| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-6001 | VirtueMart - Cross Site Request Forgery (CSRF) | | |
| CVE-2025-6002 | VirtueMart - Unrestricted File Upload | | |
| CVE-2025-6003 | WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure | | |
| CVE-2025-6005 | kiCode111 like-girl aboutPost.php sql injection | E | |
| CVE-2025-6006 | kiCode111 like-girl ImgUpdaPost.php sql injection | E | |
| CVE-2025-6007 | kiCode111 like-girl CopyadminPost.php sql injection | E | |
| CVE-2025-6008 | kiCode111 like-girl ImgAddPost.php sql injection | E | |
| CVE-2025-6009 | kiCode111 like-girl ipAddPost.php sql injection | E | |
| CVE-2025-6012 | Auto Attachments <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting | | |
| CVE-2025-6017 | Rhacm: users with clusterreader role can see credentials from managed-clusters | | |
| CVE-2025-6019 | Libblockdev: lpe from allow_active to root in libblockdev via udisks | M | |
| CVE-2025-6020 | Linux-pam: linux-pam directory traversal | M | |
| CVE-2025-6021 | Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2 | M | |
| CVE-2025-6022 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-6029 | KIA-branded Aftermarket Generic Smart Keyless Entry System Replay Attack | S | |
| CVE-2025-6030 | Autoeastern Smart Keyless Entry System Replay Attack | S | |
| CVE-2025-6031 | Insecure device pairing in end of life Amazon Cloud Cam | | |
| CVE-2025-6032 | Podman: podman missing tls verification | M | |
| CVE-2025-6035 | Gimp: gimp integer overflow | M | |
| CVE-2025-6039 | ProcessingJS for WordPress <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-6040 | Easy Flashcards <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2025-6041 | yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2025-6044 | An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16... | | |
| CVE-2025-6050 | Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface | | |
| CVE-2025-6052 | Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring | M | |
| CVE-2025-6055 | Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2025-6056 | Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 ... | S | |
| CVE-2025-6057 | WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload | | |
| CVE-2025-6058 | WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload | | |
| CVE-2025-6059 | Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions | | |
| CVE-2025-6061 | kk Youtube Video <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-6062 | Yougler Blogger Profile Page <= v1.01 - Cross-Site Request Forgery to Settings Update | | |
| CVE-2025-6063 | XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2025-6064 | WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | | |
| CVE-2025-6065 | Image Resizer On The Fly <= 1.1 - Unauthenticated Arbitrary File Deletion | | |
| CVE-2025-6068 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | | |
| CVE-2025-6069 | HTMLParser quadratic complexity when processing malformed inputs | S | |
| CVE-2025-6070 | Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read | | |
| CVE-2025-6071 | Hard Coded Key used for AES encryption | | |
| CVE-2025-6072 | Stack Buffer Overflow in MQTTCore | | |
| CVE-2025-6073 | Stack Buffer Overflow in MQTTCore | | |
| CVE-2025-6074 | Authentication Bypass to the MQTT configuration Web Interface | | |
| CVE-2025-6081 | Pass-back attack in Konica Minolta bizhub 227 multifunctional printers | | |
| CVE-2025-6083 | ExtremeCloud Universal ZTNA Improper Authorization | S | |
| CVE-2025-6086 | CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload | | |
| CVE-2025-6087 | SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint | | |
| CVE-2025-6089 | Astun Technology iShare Maps atCheckJS.aspx redirect | | |
| CVE-2025-6090 | H3C GR-5400AX aspForm UpdateIpv6params buffer overflow | E | |
| CVE-2025-6091 | H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow | E | |
| CVE-2025-6092 | comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting | E | |
| CVE-2025-6093 | uYanki board-stm32f103rc-berial heartrate1_hal.c heartrate1_i2c_hal_write stack-based overflow | | |
| CVE-2025-6094 | FoxCMS Download.php batchCope sql injection | E | |
| CVE-2025-6095 | codesiddhant Jasmin Ransomware checklogin.php sql injection | E | |
| CVE-2025-6096 | codesiddhant Jasmin Ransomware dashboard.php sql injection | E | |
| CVE-2025-6097 | UTT 进取 750W Administrator Password setSysAdm formDefineManagement unverified password change | E | |
| CVE-2025-6098 | UTT 进取 750W API setSysAdm strcpy buffer overflow | E | |
| CVE-2025-6099 | szluyu99 gin-vue-blog PATCH Request manager.go improper authorization | E | |
| CVE-2025-6100 | realguoshuai open-video-cms list sql injection | E | |
| CVE-2025-6101 | letta-ai letta interface.py function_message eval injection | E | |
| CVE-2025-6102 | Wifi-soft UniBox Controller logout.php os command injection | E | |
| CVE-2025-6103 | Wifi-soft UniBox Controller test_accesscodelogin.php os command injection | E | |
| CVE-2025-6104 | Wifi-soft UniBox Controller pms_check.php os command injection | E | |
| CVE-2025-6105 | jflyfox jfinal_cms HOME.java cross-site request forgery | E | |
| CVE-2025-6106 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery | E | |
| CVE-2025-6107 | comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes | E | |
| CVE-2025-6108 | hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal | E | |
