| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-54006 | WordPress Bold Page Builder plugin <= 5.4.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54007 | WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54008 | WordPress JetSmartFilters <= 3.6.7 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-54009 | WordPress JetSmartFilters plugin <= 3.6.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54010 | WordPress FluentSnippets plugin <= 10.50 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54011 | WordPress SMTP2GO plugin <= 1.12.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-54012 | WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54013 | WordPress Welcart e-Commerce plugin <= 2.11.16 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54014 | WordPress MediCenter - Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54015 | WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54016 | WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54017 | WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54018 | WordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-54019 | WordPress Alone < 7.8.5 - Arbitrary Code Execution Vulnerability | S | |
| CVE-2025-54020 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54021 | WordPress Simple File List <= 6.1.14 - Arbitrary File Download Vulnerability | S | |
| CVE-2025-54022 | WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54023 | WordPress WP Delicious plugin <= 1.8.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54024 | WordPress WPAdverts plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54025 | WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability | S | |
| CVE-2025-54026 | WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability | S | |
| CVE-2025-54027 | WordPress Support Board <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54028 | WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54029 | WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-54030 | WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54031 | WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54032 | WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54033 | WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54034 | WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54035 | WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54036 | WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54037 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-54038 | WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54039 | WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54040 | WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability | S | |
| CVE-2025-54041 | WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54042 | WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54043 | WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability | S | |
| CVE-2025-54044 | WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54046 | WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54047 | WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-54048 | WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability | S | |
| CVE-2025-54049 | WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability | S | |
| CVE-2025-54050 | WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54051 | WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54052 | WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54053 | WordPress Groundhogg <= 4.2.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54054 | WordPress 12 Step Meeting List Plugin <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54055 | WordPress Druco <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54056 | WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54058 | WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint | E | |
| CVE-2025-54059 | melange creates SBOM files in APKs with world-writable permissions | | |
| CVE-2025-54060 | WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint | E | |
| CVE-2025-54061 | WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint | E | |
| CVE-2025-54062 | WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint | E | |
| CVE-2025-54063 | Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling | | |
| CVE-2025-54064 | rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles | | |
| CVE-2025-54066 | DiracX-Web login page has Open Redirect vulnerability | | |
| CVE-2025-54068 | Livewire vulnerable to remote command execution during property update hydration | S | |
| CVE-2025-54070 | OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers | | |
| CVE-2025-54071 | RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution | | |
| CVE-2025-54072 | yt-dlp allows `--exec` command injection when using placeholder on Windows | | |
| CVE-2025-54073 | mcp-package-docs vulnerable to command injection in several tools | E | |
| CVE-2025-54074 | Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server | | |
| CVE-2025-54075 | mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4) | E | |
| CVE-2025-54076 | WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'pre_cadastro_atendido.php' parameter 'msg_e' | E | |
| CVE-2025-54077 | WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao.php' parameter 'err' | E | |
| CVE-2025-54078 | WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao_imagem.php' parameter 'err' | E | |
| CVE-2025-54079 | WeGIA vulnerable to SQL Injection (Blind Time-Based) in endpoint 'Profile_Atendido.php' parameter 'idatendido' | E | |
| CVE-2025-54080 | Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file | | |
| CVE-2025-54082 | nova-tiptap has an Unauthenticated Arbitrary File Upload Vulnerability | | |
| CVE-2025-54085 | Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 | | |
| CVE-2025-54090 | Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 | S | |
