| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-55000 | OpenBao TOTP Secrets Engine Enables Code Reuse | S | |
| CVE-2025-55001 | OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias | S | |
| CVE-2025-55003 | OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse | S | |
| CVE-2025-55004 | ImageMagick: heap-buffer overflow read in MNG magnification with alpha | E | |
| CVE-2025-55005 | ImageMagick: heap-buffer overflow in log colorspace handling | E | |
| CVE-2025-55006 | Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature | | |
| CVE-2025-55008 | AuthKit React Router: Sensitive auth data rendered in HTML | | |
| CVE-2025-55009 | AuthKit: Sensitive auth data rendered in HTML | | |
| CVE-2025-55010 | Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events | E S | |
| CVE-2025-55011 | Kanboard Path Traversal in File Write via Task File Upload Api | E S | |
| CVE-2025-55012 | Zed AI Agent Remote Code Execution | | |
| CVE-2025-55013 | Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code | | |
| CVE-2025-55014 | The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and el... | | |
| CVE-2025-55019 | Rejected reason: Not used... | R | |
| CVE-2025-55020 | Rejected reason: Not used... | R | |
| CVE-2025-55021 | Rejected reason: Not used... | R | |
| CVE-2025-55022 | Rejected reason: Not used... | R | |
| CVE-2025-55023 | Rejected reason: Not used... | R | |
| CVE-2025-55024 | Rejected reason: Not used... | R | |
| CVE-2025-55025 | Rejected reason: Not used... | R | |
| CVE-2025-55026 | Rejected reason: Not used... | R | |
| CVE-2025-55027 | Rejected reason: Not used... | R | |
| CVE-2025-55028 | Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in so... | | |
| CVE-2025-55029 | Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial o... | | |
| CVE-2025-55030 | Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrec... | | |
| CVE-2025-55031 | Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passk... | | |
| CVE-2025-55032 | Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectl... | | |
| CVE-2025-55033 | Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts... | | |
| CVE-2025-55077 | Tyler Technologies ERP Pro 9 SaaS application escape | | |
| CVE-2025-55103 | BUG-000177333 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. | | |
| CVE-2025-55104 | BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability. | | |
| CVE-2025-55105 | BUG-000177336 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. | | |
| CVE-2025-55106 | BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability. | | |
| CVE-2025-55107 | BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. | | |
| CVE-2025-55133 | In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/p... | | |
| CVE-2025-55134 | In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/... | | |
| CVE-2025-55135 | In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server... | | |
| CVE-2025-55136 | ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a seriali... | | |
| CVE-2025-55137 | LinkJoin through 882f196 mishandles lacks type checking in password reset.... | | |
| CVE-2025-55138 | LinkJoin through 882f196 mishandles token ownership in password reset.... | | |
| CVE-2025-55149 | Path Traversal Vulnerability in PDF Review Function (CWE-22) | | |
| CVE-2025-55150 | Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf | S | |
| CVE-2025-55151 | Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf | S | |
| CVE-2025-55152 | oak: ReDoS in x-forwarded-proto and x-forwarded-for headers | | |
| CVE-2025-55153 | Rejected reason: This CVE is a duplicate of another CVE.... | R | |
| CVE-2025-55154 | ImageMagick: integer overflows in MNG magnification | | |
| CVE-2025-55156 | PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter | | |
| CVE-2025-55157 | Vim heap use-after-free vulnerability when processing recursive tuple data types | S | |
| CVE-2025-55158 | Vim double-free vulnerability during Vim9 script import operations | S | |
| CVE-2025-55159 | slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check | | |
| CVE-2025-55160 | ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree | E | |
| CVE-2025-55161 | Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf | E S | |
| CVE-2025-55163 | Netty MadeYouReset HTTP/2 DDoS Vulnerability | | |
| CVE-2025-55164 | content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE | | |
| CVE-2025-55165 | Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py` | E | |
| CVE-2025-55166 | svg-sanitizer By-Passing Attribute Sanitization | | |
| CVE-2025-55167 | WeGIA SQL Injection via id_fichamedica at endpoint `GET/html/funcionario/dependente_remover.php` | E S | |
| CVE-2025-55168 | WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php` | E M | |
| CVE-2025-55169 | WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' | E S | |
| CVE-2025-55170 | WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php` | E S | |
| CVE-2025-55171 | WeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php` | S | |
| CVE-2025-55175 | Reflected XSS in QuickCMS | | |
| CVE-2025-55177 | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.2... | | |
| CVE-2025-55188 | 7-Zip before 25.01 does not always properly handle symbolic links during extraction.... | | |
| CVE-2025-55192 | HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow | | |
| CVE-2025-55193 | Active Record logging vulnerable to ANSI escape injection | | |
| CVE-2025-55194 | Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload | E S | |
| CVE-2025-55195 | @std/toml Prototype Pollution in Node.js and Browser | E | |
| CVE-2025-55196 | External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access | | |
| CVE-2025-55197 | pypdf's Manipulated FlateDecode streams can exhaust RAM | S | |
| CVE-2025-55198 | Helm May Panic Due To Incorrect YAML Content | S | |
| CVE-2025-55199 | Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion | S | |