| CVE-2025-6109 | javahongxi whatsmars InitializrController.java initialize path traversal | E | |
| CVE-2025-6110 | Tenda FH1201 SafeMacFilter stack-based overflow | E | |
| CVE-2025-6111 | Tenda FH1205 VirtualSer fromVirtualSer stack-based overflow | E | |
| CVE-2025-6112 | Tenda FH1205 AdvSetLanip fromadvsetlanip buffer overflow | E | |
| CVE-2025-6113 | Tenda FH1203 AdvSetLanip fromadvsetlanip buffer overflow | E | |
| CVE-2025-6114 | D-Link DIR-619L form_portforwarding stack-based overflow | E | |
| CVE-2025-6115 | D-Link DIR-619L form_macfilter stack-based overflow | E | |
| CVE-2025-6116 | Das Parking Management System 停车场管理系统 API Search sql injection | E | |
| CVE-2025-6117 | Das Parking Management System 停车场管理系统 API Search sql injection | E | |
| CVE-2025-6118 | Das Parking Management System 停车场管理系统 API search sql injection | E | |
| CVE-2025-6119 | Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free | E | |
| CVE-2025-6120 | Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow | E | |
| CVE-2025-6121 | D-Link DIR-632 HTTP POST Request get_pure_content stack-based overflow | E | |
| CVE-2025-6122 | code-projects Restaurant Order System table.php sql injection | E | |
| CVE-2025-6123 | code-projects Restaurant Order System payment.php sql injection | E | |
| CVE-2025-6124 | code-projects Restaurant Order System tablelow.php sql injection | E | |
| CVE-2025-6125 | PHPGurukul Rail Pass Management System aboutus.php cross site scripting | E | |
| CVE-2025-6126 | PHPGurukul Rail Pass Management System contact.php cross site scripting | E | |
| CVE-2025-6127 | PHPGurukul Nipah Virus Testing Management System search-report.php cross site scripting | E | |
| CVE-2025-6128 | TOTOLINK EX1200T HTTP POST Request formWirelessTbl buffer overflow | E | |
| CVE-2025-6129 | TOTOLINK EX1200T HTTP POST Request formSaveConfig buffer overflow | E | |
| CVE-2025-6130 | TOTOLINK EX1200T HTTP POST Request formStats buffer overflow | E | |
| CVE-2025-6131 | CodeAstro Food Ordering System POST Request Parameter edit cross site scripting | E | |
| CVE-2025-6132 | Chanjet CRM departmentsetting.php sql injection | E | |
| CVE-2025-6133 | Projectworlds Life Insurance Management System insertagent.php sql injection | E | |
| CVE-2025-6134 | Projectworlds Life Insurance Management System insertClient.php sql injection | E | |
| CVE-2025-6135 | Projectworlds Life Insurance Management System insertNominee.php sql injection | E | |
| CVE-2025-6136 | Projectworlds Life Insurance Management System insertPayment.php sql injection | E | |
| CVE-2025-6137 | TOTOLINK T10 HTTP POST Request cstecgi.cgi setWiFiScheduleCfg buffer overflow | E | |
| CVE-2025-6138 | TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow | E | |
| CVE-2025-6139 | TOTOLINK T10 shadow.sample hard-coded password | E | |
| CVE-2025-6140 | spdlog pattern_formatter-inl.h scoped_padder resource consumption | E S | |
| CVE-2025-6141 | GNU ncurses parse_entry.c postprocess_termcap stack-based overflow | S | |
| CVE-2025-6142 | Intera InHire server-side request forgery | E | |
| CVE-2025-6143 | TOTOLINK EX1200T HTTP POST Request formNtp buffer overflow | E | |
| CVE-2025-6144 | TOTOLINK EX1200T HTTP POST Request formSysCmd buffer overflow | E | |
| CVE-2025-6145 | TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow | E | |
| CVE-2025-6146 | TOTOLINK X15 HTTP POST Request formSysLog buffer overflow | E | |
| CVE-2025-6147 | TOTOLINK A702R HTTP POST Request formSysLog buffer overflow | E | |
| CVE-2025-6148 | TOTOLINK A3002RU HTTP POST Request formSysLog buffer overflow | E | |
| CVE-2025-6149 | TOTOLINK A3002R HTTP POST Request formSysLog buffer overflow | E | |
| CVE-2025-6150 | TOTOLINK X15 HTTP POST Request formMultiAP buffer overflow | E | |
| CVE-2025-6151 | TP-Link TL-WR940N WanSlaacCfgRpm.htm buffer overflow | E | |
| CVE-2025-6152 | Steel Browser files.routes.ts handleFileUpload path traversal | E S | |
| CVE-2025-6153 | PHPGurukul Hostel Management System students.php sql injection | E | |
| CVE-2025-6154 | PHPGurukul Hostel Management System login.inc.php sql injection | E | |
| CVE-2025-6155 | PHPGurukul Hostel Management System login-hm.inc.php sql injection | E | |
| CVE-2025-6156 | PHPGurukul Nipah Virus Testing Management System bwdates-report-ds.php sql injection | E | |
| CVE-2025-6157 | PHPGurukul Nipah Virus Testing Management System registered-user-testing.php sql injection | E | |
| CVE-2025-6158 | D-Link DIR-665 HTTP POST Request sub_AC78 stack-based overflow | E | |
| CVE-2025-6159 | code-projects Hostel Management System allocate_room.php sql injection | E | |
| CVE-2025-6160 | SourceCodester Client Database Management System user_customer_create_order.php sql injection | E | |
| CVE-2025-6161 | SourceCodester Simple Food Ordering System editproduct.php unrestricted upload | E | |
| CVE-2025-6162 | TOTOLINK EX1200T HTTP POST Request formMultiAP buffer overflow | E | |
| CVE-2025-6163 | TOTOLINK A3002RU HTTP POST Request formMultiAP buffer overflow | E | |
| CVE-2025-6164 | TOTOLINK A3002R HTTP POST Request formMultiAP buffer overflow | E | |
| CVE-2025-6165 | TOTOLINK X15 HTTP POST Request formTmultiAP buffer overflow | E | |
| CVE-2025-6166 | frdel Agent-Zero image_get.py image_get path traversal | S | |
| CVE-2025-6167 | themanojdesai python-a2a api.py create_workflow path traversal | E S | |
| CVE-2025-6168 | Incorrect Authorization in GitLab | E S | |