| CVE-2025-54117 | NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor | E S | |
| CVE-2025-54118 | NamelessMC allows sensitive information disclosure in member list component | E S | |
| CVE-2025-54119 | ADOdb's sqlite3 driver allows SQL injection | | |
| CVE-2025-54120 | PCL Community Edition exposes login credentials in logs | | |
| CVE-2025-54121 | Starlette has possible denial-of-service vector when parsing large files in multipart forms | | |
| CVE-2025-54122 | Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint | | |
| CVE-2025-54124 | XWiki Platform: Any user with editing rights can access password properties through Database List Properties | E | |
| CVE-2025-54125 | XWiki Platform: Password and email exposure in xml.vm fields | E | |
| CVE-2025-54126 | WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified | | |
| CVE-2025-54127 | HAXcms's Insecure Default Configuration Leads to Unauthenticated Access | | |
| CVE-2025-54128 | HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting | S | |
| CVE-2025-54129 | HAXiam allows for User Enumeration | E | |
| CVE-2025-54130 | Cursor Agent is vulnerable prompt injection via Editor Special Files | | |
| CVE-2025-54131 | Cursor bypasses its allow list to execute arbitrary commands | | |
| CVE-2025-54132 | Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch | | |
| CVE-2025-54133 | Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog | | |
| CVE-2025-54134 | HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service | S | |
| CVE-2025-54135 | Cursor Agent is vulnerable to prompt injection via MCP Special Files | M | |
| CVE-2025-54136 | Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals | | |
| CVE-2025-54137 | NodeJS version of the HAX CMS application is distributed with Default Secrets | S | |
| CVE-2025-54138 | LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE | E S | |
| CVE-2025-54139 | HAX CMS' application pages are vulnerable to clickjacking | E S | |
| CVE-2025-54140 | pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write | | |
| CVE-2025-54141 | ViewVC's standalone server exposes arbitrary server filesystem content | E S | |
| CVE-2025-54142 | Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an enti... | | |
| CVE-2025-54143 | Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expecte... | | |
| CVE-2025-54144 | The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attac... | | |
| CVE-2025-54145 | The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a mal... | | |
| CVE-2025-54156 | Santesoft Sante PACS Server Cleartext Transmission of Sensitive Information | S | |
| CVE-2025-54172 | Stored Cross-Site Scripting in QuickCMS | | |
| CVE-2025-54174 | Cross-Site Request Forgery in QuickCMS | | |
| CVE-2025-54175 | Reflected Cross-Site Scripting in QuickCMS.EXT | | |
| CVE-2025-54186 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54187 | Substance3D - Painter | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54188 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54189 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54190 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54191 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54192 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54193 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54194 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54195 | Substance3D - Painter | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54197 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54198 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54199 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54200 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54201 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54202 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54203 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54204 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54205 | Substance3D - Sampler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54206 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54207 | InDesign Desktop | Access of Uninitialized Pointer (CWE-824) | | |
| CVE-2025-54208 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54209 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-54210 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54211 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-54212 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-54213 | InDesign Desktop | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54214 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54215 | InCopy | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54216 | InCopy | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54217 | InCopy | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-54218 | InCopy | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54219 | InCopy | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-54220 | InCopy | Heap-based Buffer Overflow (CWE-122) | | |
| CVE-2025-54221 | InCopy | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54222 | Substance3D - Stager | Out-of-bounds Write (CWE-787) | | |
| CVE-2025-54223 | InCopy | Use After Free (CWE-416) | | |
| CVE-2025-54224 | InDesign Desktop | Use After Free (CWE-416) | | |
| CVE-2025-54225 | InDesign Desktop | Use After Free (CWE-416) | | |
| CVE-2025-54226 | InDesign Desktop | Use After Free (CWE-416) | | |
| CVE-2025-54227 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54228 | InDesign Desktop | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54229 | Adobe Framemaker | Use After Free (CWE-416) | | |
| CVE-2025-54230 | Adobe Framemaker | Use After Free (CWE-416) | | |
| CVE-2025-54231 | Adobe Framemaker | Use After Free (CWE-416) | | |
| CVE-2025-54232 | Adobe Framemaker | Use After Free (CWE-416) | | |
