| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-57105 | The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitr... | E | |
| CVE-2025-57215 | Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function ge... | | |
| CVE-2025-57217 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the... | | |
| CVE-2025-57218 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the... | | |
| CVE-2025-57219 | Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_... | | |
| CVE-2025-57220 | An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 t... | | |
| CVE-2025-57425 | A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows... | | |
| CVE-2025-57699 | Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows servi... | | |
| CVE-2025-57700 | Stored Cross-site Scripting in DIAEnergie | S | |
| CVE-2025-57701 | Reflected Cross-site Scripting in DIAEnergie | S | |
| CVE-2025-57702 | Reflected Cross-site Scripting in DIAEnergie | S | |
| CVE-2025-57703 | Reflected Cross-site Scripting in DIAEnergie | S | |
| CVE-2025-57704 | EIP Builder XML External Entity Processing Information Disclosure Vulnerability | S | |
| CVE-2025-57717 | Rejected reason: Not used... | R | |
| CVE-2025-57718 | Rejected reason: Not used... | R | |
| CVE-2025-57719 | Rejected reason: Not used... | R | |
| CVE-2025-57720 | Rejected reason: Not used... | R | |
| CVE-2025-57721 | Rejected reason: Not used... | R | |
| CVE-2025-57722 | Rejected reason: Not used... | R | |
| CVE-2025-57723 | Rejected reason: Not used... | R | |
| CVE-2025-57724 | Rejected reason: Not used... | R | |
| CVE-2025-57725 | Rejected reason: Not used... | R | |
| CVE-2025-57727 | In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference... | | |
| CVE-2025-57728 | In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to disco... | | |
| CVE-2025-57729 | In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP... | | |
| CVE-2025-57730 | In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature... | | |
| CVE-2025-57731 | In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content... | | |
| CVE-2025-57732 | In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ... | | |
| CVE-2025-57733 | In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email co... | | |
| CVE-2025-57734 | In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files... | | |
| CVE-2025-57742 | Rejected reason: Not used... | R | |
| CVE-2025-57743 | Rejected reason: Not used... | R | |
| CVE-2025-57744 | Rejected reason: Not used... | R | |
| CVE-2025-57745 | Rejected reason: Not used... | R | |
| CVE-2025-57746 | Rejected reason: Not used... | R | |
| CVE-2025-57747 | Rejected reason: Not used... | R | |
| CVE-2025-57748 | Rejected reason: Not used... | R | |
| CVE-2025-57749 | n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files | | |
| CVE-2025-57751 | Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs | | |
| CVE-2025-57753 | vite-plugin-static-copy files not included in `src` are accessible with a crafted request | E | |
| CVE-2025-57754 | eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak) | | |
| CVE-2025-57755 | claude-code-router CORS. misconfiguration | | |
| CVE-2025-57756 | Contao discloses sensitive information in the front end search index | | |
| CVE-2025-57757 | Contao discloses information in the news module | | |
| CVE-2025-57758 | Contao has improper access control in the back end voters | | |
| CVE-2025-57759 | Contao has improper privilege management for page and article fields | | |
| CVE-2025-57760 | Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation | | |
| CVE-2025-57761 | WeGIA SQL Injection vulnerability via 'id_funcionario' param at endpoint `/html/funcionario/dependente_remover.php` | E S | |
| CVE-2025-57762 | WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint 'dependente_docdependente.php' with parameter 'nome' | E S | |
| CVE-2025-57763 | Cross-Site Scripting (XSS) Reflected in 'insere_despacho.php' parameter 'sccs' | E | |
| CVE-2025-57764 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'cargos.php' parameter 'msg_e' | E S | |
| CVE-2025-57765 | WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_adotante.php' parameter 'msg_e' | E S | |
| CVE-2025-57767 | Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request | | |
| CVE-2025-57768 | Stored XSS in “hours” fields when creating or editing an issue, using SQLite database | | |
| CVE-2025-57770 | ZITADEL user enumeration vulnerability in login UI | S | |
| CVE-2025-57771 | Roo-Code potential remote code execution via auto-execute command parsing flaw | | |
| CVE-2025-57772 | Dataease H2 JDBC RCE Bypass | | |
| CVE-2025-57773 | Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability | | |
| CVE-2025-57788 | Unauthorized API Access Risk | E | |
| CVE-2025-57789 | Vulnerability in Initial Administrator Login Process | | |
| CVE-2025-57790 | Path Traversal Vulnerability | | |
| CVE-2025-57791 | Argument Injection Vulnerability in CommServe | | |
| CVE-2025-57797 | Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to... | | |
| CVE-2025-57800 | Audiobookshelf vulnerable to OIDC token exfiltration and account takeover | E S | |
| CVE-2025-57801 | gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks | | |
| CVE-2025-57802 | Airlink's Daemon Symlink Vulnerability | | |
| CVE-2025-57803 | ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow | E | |
| CVE-2025-57804 | h2 allows HTTP Request Smuggling due to illegal characters in headers | | |
| CVE-2025-57805 | The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation | | |
| CVE-2025-57809 | XGrammar affected by Denial of Service by infinite recursion grammars | | |
| CVE-2025-57810 | jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS) | E | |
| CVE-2025-57811 | Craft Potential Remote Code Execution via Twig SSTI | | |
| CVE-2025-57813 | Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ | | |
| CVE-2025-57814 | request-filtering-agent SSRF Bypass via HTTPS Requests | | |
| CVE-2025-57818 | Firecrawl SSRF Vulnerability via malicious webhook | | |
| CVE-2025-57819 | FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE | KEV | |
| CVE-2025-57820 | Svelte devalue vulnerable to prototype pollution | | |
| CVE-2025-57821 | Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL | | |
| CVE-2025-57824 | Rejected reason: Not used... | R | |
| CVE-2025-57825 | Rejected reason: Not used... | R | |
| CVE-2025-57826 | Rejected reason: Not used... | R | |
| CVE-2025-57827 | Rejected reason: Not used... | R | |
| CVE-2025-57828 | Rejected reason: Not used... | R | |
| CVE-2025-57829 | Rejected reason: Not used... | R | |
| CVE-2025-57830 | Rejected reason: Not used... | R | |
| CVE-2025-57831 | Rejected reason: Not used... | R | |
| CVE-2025-57832 | Rejected reason: Not used... | R | |
| CVE-2025-57845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-34158. Reason: This candidat... | R | |
| CVE-2025-57846 | Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability... | | |
| CVE-2025-57884 | WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-57885 | WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-57886 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability | S | |
| CVE-2025-57887 | WordPress Jobmonster Theme <= 4.8.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-57888 | WordPress Jobmonster Theme <= 4.8.0 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-57890 | WordPress Sessions Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-57891 | WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-57892 | WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-57893 | WordPress WP Fast Total Search Plugin <= 1.79.270 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-57894 | WordPress WPPizza Plugin <= 3.19.8 - Broken Access Control Vulnerability | S | |
| CVE-2025-57895 | WordPress JobWP Plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-57896 | WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability | S |