| CVE-2025-6169 | HAMASTAR Technology WIMP website co-construction management platform - SQL Injection | S | |
| CVE-2025-6170 | Libxml2: stack buffer overflow in xmllint interactive shell command handling | M | |
| CVE-2025-6172 | Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of u... | | |
| CVE-2025-6173 | Webkul QloApps ajax_products_list.php sql injection | E | |
| CVE-2025-6177 | ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked | | |
| CVE-2025-6179 | ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits | E | |
| CVE-2025-6191 | Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potenti... | | |
| CVE-2025-6192 | Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to pote... | | |
| CVE-2025-6193 | Trustyai-explainability: command injection via lmevaljob cr | | |
| CVE-2025-6196 | Libgepub: integer overflow in libgepub's epub archive handling | M | |
| CVE-2025-6199 | Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder | M | |
| CVE-2025-6200 | GeoDirectory < 2.8.120 - Contributor+ Stored XSS | E | |
| CVE-2025-6201 | Pixel Manager for WooCommerce (PRO) <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode | | |
| CVE-2025-6206 | Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload | | |
| CVE-2025-6209 | Arbitrary File Read through Path Traversal in run-llama/llama_index | E | |
| CVE-2025-6210 | Hardlink-Based Path Traversal in run-llama/llama_index | | |
| CVE-2025-6211 | MD5 Hash Collision in run-llama/llama_index | E | |
| CVE-2025-6212 | Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module | S | |
| CVE-2025-6216 | Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability | | |
| CVE-2025-6217 | PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability | | |
| CVE-2025-6218 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2025-6220 | Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' | E S | |
| CVE-2025-6224 | Key leakage in juju/utils certificates | | |
| CVE-2025-6234 | Hostel < 1.1.5.8 - Reflected XSS | E | |
| CVE-2025-6236 | Hostel < 1.1.5.9 - Admin+ Stored XSS | E | |
| CVE-2025-6238 | AI Engine 2.8.4 - Insecure OAuth Implementation | | |
| CVE-2025-6240 | Profisee Path Traversal Vulnerability | S | |
| CVE-2025-6244 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets | S | |
| CVE-2025-6252 | Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2025-6257 | Euro FxRef Currency Converter <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via currency Shortcode | | |
| CVE-2025-6258 | WP SoundSystem <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode | | |
| CVE-2025-6264 | Velociraptor priviledge escalation via UpdateConfig artifact | M | |
| CVE-2025-6266 | FLIR AX8 upload.php unrestricted upload | E | |
| CVE-2025-6267 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 barcodeDetail sql injection | | |
| CVE-2025-6268 | Luna Imaging search cross site scripting | | |
| CVE-2025-6269 | HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow | E | |
| CVE-2025-6270 | HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow | E | |
| CVE-2025-6271 | swftools wav2swf wav.c wav_convert2mono out-of-bounds | E | |
| CVE-2025-6272 | wasm3 m3_compile.c MarkSlotAllocated out-of-bounds write | E | |
| CVE-2025-6273 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion | E | |
| CVE-2025-6274 | WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption | E | |
| CVE-2025-6275 | WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free | E | |
| CVE-2025-6276 | Brilliance Golden Link Secondary System rentTakeInfoPage.htm sql injection | E | |
| CVE-2025-6277 | Brilliance Golden Link Secondary System custTakeInfoPage.htm sql injection | E | |
| CVE-2025-6278 | Upsonic server.py os.path.join path traversal | E | |
| CVE-2025-6279 | Upsonic Pickle add_tool cloudpickle.loads deserialization | E | |
| CVE-2025-6280 | TransformerOptimus SuperAGI EmailToolKit read_email.py download_attachment path traversal | E | |
| CVE-2025-6281 | OpenBMB XAgent community path traversal | E | |
| CVE-2025-6282 | xlang-ai OpenAgents file.py create_upload_file path traversal | E | |
| CVE-2025-6283 | xataio Xata Agent route.ts GET path traversal | E S | |
| CVE-2025-6284 | PHPGurukul Car Rental Portal cross-site request forgery | E | |
| CVE-2025-6285 | PHPGurukul COVID19 Testing Management System search-report-result.php cross site scripting | | |
| CVE-2025-6286 | PHPGurukul COVID19 Testing Management System search-report-result.php redirect | | |
| CVE-2025-6287 | PHPGurukul COVID19 Testing Management System Take Action test-details.php cross site scripting | | |
| CVE-2025-6288 | PHPGurukul Bus Pass Management System Profile Page admin-profile.php cross site scripting | | |
| CVE-2025-6290 | Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode | | |
| CVE-2025-6291 | D-Link DIR-825 HTTP POST Request do_file stack-based overflow | E | |
| CVE-2025-6292 | D-Link DIR-825 HTTP POST Request sub_4091AC stack-based overflow | E | |
| CVE-2025-6293 | code-projects Hostel Management System contact_manager.php sql injection | E | |
| CVE-2025-6294 | code-projects Hostel Management System contact.php sql injection | E | |
| CVE-2025-6295 | code-projects Hostel Management System allocated_rooms.php sql injection | E | |
| CVE-2025-6296 | code-projects Hostel Management System empty_rooms.php sql injection | E | |
| CVE-2025-6297 | dpkg-deb: Fix cleanup for control member with restricted directories | | |