| CVE-2025-54233 | Adobe Framemaker | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54234 | ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918) | | |
| CVE-2025-54235 | Substance3D - Modeler | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54238 | Dimension | Out-of-bounds Read (CWE-125) | | |
| CVE-2025-54253 | Adobe Experience Manager | Misconfiguration (CWE-16) | E | |
| CVE-2025-54254 | Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) | | |
| CVE-2025-54294 | Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla | | |
| CVE-2025-54295 | Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla | | |
| CVE-2025-54296 | Extension - mooj.org - Stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla | | |
| CVE-2025-54297 | Extension - compojoom.com - Stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla | | |
| CVE-2025-54298 | Extension - firecoders.com - Stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla | | |
| CVE-2025-54299 | Extension - nobossextensions.com - Stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla | | |
| CVE-2025-54300 | Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla | | |
| CVE-2025-54301 | Extension - norrnext.com - Stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla | | |
| CVE-2025-54309 | CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandle... | KEV | |
| CVE-2025-54310 | qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. T... | | |
| CVE-2025-54313 | eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply ch... | | |
| CVE-2025-54314 | Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed b... | | |
| CVE-2025-54316 | An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom... | | |
| CVE-2025-54317 | An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a... | | |
| CVE-2025-54319 | An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gai... | | |
| CVE-2025-54336 | In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct passwor... | | |
| CVE-2025-54349 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflo... | S | |
| CVE-2025-54350 | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon ... | S | |
| CVE-2025-54351 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in re... | S | |
| CVE-2025-54352 | WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via p... | | |
| CVE-2025-54354 | Rejected reason: Not used... | R | |
| CVE-2025-54355 | Rejected reason: Not used... | R | |
| CVE-2025-54356 | Rejected reason: Not used... | R | |
| CVE-2025-54357 | Rejected reason: Not used... | R | |
| CVE-2025-54358 | Rejected reason: Not used... | R | |
| CVE-2025-54359 | Rejected reason: Not used... | R | |
| CVE-2025-54360 | Rejected reason: Not used... | R | |
| CVE-2025-54361 | Rejected reason: Not used... | R | |
| CVE-2025-54362 | Rejected reason: Not used... | R | |
| CVE-2025-54363 | Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspectio... | | |
| CVE-2025-54364 | Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspectio... | | |
| CVE-2025-54365 | fastapi-guard patch contains bypassable RegEx | E | |
| CVE-2025-54366 | FreeScout's deserialization of untrusted data leads to Remote Code Execution | | |
| CVE-2025-54368 | uv is vulnerable to ZIP payload obfuscation through parsing differentials | | |
| CVE-2025-54369 | Rejected reason: Reason: This candidate was issued in error.... | R | |
| CVE-2025-54370 | PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser | | |
| CVE-2025-54371 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2025-54377 | Roo Code Lacks Line Break Validation in its Command Execution Tool | E | |
| CVE-2025-54378 | HAX CMS Backend Lacks Comprehensive Authorization Checks | E S | |
| CVE-2025-54379 | eKuiper API endpoints handling SQL queries with user-controlled table names. | E | |
| CVE-2025-54380 | Opencast still publishes global system account credentials | S | |
| CVE-2025-54381 | BentoML is Vulnerable to an SSRF Attack Through File Upload Processing | E S | |
| CVE-2025-54382 | Cherry Studio RCE Vulnerability Disclosure | | |
| CVE-2025-54385 | XWiki Platform's searchDocuments API allows for SQL injection | | |
| CVE-2025-54386 | Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution | | |
| CVE-2025-54387 | IPX is Vulnerable to Path Traversal via Prefix Matching Bypass | E | |
| CVE-2025-54388 | Moby's Firewalld reload makes published container ports accessible from remote hosts | | |
| CVE-2025-54389 | AIDE improper output neutralization vulnerability | E S | |
| CVE-2025-54392 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for au... | | |
| CVE-2025-54393 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Cod... | | |
| CVE-2025-54394 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficientl... | | |
| CVE-2025-54395 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for au... | | |
| CVE-2025-54396 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Inject... | | |
| CVE-2025-54397 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive... | | |
| CVE-2025-54409 | AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS) | E S | |
| CVE-2025-54410 | Moby's Firewalld reload removes bridge network isolation | | |
| CVE-2025-54411 | Discourse welcome banner user name XSS | | |
| CVE-2025-54412 | skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution | | |
| CVE-2025-54413 | skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time | | |
| CVE-2025-54414 | Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons | | |
| CVE-2025-54415 | dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration | | |
| CVE-2025-54416 | tj-actions/branch-names Contains Command Injection Vulnerability | E | |
| CVE-2025-54417 | Craft contains a theoretical bypass for CVE-2025-23209 | | |
| CVE-2025-54418 | CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability | S | |
| CVE-2025-54419 | Node-SAML Contains SAML Signature Verification Vulnerability | | |