| CVE-2025-55201 | Copier safe template has arbitrary filesystem read/write access | | |
| CVE-2025-55202 | Opencast has a partial path traversal vulnerability in UI config | | |
| CVE-2025-55203 | Plane Stored XSS in Add Work Item Functionality | | |
| CVE-2025-55205 | Capsule tenant owners with "patch namespace" permission can hijack system namespaces label | | |
| CVE-2025-55207 | @astrojs/node's trailing slash handling causes open redirect issue | | |
| CVE-2025-55212 | ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash | E | |
| CVE-2025-55213 | OpenFGA Authorization Bypass (Check) | | |
| CVE-2025-55214 | Copier safe template has filesystem write access outside destination path | | |
| CVE-2025-55229 | Windows Certificate Spoofing Vulnerability | | |
| CVE-2025-55230 | Windows MBT Transport Driver Elevation of Privilege Vulnerability | | |
| CVE-2025-55231 | Windows Storage-based Management Service Remote Code Execution Vulnerability | | |
| CVE-2025-55279 | Hard-coded Private Key Vulnerability in ZKTeco WL20 | M | |
| CVE-2025-55280 | Information Disclosure Vulnerability in ZKTeco WL20 | M | |
| CVE-2025-55282 | aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration | S | |
| CVE-2025-55283 | aiven-db-migrate allows Privilege Escalation through use of psql during migration | S | |
| CVE-2025-55284 | Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code | | |
| CVE-2025-55285 | @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template` | | |
| CVE-2025-55286 | z2d OOB drawing with new multi-sample anti-aliasing could lead to invalid memory access and corruption | | |
| CVE-2025-55287 | Genealogy has a stored XSS vulnerability | | |
| CVE-2025-55288 | Genealogy has a Reflected XSS Vulnerability | | |
| CVE-2025-55291 | Shaarli allows reflected XSS via searchtags parameter | | |
| CVE-2025-55293 | Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB | | |
| CVE-2025-55294 | Command Injection via `format` option in screenshot-desktop | | |
| CVE-2025-55295 | qBit Manage Path Traversal Vulnerability | | |
| CVE-2025-55296 | LibreNMS allows stored XSS in Alert Template name field | | |
| CVE-2025-55297 | ESF-IDF BluFi Example Memory Overflow Vulnerability | | |
| CVE-2025-55298 | ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution | E | |
| CVE-2025-55299 | VaulTLS has a password-based login exploit in additional user accounts | | |
| CVE-2025-55300 | Komari Allows Cross-site WebSocket Hijacking | | |
| CVE-2025-55301 | The Scratch Channel Allows Username Modification | | |
| CVE-2025-55303 | Unauthorized third-party images in Astro’s _image endpoint | E | |
| CVE-2025-55304 | Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata | | |
| CVE-2025-55306 | GenX_FX authentication bypass in JWT validation | | |
| CVE-2025-55345 | Unsafe symlink following in restricted workspace-write sandbox leads to RCE | E S | |
| CVE-2025-55346 | Unintended dynamic code execution leads to remote code execution by network attackers | E | |
| CVE-2025-55366 | Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows atta... | | |
| CVE-2025-55367 | Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows ... | | |
| CVE-2025-55368 | Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unau... | | |
| CVE-2025-55370 | Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows ... | | |
| CVE-2025-55371 | Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows un... | | |
| CVE-2025-55383 | Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attack... | | |
| CVE-2025-55398 | An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER ... | | |
| CVE-2025-55409 | FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attac... | | |
| CVE-2025-55420 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When ... | | |
| CVE-2025-55422 | In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.... | | |
| CVE-2025-55443 | Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server ... | | |
| CVE-2025-55444 | A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online A... | | |
| CVE-2025-55454 | An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0... | | |
| CVE-2025-55455 | DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the c... | | |
| CVE-2025-55482 | Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.... | E | |
| CVE-2025-55483 | Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg vi... | E | |
| CVE-2025-55495 | Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in t... | | |
| CVE-2025-55498 | Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in t... | E | |
| CVE-2025-55499 | Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter... | E | |
| CVE-2025-55503 | Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the ... | E | |
| CVE-2025-55521 | An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers... | | |
| CVE-2025-55522 | Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allow... | | |
| CVE-2025-55523 | An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to ex... | | |
| CVE-2025-55524 | Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspec... | | |
| CVE-2025-55526 | n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download... | | |
| CVE-2025-55564 | Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBi... | | |
| CVE-2025-55573 | QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2025-55574 | Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbi... | | |
| CVE-2025-55575 | SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information... | | |
| CVE-2025-55579 | SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax Rate ... | | |
| CVE-2025-55580 | SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client's functiona... | | |
| CVE-2025-55581 | D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementat... | | |
| CVE-2025-55582 | D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog... | | |
| CVE-2025-55583 | D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command inject... | E | |