| CVE-2025-6299 | TOTOLINK N150RT formWSC os command injection | E | |
| CVE-2025-6300 | PHPGurukul Employee Record Management System editempeducation.php sql injection | E | |
| CVE-2025-6301 | PHPGurukul Notice Board System Add Notice manage-notices.php cross site scripting | | |
| CVE-2025-6302 | TOTOLINK EX1200T cstecgi.cgi setStaticDhcpConfig stack-based overflow | E | |
| CVE-2025-6303 | code-projects Online Shoe Store contactus1.php sql injection | E | |
| CVE-2025-6304 | code-projects Online Shoe Store cart.php sql injection | E | |
| CVE-2025-6305 | code-projects Online Shoe Store admin_feature.php sql injection | E | |
| CVE-2025-6306 | code-projects Online Shoe Store admin_index.php sql injection | E | |
| CVE-2025-6307 | code-projects Online Shoe Store edit_customer.php sql injection | E | |
| CVE-2025-6308 | PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection | E | |
| CVE-2025-6309 | PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection | E | |
| CVE-2025-6310 | PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection | E | |
| CVE-2025-6311 | Campcodes Sales and Inventory System account_add.php sql injection | E | |
| CVE-2025-6312 | Campcodes Sales and Inventory System cash_transaction.php sql injection | E | |
| CVE-2025-6313 | Campcodes Sales and Inventory System cat_add.php sql injection | E | |
| CVE-2025-6314 | Campcodes Sales and Inventory System cat_update.php sql injection | E | |
| CVE-2025-6315 | code-projects Online Shoe Store cart2.php sql injection | E | |
| CVE-2025-6316 | code-projects Online Shoe Store admin_running.php sql injection | E | |
| CVE-2025-6317 | code-projects Online Shoe Store confirm.php sql injection | E | |
| CVE-2025-6318 | PHPGurukul Pre-School Enrollment System check_availability.php sql injection | E | |
| CVE-2025-6319 | PHPGurukul Pre-School Enrollment System add-teacher.php sql injection | E | |
| CVE-2025-6320 | PHPGurukul Pre-School Enrollment System add-class.php sql injection | E | |
| CVE-2025-6321 | PHPGurukul Pre-School Enrollment System add-subadmin.php sql injection | E | |
| CVE-2025-6322 | PHPGurukul Pre-School Enrollment System visit.php sql injection | E | |
| CVE-2025-6323 | PHPGurukul Pre-School Enrollment System enrollment.php sql injection | E | |
| CVE-2025-6328 | D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow | E | |
| CVE-2025-6329 | ScriptAndTools Real Estate Management System User Delete userdelete.php authorization | E | |
| CVE-2025-6330 | PHPGurukul Directory Management System searchdata.php sql injection | E | |
| CVE-2025-6331 | PHPGurukul Directory Management System search-directory.php sql injection | E | |
| CVE-2025-6332 | PHPGurukul Directory Management System manage-directory.php sql injection | E | |
| CVE-2025-6333 | PHPGurukul Directory Management System admin-profile.php sql injection | E | |
| CVE-2025-6334 | D-Link DIR-867 Query String strncpy stack-based overflow | E | |
| CVE-2025-6335 | DedeCMS Template dedetag.class.php command injection | E | |
| CVE-2025-6336 | TOTOLINK EX1200T HTTP POST Request formTmultiAP buffer overflow | E | |
| CVE-2025-6337 | TOTOLINK A3002R/A3002RU HTTP POST Request formTmultiAP buffer overflow | E | |
| CVE-2025-6339 | ponaravindb Hospital Management System func3.php sql injection | E | |
| CVE-2025-6340 | code-projects School Fees Payment System branch.php cross site scripting | E | |
| CVE-2025-6341 | code-projects School Fees Payment System cross-site request forgery | E | |
| CVE-2025-6342 | code-projects Online Shoe Store admin_football.php sql injection | E | |
| CVE-2025-6343 | code-projects Online Shoe Store admin_product.php sql injection | E | |
| CVE-2025-6344 | code-projects Online Shoe Store contactus.php sql injection | E | |
| CVE-2025-6345 | SourceCodester My Food Recipe Add Recipe Page add-recipe.php addRecipeModal cross site scripting | E | |
| CVE-2025-6346 | SourceCodester Advance Charity Management System fundDetails.php sql injection | E | |
| CVE-2025-6347 | code-projects Responsive Blog pageViewMembers.php cross site scripting | E | |
| CVE-2025-6350 | WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting | S | |
| CVE-2025-6351 | itsourcecode Employee Record Management System editprofile.php sql injection | E | |
| CVE-2025-6352 | code-projects Automated Voting System Backend vote.php direct request | E | |
| CVE-2025-6353 | code-projects Responsive Blog search.php cross site scripting | E | |
| CVE-2025-6354 | code-projects Online Shoe Store customer_signup.php sql injection | E | |
| CVE-2025-6355 | SourceCodester Online Hotel Reservation System execeditroom.php sql injection | E | |
| CVE-2025-6356 | code-projects Simple Pizza Ordering System addmem.php sql injection | E | |
| CVE-2025-6357 | code-projects Simple Pizza Ordering System paymentportal.php sql injection | E | |
| CVE-2025-6358 | code-projects Simple Pizza Ordering System saveorder.php sql injection | E | |
| CVE-2025-6359 | code-projects Simple Pizza Ordering System cashconfirm.php sql injection | E | |
| CVE-2025-6360 | code-projects Simple Pizza Ordering System portal.php sql injection | E | |
| CVE-2025-6361 | code-projects Simple Pizza Ordering System adds.php sql injection | E | |
| CVE-2025-6362 | code-projects Simple Pizza Ordering System editpro.php sql injection | E | |
| CVE-2025-6363 | code-projects Simple Pizza Ordering System adding-exec.php sql injection | E | |