| CVE-2025-54420 | Rejected reason: This CVE is a duplicate of CVE-2025-8129.... | R | |
| CVE-2025-54421 | NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component | E S | |
| CVE-2025-54422 | Sandboxie exposes encrypted sandbox key during password change | E S | |
| CVE-2025-54423 | copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata | | |
| CVE-2025-54424 | 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution | E S | |
| CVE-2025-54425 | Umbraco's Delivery API allows for cached requests to be returned with an invalid API key | | |
| CVE-2025-54426 | Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points | | |
| CVE-2025-54427 | Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price | | |
| CVE-2025-54428 | RevelaCode exposes Sensitive MongoDB Atlas URI in .env (potential credential leak) | | |
| CVE-2025-54429 | Polkadot Frontier's constructing smart contract can bypass precompile address bounding | | |
| CVE-2025-54430 | dedupe is vulnerable to secret exfiltration via `issue_comment` | | |
| CVE-2025-54432 | Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.... | R | |
| CVE-2025-54433 | Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion | | |
| CVE-2025-54438 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams... | | |
| CVE-2025-54439 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | | |
| CVE-2025-54440 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | S | |
| CVE-2025-54441 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | S | |
| CVE-2025-54442 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | S | |
| CVE-2025-54443 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams... | S | |
| CVE-2025-54444 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | S | |
| CVE-2025-54445 | Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO... | | |
| CVE-2025-54446 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams... | | |
| CVE-2025-54447 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | | |
| CVE-2025-54448 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | | |
| CVE-2025-54449 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Ser... | | |
| CVE-2025-54450 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams... | | |
| CVE-2025-54451 | Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics Magic... | | |
| CVE-2025-54452 | Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authenticatio... | | |
| CVE-2025-54453 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sams... | S | |
| CVE-2025-54454 | Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authent... | | |
| CVE-2025-54455 | Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authent... | | |
| CVE-2025-54458 | Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin | S | |
| CVE-2025-54460 | AVEVA PI Integrator Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2025-54462 | A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Pro... | | |
| CVE-2025-54463 | Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin | S | |
| CVE-2025-54464 | Cleartext Storage Vulnerability in ZKTeco WL20 | S | |
| CVE-2025-54465 | Hard-coded Credentials Vulnerability in ZKTeco WL20 | S | |
| CVE-2025-54466 | Apache OFBiz: RCE Vulnerability in scrum plugin | S | |
| CVE-2025-54472 | Apache bRPC: Redis Parser Remote Denial of Service | S | |
| CVE-2025-54473 | Extension - phoca.cz - Authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla | | |
| CVE-2025-54474 | Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla | | |
| CVE-2025-54475 | Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla | | |
| CVE-2025-54478 | Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin | S | |
| CVE-2025-54480 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54481 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54482 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54483 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54484 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54485 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54486 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54487 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54488 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54489 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54490 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54491 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54492 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54493 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54494 | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig P... | | |
| CVE-2025-54500 | HTTP/2 Vulnerability | | |
| CVE-2025-54525 | Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin | S | |
| CVE-2025-54527 | In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper ifra... | | |
| CVE-2025-54528 | In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow... | | |
| CVE-2025-54529 | In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration... | | |
| CVE-2025-54530 | In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory pe... | | |
| CVE-2025-54531 | In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... | | |
| CVE-2025-54532 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings vi... | | |
| CVE-2025-54533 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings vi... | | |
| CVE-2025-54534 | In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page... | | |
| CVE-2025-54535 | In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak ha... | | |
| CVE-2025-54536 | In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint... | | |
| CVE-2025-54537 | In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots... | | |
| CVE-2025-54538 | In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull... | | |
| CVE-2025-54540 | Reflected XSS in QuickCMS | | |
| CVE-2025-54541 | Cross-Site Request Forgery in QuickCMS | | |
