3.5.10.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53997 | WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-53998 | WordPress JetWooBuilder <= 2.1.20 - Sensitive Data Exposure Vulnerability | S |