| CVE-2025-6364 | code-projects Simple Pizza Ordering System adduser-exec.php sql injection | E | |
| CVE-2025-6365 | HobbesOSR Kitten pgtable.h set_pte_at resource consumption | E | |
| CVE-2025-6367 | D-Link DIR-619L formSetDomainFilter stack-based overflow | E | |
| CVE-2025-6368 | D-Link DIR-619L formSetEmail stack-based overflow | E | |
| CVE-2025-6369 | D-Link DIR-619L formdumpeasysetup stack-based overflow | E | |
| CVE-2025-6370 | D-Link DIR-619L formWlanGuestSetup stack-based overflow | E | |
| CVE-2025-6371 | D-Link DIR-619L formSetEnableWizard stack-based overflow | E | |
| CVE-2025-6372 | D-Link DIR-619L formSetWizard1 stack-based overflow | E | |
| CVE-2025-6373 | D-Link DIR-619L formWlSiteSurvey formSetWizard1 stack-based overflow | E | |
| CVE-2025-6374 | D-Link DIR-619L formSetACLFilter stack-based overflow | E | |
| CVE-2025-6375 | poco MultipartReader.cpp MultipartInputStream null pointer dereference | E S | |
| CVE-2025-6376 | Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2025-6377 | Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2025-6378 | Responsive Food and Drink Menu <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_pdf_menus Shortcode | | |
| CVE-2025-6379 | BeeTeam368 Extensions Pro <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion | | |
| CVE-2025-6381 | BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion | | |
| CVE-2025-6383 | WP-PhotoNav <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode | | |
| CVE-2025-6384 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio | | |
| CVE-2025-6386 | Timing Attack Vulnerability in parisneo/lollms | | |
| CVE-2025-6390 | Cleartext storage of sensitive information in Brocade SANnav server audit logs. | | |
| CVE-2025-6392 | Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392) | | |
| CVE-2025-6393 | TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request formIPv6Addr buffer overflow | E | |
| CVE-2025-6394 | code-projects Simple Online Hotel Reservation System add_reserve.php sql injection | E | |
| CVE-2025-6395 | Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite() | M | |
| CVE-2025-6399 | TOTOLINK X15 HTTP POST Request formIPv6Addr buffer overflow | E | |
| CVE-2025-6400 | TOTOLINK N300RH HTTP POST Message formPortFw buffer overflow | E | |
| CVE-2025-6401 | TOTOLINK N300RH HTTP POST Message formFilter denial of service | E | |
| CVE-2025-6402 | TOTOLINK X15 HTTP POST Request formIpv6Setup buffer overflow | E | |
| CVE-2025-6403 | code-projects School Fees Payment System student.php sql injection | E | |
| CVE-2025-6404 | Campcodes Online Teacher Record Management System search.php sql injection | E | |
| CVE-2025-6405 | Campcodes Online Teacher Record Management System edit-teacher-detail.php sql injection | E | |
| CVE-2025-6406 | Campcodes Online Hospital Management System forgot-password.php sql injection | E | |
| CVE-2025-6407 | Campcodes Online Hospital Management System user-login.php sql injection | E | |
| CVE-2025-6408 | Campcodes Online Hospital Management System search.php sql injection | E | |
| CVE-2025-6409 | PHPGurukul Art Gallery Management System forgot-password.php sql injection | E | |
| CVE-2025-6410 | PHPGurukul Art Gallery Management System edit-art-medium-detail.php sql injection | E | |
| CVE-2025-6411 | PHPGurukul Art Gallery Management System changepropic.php sql injection | E | |
| CVE-2025-6412 | PHPGurukul Art Gallery Management System changeimage.php sql injection | E | |
| CVE-2025-6413 | PHPGurukul Art Gallery Management System changeimage1.php sql injection | E | |
| CVE-2025-6414 | PHPGurukul Art Gallery Management System changeimage2.php sql injection | E | |
| CVE-2025-6415 | PHPGurukul Art Gallery Management System changeimage3.php sql injection | E | |
| CVE-2025-6416 | PHPGurukul Art Gallery Management System changeimage4.php sql injection | E | |
| CVE-2025-6417 | PHPGurukul Art Gallery Management System add-artist.php sql injection | E | |
| CVE-2025-6418 | code-projects Simple Online Hotel Reservation System edit_query_account.php sql injection | E | |
| CVE-2025-6419 | code-projects Simple Online Hotel Reservation System edit_room.php sql injection | E | |
| CVE-2025-6420 | code-projects Simple Online Hotel Reservation System add_room.php sql injection | E | |
| CVE-2025-6421 | code-projects Simple Online Hotel Reservation System add_account.php sql injection | E | |
| CVE-2025-6422 | Campcodes Online Recruitment Management System About Content Page ajax.php unrestricted upload | E | |
| CVE-2025-6423 | BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload | | |
| CVE-2025-6424 | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affe... | | |
| CVE-2025-6425 | An attacker who enumerated resources from the WebCompat extension could have obtained a persistent U... | | |
| CVE-2025-6426 | The executable file warning did not warn users before opening files with the `terminal` extension. ... | | |
| CVE-2025-6427 | An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulat... | | |
| CVE-2025-6428 | When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL i... | E | |
| CVE-2025-6429 | Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing ... | | |
| CVE-2025-6430 | When a file download is specified via the `Content-Disposition` header, that directive would be igno... | | |