| CVE-2025-54542 | Sending Password in GET Request | | |
| CVE-2025-54543 | Stored XSS in QuickCMS | | |
| CVE-2025-54544 | Stored XSS in QuickCMS | | |
| CVE-2025-54551 | Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability thro... | | |
| CVE-2025-54554 | tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that rev... | | |
| CVE-2025-54558 | OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --host... | | |
| CVE-2025-54564 | uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decomp... | | |
| CVE-2025-54566 | hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to C... | | |
| CVE-2025-54567 | hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue ... | | |
| CVE-2025-54568 | Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresho... | | |
| CVE-2025-54569 | In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to lo... | | |
| CVE-2025-54571 | ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure | E | |
| CVE-2025-54572 | Ruby SAML DOS vulnerability with large SAML response | | |
| CVE-2025-54573 | CVAT vulnerable to email verification bypass by use of basic authentication | | |
| CVE-2025-54574 | Squid's URN Handling can lead to Buffer Overflow | S | |
| CVE-2025-54575 | ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks | | |
| CVE-2025-54576 | OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion | | |
| CVE-2025-54581 | vproxy is vulnerable to a divide by zero DoS attack | | |
| CVE-2025-54582 | Rejected reason: Reason: This candidate was issued in error. Valid Netty requests are issued via htt... | R | |
| CVE-2025-54583 | GitProxy bypasses approvals when pushing multiple branches | E S | |
| CVE-2025-54584 | GitProxy is vulnerable to a packfile parsing exploit | E S | |
| CVE-2025-54585 | GitProxy is vulnerable to a new branch approval exploit | E S | |
| CVE-2025-54586 | GitProxy is susceptible to a hidden commits injection attack | E S | |
| CVE-2025-54589 | copyparty Reflected XSS via Filter Parameter | | |
| CVE-2025-54590 | webfinger.js is vulnerable to Blind SSRF attacks through localhost | | |
| CVE-2025-54593 | FreshRSS is vulnerable to RCE attacks by authenticated admin | | |
| CVE-2025-54594 | react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration | | |
| CVE-2025-54595 | Pearcleaner's unauthenticated access to privileged XPC helper allows root command execution | | |
| CVE-2025-54596 | Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges... | | |
| CVE-2025-54597 | LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.... | S | |
| CVE-2025-54598 | The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allo... | | |
| CVE-2025-54606 | Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this... | | |
| CVE-2025-54607 | Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of thi... | | |
| CVE-2025-54608 | Vulnerability that allows setting screen rotation direction without permission verification in the s... | | |
| CVE-2025-54609 | Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of thi... | | |
| CVE-2025-54610 | Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of thi... | | |
| CVE-2025-54611 | EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of... | | |
| CVE-2025-54612 | Iterator failure vulnerability in the card management module. Impact: Successful exploitation of thi... | | |
| CVE-2025-54613 | Iterator failure vulnerability in the card management module. Impact: Successful exploitation of thi... | | |
| CVE-2025-54614 | Input verification vulnerability in the home screen module. Impact: Successful exploitation of this ... | | |
| CVE-2025-54615 | Vulnerability of insufficient information protection in the media library module. Impact: Successful... | | |
| CVE-2025-54616 | Out-of-bounds array access vulnerability in the ArkUI framework. Impact: Successful exploitation of ... | | |
| CVE-2025-54617 | Stack-based buffer overflow vulnerability in the dms_fwk module. Impact: Successful exploitation of ... | | |
| CVE-2025-54618 | Permission control vulnerability in the distributed clipboard module. Impact: Successful exploitatio... | | |
| CVE-2025-54619 | Iterator failure issue in the multi-mode input module. Impact: Successful exploitation of this vulne... | | |
| CVE-2025-54620 | Deserialization vulnerability of untrusted data in the ability module. Impact: Successful exploitati... | | |
| CVE-2025-54621 | Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerabilit... | | |
| CVE-2025-54622 | Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploita... | | |
| CVE-2025-54623 | Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of thi... | | |
| CVE-2025-54624 | Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitat... | | |
| CVE-2025-54625 | Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of th... | | |
| CVE-2025-54626 | Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulne... | | |
| CVE-2025-54627 | Out-of-bounds write vulnerability in the skia module. Impact: Successful exploitation of this vulner... | | |
| CVE-2025-54628 | Vulnerability of incomplete verification information in the communication module. Impact: Successful... | | |
| CVE-2025-54629 | Race condition issue occurring in the physical page import process of the memory management module. ... | | |
| CVE-2025-54630 | :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploi... | | |
| CVE-2025-54631 | Vulnerability of insufficient data length verification in the partition module. Impact: Successful e... | | |
| CVE-2025-54632 | Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploit... | | |
| CVE-2025-54633 | Out-of-bounds read vulnerability in the register configuration of the DMA module. Impact: Successful... | | |
| CVE-2025-54634 | Vulnerability of improper processing of abnormal conditions in huge page separation. Impact: Success... | | |
| CVE-2025-54635 | Vulnerability of returning released pointers in the distributed notification service. Impact: Succes... | | |