| CVE-2025-55584 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet ... | E | |
| CVE-2025-55585 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via ... | E | |
| CVE-2025-55586 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url paramet... | E | |
| CVE-2025-55587 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname pa... | E | |
| CVE-2025-55588 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip param... | E | |
| CVE-2025-55589 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulner... | E | |
| CVE-2025-55590 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability v... | E | |
| CVE-2025-55591 | TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in... | E | |
| CVE-2025-55599 | D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the param... | E | |
| CVE-2025-55602 | D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-u... | E | |
| CVE-2025-55603 | Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the nt... | E | |
| CVE-2025-55605 | Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via... | E | |
| CVE-2025-55606 | Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via t... | E | |
| CVE-2025-55611 | D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the ... | E | |
| CVE-2025-55613 | Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via ... | | |
| CVE-2025-55618 | In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the ... | | |
| CVE-2025-55619 | Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization v... | E | |
| CVE-2025-55620 | A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.... | E | |
| CVE-2025-55621 | An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauth... | E | |
| CVE-2025-55622 | Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropr... | E | |
| CVE-2025-55623 | An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authe... | E | |
| CVE-2025-55624 | An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to a... | E | |
| CVE-2025-55625 | An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a... | E | |
| CVE-2025-55626 | An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Do... | | |
| CVE-2025-55627 | Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - f... | | |
| CVE-2025-55629 | Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.... | | |
| CVE-2025-55630 | A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi... | | |
| CVE-2025-55631 | Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was disc... | | |
| CVE-2025-55634 | Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbe... | | |
| CVE-2025-55637 | Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was disc... | | |
| CVE-2025-55668 | Apache Tomcat: session fixation via rewrite valve | | |
| CVE-2025-55672 | Apache Superset: Stored XSS on charts metadata | | |
| CVE-2025-55673 | Apache Superset: Metadata exposure in embedded charts | | |
| CVE-2025-55674 | Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions | | |
| CVE-2025-55675 | Apache Superset: Incorrect datasource authorization on REST API | | |
| CVE-2025-55706 | URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerabi... | | |
| CVE-2025-55708 | WordPress Quiz And Survey Master Plugin <= 10.2.4 - SQL Injection Vulnerability | S | |
| CVE-2025-55709 | WordPress Visual Composer Website Builder Plugin < 45.15.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-55710 | WordPress TaxoPress Plugin <= 3.37.2 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-55711 | WordPress WP Table Builder Plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-55712 | WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 6.3.13 - Broken Access Control Vulnerability | S | |
| CVE-2025-55713 | WordPress Blocksy Theme <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-55714 | WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-55715 | WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-55716 | WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability | S | |
| CVE-2025-55718 | Rejected reason: Not used... | R | |
| CVE-2025-55719 | Rejected reason: Not used... | R | |
| CVE-2025-55720 | Rejected reason: Not used... | R | |
| CVE-2025-55721 | Rejected reason: Not used... | R | |
| CVE-2025-55722 | Rejected reason: Not used... | R | |
| CVE-2025-55723 | Rejected reason: Not used... | R | |
| CVE-2025-55724 | Rejected reason: Not used... | R | |
| CVE-2025-55725 | Rejected reason: Not used... | R | |
| CVE-2025-55726 | Rejected reason: Not used... | R | |
| CVE-2025-55731 | Frappe has the possibility of Authenticated SQL Injection due to improper validations | S | |
| CVE-2025-55732 | Frappe has the possibility of SQL Injection due to improper validations | S | |
| CVE-2025-55733 | DeepChat One-click Remote Code Execution through Custom URL Handling | E | |
| CVE-2025-55734 | flaskBlo Authorization Bypass | E | |
| CVE-2025-55735 | flaskBlog Stored XSS Vulnerability | E | |
| CVE-2025-55736 | flaskBlog allows arbitrary privilege escalation | E | |
| CVE-2025-55737 | flaskBlog arbitrary comment delete | E | |
| CVE-2025-55740 | Default Credentials in nginx-defender Configuration Files | | |
| CVE-2025-55741 | unopim/unopim allows unauthorized product deletion via mass-delete endpoint | E | |
| CVE-2025-55742 | UnoPim Stored XSS via SVG MIME/Sanitizer Bypass | E S | |
| CVE-2025-55743 | UnoPim vulnerable to remote code execution through Arbitrary File upload | E | |
| CVE-2025-55744 | UnoPim vulnerable to CSRF on Product edit feature and creation of other types | E | |
| CVE-2025-55745 | UnoPim Quick Export feature is vulnerable to CSV injection | | |
| CVE-2025-55746 | Directus allows unauthenticated file upload and file modification due to lacking input sanitization | | |
| CVE-2025-55750 | Gitpod Classic Affected by Bitbucket OAuth Token Exposure via Redirect Fragment | | |
| CVE-2025-55751 | OnboardLite Open Redirect Endpoint | | |
| CVE-2025-55763 | Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to... | |