| CVE-2025-6431 | When a link can be opened in an external application, Firefox for Android will, by default, prompt t... | | |
| CVE-2025-6432 | When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the d... | | |
| CVE-2025-6433 | If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage w... | | |
| CVE-2025-6434 | The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked a... | | |
| CVE-2025-6435 | If a user saved a response from the Network tab in Devtools using the Save As context menu option, t... | | |
| CVE-2025-6436 | Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of... | | |
| CVE-2025-6437 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid | | |
| CVE-2025-6438 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause... | | |
| CVE-2025-6442 | Ruby WEBrick read_header HTTP Request Smuggling Vulnerability | | |
| CVE-2025-6443 | Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability | | |
| CVE-2025-6444 | ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability | | |
| CVE-2025-6445 | ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2025-6446 | code-projects Client Details System index.php sql injection | E | |
| CVE-2025-6447 | code-projects Simple Online Hotel Reservation System index.php sql injection | E | |
| CVE-2025-6448 | code-projects Simple Online Hotel Reservation System delete_room.php sql injection | E | |
| CVE-2025-6449 | code-projects Simple Online Hotel Reservation System checkout_query.php sql injection | E | |
| CVE-2025-6450 | code-projects Simple Online Hotel Reservation System confirm_reserve.php sql injection | E | |
| CVE-2025-6451 | code-projects Simple Online Hotel Reservation System delete_pending.php sql injection | E | |
| CVE-2025-6452 | CodeAstro Patient Record Management System Generate New Report Page cross site scripting | E M | |
| CVE-2025-6453 | diyhi bbs API ForumManageAction.java add path traversal | E | |
| CVE-2025-6455 | code-projects Online Hotel Reservation System messageexec.php sql injection | E | |
| CVE-2025-6456 | code-projects Online Hotel Reservation System order.php sql injection | E | |
| CVE-2025-6457 | code-projects Online Hotel Reservation System demo.php sql injection | E | |
| CVE-2025-6458 | code-projects Online Hotel Reservation System execedituser.php sql injection | E | |
| CVE-2025-6459 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate | | |
| CVE-2025-6462 | EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode | S | |
| CVE-2025-6463 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion | S | |
| CVE-2025-6464 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion | S | |
| CVE-2025-6466 | ageerle ruoyi-ai SseServiceImpl.java upload unrestricted upload | E S | |
| CVE-2025-6467 | code-projects Online Bidding System login.php sql injection | E | |
| CVE-2025-6468 | code-projects Online Bidding System bidnow.php sql injection | E | |
| CVE-2025-6469 | code-projects Online Bidding System details.php sql injection | E | |
| CVE-2025-6470 | code-projects Online Bidding System bidlog.php sql injection | E | |
| CVE-2025-6471 | code-projects Online Bidding System administrator sql injection | E | |
| CVE-2025-6472 | code-projects Online Bidding System showprod.php sql injection | E | |
| CVE-2025-6473 | code-projects School Fees Payment System fees.php cross site scripting | E | |
| CVE-2025-6474 | code-projects Inventory Management System changeUsername.php sql injection | E | |
| CVE-2025-6475 | SourceCodester Student Result Management System Manage Students Module manage_students cross site scripting | E | |
| CVE-2025-6476 | SourceCodester Gym Management System cross-site request forgery | E | |
| CVE-2025-6477 | SourceCodester Student Result Management System System Settings Page system cross site scripting | E | |
| CVE-2025-6478 | CodeAstro Expense Management System cross-site request forgery | | |
| CVE-2025-6479 | code-projects Simple Pizza Ordering System salesreport.php sql injection | E | |
| CVE-2025-6480 | code-projects Simple Pizza Ordering System addcatexec.php sql injection | E | |
| CVE-2025-6481 | code-projects Simple Pizza Ordering System update.php sql injection | E | |
| CVE-2025-6482 | code-projects Simple Pizza Ordering System edituser-exec.php sql injection | E | |
| CVE-2025-6483 | code-projects Simple Pizza Ordering System edituser.php sql injection | E | |
| CVE-2025-6484 | code-projects Online Shopping Store action.php sql injection | E | |
| CVE-2025-6485 | TOTOLINK A3002R formWlSiteSurvey os command injection | E | |
| CVE-2025-6486 | TOTOLINK A3002R formWlanMultipleAP stack-based overflow | E | |
| CVE-2025-6487 | TOTOLINK A3002R formRoute stack-based overflow | E | |
| CVE-2025-6488 | isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter | | |
| CVE-2025-6489 | itsourcecode Agri-Trading Online Shopping System transactionsave.php sql injection | E | |
| CVE-2025-6490 | sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow | E S | |
| CVE-2025-6492 | MarkText index.js getRecommendTitleFromMarkdownString redos | E | |
| CVE-2025-6493 | CodeMirror Markdown Mode markdown.js redos | E | |
| CVE-2025-6494 | sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow | E S | |
| CVE-2025-6496 | HTACG tidy-html5 parser.c InsertNodeAsParent null pointer dereference | E | |
| CVE-2025-6497 | HTACG tidy-html5 parser.c prvTidyParseNamespace assertion | E | |
| CVE-2025-6498 | HTACG tidy-html5 alloc.c defaultAlloc memory leak | E | |