| CVE-2025-54636 | Issue of buffer overflow caused by insufficient data verification in the kernel drop detection modul... | | |
| CVE-2025-54637 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light m... | | |
| CVE-2025-54638 | Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of ... | | |
| CVE-2025-54639 | ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this v... | | |
| CVE-2025-54640 | ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this v... | | |
| CVE-2025-54641 | Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module.... | | |
| CVE-2025-54642 | Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Im... | | |
| CVE-2025-54643 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light m... | | |
| CVE-2025-54644 | Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light m... | | |
| CVE-2025-54645 | Out-of-bounds array access issue due to insufficient data verification in the location service modul... | | |
| CVE-2025-54646 | Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation o... | | |
| CVE-2025-54647 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successf... | | |
| CVE-2025-54648 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successf... | | |
| CVE-2025-54649 | Vulnerability of using incompatible types to access resources in the location service. Impact: Succe... | | |
| CVE-2025-54650 | Improper array index verification vulnerability in the audio codec module. Impact: Successful exploi... | | |
| CVE-2025-54651 | Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vuln... | | |
| CVE-2025-54652 | Path traversal vulnerability in the virtualization base module. Successful exploitation of this vuln... | | |
| CVE-2025-54653 | Path traversal vulnerability in the virtualization file module. Successful exploitation of this vuln... | | |
| CVE-2025-54655 | Race condition vulnerability in the virtualization base module. Successful exploitation of this vuln... | | |
| CVE-2025-54656 | Apache Struts Extras: Improper Output Neutralization for Logs | | |
| CVE-2025-54657 | Rejected reason: Not used... | R | |
| CVE-2025-54661 | Rejected reason: Not used... | R | |
| CVE-2025-54662 | Rejected reason: Not used... | R | |
| CVE-2025-54663 | Rejected reason: Not used... | R | |
| CVE-2025-54664 | Rejected reason: Not used... | R | |
| CVE-2025-54665 | Rejected reason: Not used... | R | |
| CVE-2025-54666 | Rejected reason: Not used... | R | |
| CVE-2025-54667 | WordPress myCred Plugin plugin <= 2.9.4.3 - Race Condition Vulnerability | S | |
| CVE-2025-54668 | WordPress myCred Plugin plugin <= 2.9.4.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54669 | WordPress MapSVG Plugin < 8.7.4 - SQL Injection Vulnerability | S | |
| CVE-2025-54670 | WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54671 | WordPress oik Plugin plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54672 | WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54673 | WordPress Chartify Plugin plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54674 | WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54675 | WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54676 | WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54677 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-54678 | WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability | S | |
| CVE-2025-54679 | WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability | S | |
| CVE-2025-54680 | WordPress Blogger Buzz Theme theme <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54681 | WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Open Redirection Vulnerability | S | |
| CVE-2025-54682 | WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54683 | WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54684 | WordPress Integration for Contact Form 7 and Constant Contact Plugin plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54685 | WordPress SureDash Plugin <= 1.1.0 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-54686 | WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54687 | WordPress JetTabs Plugin plugin <= 2.2.9.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54688 | WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54689 | WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54690 | WordPress Xinterio Theme <= 4.2 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54691 | WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability | S | |
| CVE-2025-54692 | WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability | S | |
| CVE-2025-54693 | WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-54694 | WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54695 | WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability | S | |
| CVE-2025-54696 | WordPress WPFunnels Plugin plugin <= 3.5.26 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54697 | WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability | S | |
| CVE-2025-54698 | WordPress Classified Listing Plugin plugin <= 5.0.0 - Content Injection Vulnerability | S | |
| CVE-2025-54699 | WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54700 | WordPress Makeaholic Theme <= 1.8.4 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54701 | WordPress Unicamp Theme <= 2.6.3 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54702 | WordPress Ebook Store Plugin plugin <= 5.8013 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54703 | WordPress Integrate Google Drive Plugin plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54704 | WordPress Easy Elementor Addons Plugin plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54705 | WordPress WpEvently Plugin plugin <= 4.4.6 - Broken Access Control Vulnerability | S | |
| CVE-2025-54706 | WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54707 | WordPress MDTF Plugin <= 1.3.3.7 - SQL Injection Vulnerability | S | |