| CVE-2025-6499 | vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow | E | |
| CVE-2025-6500 | code-projects Inventory Management System editCategories.php sql injection | E | |
| CVE-2025-6501 | code-projects Inventory Management System createCategories.php sql injection | E | |
| CVE-2025-6502 | code-projects Inventory Management System changePassword.php sql injection | E | |
| CVE-2025-6503 | code-projects Inventory Management System fetchSelectedCategories.php sql injection | E | |
| CVE-2025-6509 | seaswalker spring-analysis SimpleController.java echo cross site scripting | E | |
| CVE-2025-6510 | Netgear EX6100 sub_415EF8 stack-based overflow | E | |
| CVE-2025-6511 | Netgear EX6150 sub_410090 stack-based overflow | E | |
| CVE-2025-6512 | Scripts within reports executable on BRAIN2 Server | S | |
| CVE-2025-6513 | BRAIN2 Configuration file for database access not sufficiently secured | S | |
| CVE-2025-6514 | OS command injection in mcp-remote when connecting to untrusted MCP servers | S | |
| CVE-2025-6516 | HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow | E | |
| CVE-2025-6517 | Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery | E | |
| CVE-2025-6518 | PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine | E | |
| CVE-2025-6521 | TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm | M | |
| CVE-2025-6522 | TrendMakers Sight Bulb Pro Command Injection | M | |
| CVE-2025-6524 | 70mai 1S Video Services improper authentication | E | |
| CVE-2025-6525 | 70mai 1S Configuration Config.cgi improper authorization | E | |
| CVE-2025-6526 | 70mai M300 HTTP Server insufficiently protected credentials | E | |
| CVE-2025-6527 | 70mai M300 Web Server access control | E | |
| CVE-2025-6528 | 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication | E | |
| CVE-2025-6529 | 70mai M300 Telnet Service default credentials | E | |
| CVE-2025-6530 | 70mai M300 Telnet Service demo.sh denial of service | E | |
| CVE-2025-6531 | SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control | E | |
| CVE-2025-6532 | NOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint access control | E | |
| CVE-2025-6533 | xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay | E | |
| CVE-2025-6534 | xxyopen/201206030 novel-plus File FileController.java remove resource injection | E | |
| CVE-2025-6535 | xxyopen/201206030 novel-plus User Management Module UserMapper.xml list sql injection | E | |
| CVE-2025-6536 | Tarantool datetime.c tm_to_datetime assertion | E | |
| CVE-2025-6537 | Namasha By Mdesign <= 1.2.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via playicon_title Parameter | | |
| CVE-2025-6538 | Post Rating and Review <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter | | |
| CVE-2025-6540 | web-cam <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter | | |
| CVE-2025-6543 | Memory overflow vulnerability leading to unintended control flow and Denial of Service | KEV | |
| CVE-2025-6545 | pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js | S | |
| CVE-2025-6546 | Drive Folder Embedder <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter | | |
| CVE-2025-6547 | On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys | S | |
| CVE-2025-6549 | Junos OS: SRX Series: J-Web can be exposed on additional interfaces | S | |
| CVE-2025-6550 | The Pack Elementor addon <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-6551 | java-aodeng Hope-Boot WebController.java login cross site scripting | E | |
| CVE-2025-6552 | java-aodeng Hope-Boot Login WebController.java doLogin redirect | E | |
| CVE-2025-6554 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform ar... | KEV | |
| CVE-2025-6555 | Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to pot... | | |
| CVE-2025-6556 | Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote a... | | |
| CVE-2025-6557 | Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed ... | | |
| CVE-2025-6559 | Sapido Wireless Router - OS Command Injection | | |
| CVE-2025-6560 | Sapido Wireless Router - Exposure of Sensitive Information | | |
| CVE-2025-6561 | Hunt Electronic Hybrid DVR - Exposure of Sensitive System Information | S | |
| CVE-2025-6562 | Hunt Electronic Hybrid DVR - OS Command Injection | S | |
| CVE-2025-6563 | Cross-site scripting via dst parameter in RouterOS WiFi hotspot | E | |
| CVE-2025-6565 | Netgear WNCE3001 HTTP POST Request http_d stack-based overflow | E | |
| CVE-2025-6566 | oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow | E | |
| CVE-2025-6567 | Campcodes Online Recruitment Management System view_application.php sql injection | E | |
| CVE-2025-6568 | TOTOLINK EX1200T HTTP POST Request formIpv6Setup buffer overflow | E | |
| CVE-2025-6569 | code-projects School Fees Payment System student.php cross site scripting | E | |
| CVE-2025-6570 | PHPGurukul Hospital Management System search.php sql injection | E | |
| CVE-2025-6578 | code-projects Simple Online Hotel Reservation System delete_account.php sql injection | E | |
| CVE-2025-6579 | code-projects Car Rental System message_admin.php sql injection | E | |
| CVE-2025-6580 | SourceCodester Best Salon Management System Login sql injection | E | |
| CVE-2025-6581 | SourceCodester Best Salon Management System add-customer.php sql injection | E | |
| CVE-2025-6582 | SourceCodester Best Salon Management System edit-customer-detailed.php sql injection | E | |