| CVE-2025-54708 | WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54710 | WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability | S | |
| CVE-2025-54712 | WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability | S | |
| CVE-2025-54713 | WordPress Taxi Booking Manager for WooCommerce Plugin <= 1.3.0 - Broken Authentication Vulnerability | S | |
| CVE-2025-54714 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability | S | |
| CVE-2025-54715 | WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download Vulnerability | S | |
| CVE-2025-54716 | WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54717 | WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability | S | |
| CVE-2025-54720 | WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability | S | |
| CVE-2025-54724 | WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54725 | WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability | S | |
| CVE-2025-54726 | WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability | S | |
| CVE-2025-54727 | WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54728 | WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54729 | WordPress Webba Booking Plugin <= 6.0.5 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54730 | WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-54731 | WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54732 | WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-54733 | WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability | S | |
| CVE-2025-54734 | WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability | S | |
| CVE-2025-54735 | WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability | S | |
| CVE-2025-54736 | WordPress Savoy Theme <= 3.0.8 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-54738 | WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability | S | |
| CVE-2025-54739 | WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-54740 | WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54742 | WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54746 | WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54747 | WordPress Templatera Plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54749 | WordPress JetProductGallery Plugin <= 2.2.0.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54750 | WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54752 | Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product us... | | |
| CVE-2025-54757 | Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrat... | | |
| CVE-2025-54759 | Santesoft Sante PACS Server Cross-site Scripting | S | |
| CVE-2025-54762 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated at... | | |
| CVE-2025-54765 | KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator | | |
| CVE-2025-54766 | KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information | | |
| CVE-2025-54767 | KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service | | |
| CVE-2025-54768 | KL-001-2025-015: Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information | | |
| CVE-2025-54769 | KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal | | |
| CVE-2025-54777 | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is import... | | |
| CVE-2025-54780 | glpi-screenshot-plugin exposes local files in /ajax/screenshot.php | | |
| CVE-2025-54781 | Himmelblau leaks an Intune service access token in its logs | | |
| CVE-2025-54782 | @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers | E | |
| CVE-2025-54783 | SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header | | |
| CVE-2025-54784 | SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer | | |
| CVE-2025-54785 | SuiteCRM is Vulnerable to PHP Object Injection in Reports | | |
| CVE-2025-54786 | SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data | | |
| CVE-2025-54787 | SuiteCRM: Improper Authorization for attachment downloads | | |
| CVE-2025-54788 | SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module | | |
| CVE-2025-54789 | Files is Vulnerable to Reflected Self-XSS through its File Move Functionality | | |
| CVE-2025-54790 | Files: Potential for SQL Injection through File Browse and List Operations | | |
| CVE-2025-54791 | OMERO.web displays unecessary user information when requesting to reset the password | | |
| CVE-2025-54792 | LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception | E | |
| CVE-2025-54793 | Astro: Duplicate trailing slash feature can lead to Open Redirects | | |
| CVE-2025-54794 | Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access | | |
| CVE-2025-54795 | Claude Code echo command allowed bypass of user approval prompt for command execution | | |
| CVE-2025-54796 | Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page | E | |
| CVE-2025-54797 | Rejected reason: This CVE is a duplicate of CVE-2025-52464.... | R | |
| CVE-2025-54798 | tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter | E | |
| CVE-2025-54799 | Lego does not enforce HTTPS | | |
| CVE-2025-54800 | Hydra persistent XSS in build metrics | | |
| CVE-2025-54801 | Fiber Susceptible to Crash via `BodyParser` Due to Unvalidated Large Slice Index in Decoder | E | |
| CVE-2025-54802 | pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE) | E | |
| CVE-2025-54803 | js-toml is vulnerable to Prototype Pollution | E | |
| CVE-2025-54804 | Russh is missing an overflow check during channel windows adjust | E S | |
| CVE-2025-54809 | F5 Access for Android vulnerability | | |
| CVE-2025-54812 | Apache Log4cxx: Improper HTML escaping in HTMLLayout | S | |
| CVE-2025-54813 | Apache Log4cxx: Improper escaping with JSONLayout | S | |
| CVE-2025-54819 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 V... | | |
| CVE-2025-54823 | Rejected reason: Not used... | R | |
| CVE-2025-54824 | Rejected reason: Not used... | R | |
| CVE-2025-54825 | Rejected reason: Not used... | R | |
| CVE-2025-54826 | Rejected reason: Not used... | R | |
| CVE-2025-54827 | Rejected reason: Not used... | R | |
| CVE-2025-54828 | Rejected reason: Not used... | R | |
| CVE-2025-54829 | Rejected reason: Not used... | R | |
| CVE-2025-54832 | OPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification | | |
| CVE-2025-54833 | OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass | | |
| CVE-2025-54834 | OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration | | |
| CVE-2025-54839 | Rejected reason: Not used... | R | |
| CVE-2025-54840 | Rejected reason: Not used... | R | |
| CVE-2025-54841 | Rejected reason: Not used... | R | |
| CVE-2025-54842 | Rejected reason: Not used... | R | |
| CVE-2025-54843 | Rejected reason: Not used... | R | |
| CVE-2025-54844 | Rejected reason: Not used... | R | |
| CVE-2025-54845 | Rejected reason: Not used... | R | |
| CVE-2025-54846 | Rejected reason: Not used... | R | |
| CVE-2025-54847 | Rejected reason: Not used... | R | |
| CVE-2025-54862 | Santesoft Sante PACS Server Cross-site Scripting | S | |
| CVE-2025-54864 | Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins | | |
| CVE-2025-54865 | Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection | E | |
| CVE-2025-54867 | Youki Symlink Following Vulnerability | | |
| CVE-2025-54868 | LibreChat exposes arbitrary chats through Meilisearch engine | E S | |
| CVE-2025-54869 | FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser | | |
| CVE-2025-54870 | VTun-ng's failure to initialize encryption modules may cause reversion to plaintext | | |
| CVE-2025-54871 | Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS) | E | |
| CVE-2025-54872 | onion-site-template tor Secrets Baked Into Image | | |
| CVE-2025-54873 | RISC Zero Underconstrained Vulnerability: Division | | |
| CVE-2025-54874 | OpenJPEG allows OOB heap memory write in opj_jp2_read_header | | |
| CVE-2025-54876 | Jans CLI stores plaintext passwords in the local cli_cmd.log file | | |
| CVE-2025-54877 | Tuleap's special and always there fields permissions are not verified in cross-tracker search | | |
| CVE-2025-54878 | Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup` | E S | |
| CVE-2025-54879 | Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails | E S | |
| CVE-2025-54880 | Mermaid does not properly sanitize architecture diagram iconText leading to XSS | E | |
| CVE-2025-54881 | Mermaid improperly sanitizes of sequence diagram labels leading to XSS | | |
| CVE-2025-54882 | Himmelblau's Kerberos credential cache collection is world readable | E | |
| CVE-2025-54883 | Vision UI's security-kit Contains Cryptographic Weakness | | |
| CVE-2025-54884 | Vision UI security-kit.js: Potential Uncontrolled Resource Allocation Vulnerability | | |
| CVE-2025-54885 | Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits | | |
| CVE-2025-54886 | skops: Card.get_model does not block arbitrary code execution | | |
| CVE-2025-54887 | jwe: Missing AES-GCM authentication tag validation in encrypted JWEs | | |
| CVE-2025-54888 | @fedify/fedify: Improper Authentication and Incorrect Authorization | | |
| CVE-2025-54923 | CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code executi... | | |
| CVE-2025-54924 | CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized acces... | | |
| CVE-2025-54925 | CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized acces... | | |
| CVE-2025-54926 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability... | | |
| CVE-2025-54927 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability... | | |
| CVE-2025-54939 | LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.... | E | |
| CVE-2025-54940 | An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. ... | | |
| CVE-2025-54948 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authentica... | KEV S | |
| CVE-2025-54949 | A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in c... | | |
| CVE-2025-54950 | An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to c... | | |
| CVE-2025-54951 | A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the... | | |
| CVE-2025-54952 | An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expecte... | | |
| CVE-2025-54955 | OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a crit... | E | |
| CVE-2025-54956 | The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Au... | | |
| CVE-2025-54958 | Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If thi... | | |
| CVE-2025-54959 | Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vu... | | |
| CVE-2025-54962 | /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload ar... | | |
| CVE-2025-54974 | Rejected reason: Not used... | R | |
| CVE-2025-54975 | Rejected reason: Not used... | R | |
| CVE-2025-54976 | Rejected reason: Not used... | R | |
| CVE-2025-54977 | Rejected reason: Not used... | R | |
| CVE-2025-54978 | Rejected reason: Not used... | R | |
| CVE-2025-54979 | Rejected reason: Not used... | R | |
| CVE-2025-54980 | Rejected reason: Not used... | R | |
| CVE-2025-54982 | SAML 2.0 Public Key Validation Issue | | |
| CVE-2025-54987 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authentica... | S | |
| CVE-2025-54988 | Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA | | |
| CVE-2025-54989 | Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability | S | |
| CVE-2025-54992 | OpenKilda XXE in SAML configuration | | |
| CVE-2025-54995 | Asterisk remotely exploitable leak of RTP UDP ports and internal resources | | |
| CVE-2025-54996 | OpenBao Root Namespace Operator May Elevate Token Privileges | | |
| CVE-2025-54997 | OpenBao: Privileged Operator May Execute Code on the Underlying Host | | |
| CVE-2025-54998 | OpenBao Userpass and LDAP User Lockout Bypass | S | |
| CVE-2025-54999 | OpenBao: Timing Side-Channel in Userpass Auth Method | S |