| CVE-2025-6583 | SourceCodester Best Salon Management System view-appointment.php sql injection | E | |
| CVE-2025-6586 | Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload | | |
| CVE-2025-6587 | Exposure of system environment variables in Docker Desktop diagnostic logs | | |
| CVE-2025-6600 | GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API | | |
| CVE-2025-6603 | coldfunction qCUDA qcow.c qcow_make_empty integer overflow | | |
| CVE-2025-6604 | SourceCodester Best Salon Management System add-staff.php sql injection | E | |
| CVE-2025-6605 | SourceCodester Best Salon Management System edit-staff.php sql injection | E | |
| CVE-2025-6606 | SourceCodester Best Salon Management System add-services.php sql injection | E | |
| CVE-2025-6607 | SourceCodester Best Salon Management System stock.php sql injection | E | |
| CVE-2025-6608 | SourceCodester Best Salon Management System edit-services.php sql injection | E | |
| CVE-2025-6609 | SourceCodester Best Salon Management System bwdates-reports-details.php sql injection | E | |
| CVE-2025-6610 | itsourcecode Employee Management System editempprofile.php sql injection | E | |
| CVE-2025-6611 | code-projects Inventory Management System createBrand.php sql injection | E | |
| CVE-2025-6612 | code-projects Inventory Management System removeCategories.php sql injection | E | |
| CVE-2025-6613 | PHPGurukul Hospital Management System manage-patient.php cross site scripting | E | |
| CVE-2025-6614 | D-Link DIR-619L formSetWANType_Wizard5 stack-based overflow | E | |
| CVE-2025-6615 | D-Link DIR-619L formAutoDetecWAN_wizard4 stack-based overflow | E | |
| CVE-2025-6616 | D-Link DIR-619L formSetWAN_Wizard51 stack-based overflow | E | |
| CVE-2025-6617 | D-Link DIR-619L formAdvanceSetup stack-based overflow | E | |
| CVE-2025-6618 | TOTOLINK CA300-PoE wps.so SetWLanApcliSettings os command injection | E | |
| CVE-2025-6619 | TOTOLINK CA300-PoE upgrade.so setUpgradeFW os command injection | E | |
| CVE-2025-6620 | TOTOLINK CA300-PoE upgrade.so setUpgradeUboot os command injection | E | |
| CVE-2025-6621 | TOTOLINK CA300-PoE ap.so QuickSetting os command injection | E | |
| CVE-2025-6624 | Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information in... | S | |
| CVE-2025-6627 | TOTOLINK A702R HTTP POST Request formIpv6Setup buffer overflow | E | |
| CVE-2025-6640 | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2025-6641 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6642 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2025-6643 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6644 | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2025-6645 | PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2025-6646 | PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2025-6647 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2025-6648 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6649 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6650 | PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6651 | PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2025-6652 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6653 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6654 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2025-6655 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6656 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6657 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6658 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6659 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2025-6660 | PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-6661 | PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2025-6662 | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2025-6663 | GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-6664 | CodeAstro Patient Record Management System cross-site request forgery | E | |
| CVE-2025-6665 | code-projects Inventory Management System editBrand.php sql injection | E | |
| CVE-2025-6667 | code-projects Car Rental System add_cars.php unrestricted upload | E | |
| CVE-2025-6668 | code-projects Inventory Management System fetchSelectedBrand.php sql injection | E | |
| CVE-2025-6669 | gooaclok819 sublinkX jwt.go hard-coded key | E S | |
| CVE-2025-6673 | Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode | | |
| CVE-2025-6674 | CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081 | | |
| CVE-2025-6675 | Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082 | | |
| CVE-2025-6676 | Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083 | | |
| CVE-2025-6677 | Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084 | | |
| CVE-2025-6678 | Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability | | |
| CVE-2025-6686 | Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode | | |
| CVE-2025-6687 | Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode | | |
| CVE-2025-6688 | Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin | S | |
| CVE-2025-6689 | FL3R Accessibility Suite <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode | | |
| CVE-2025-6691 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion | S | |
| CVE-2025-6693 | RT-Thread device.c sys_device_write memory corruption | E | |
| CVE-2025-6694 | LabRedesCefetRJ WeGIA Adicionar Unidade adicionar_unidade.php cross site scripting | E | |
| CVE-2025-6695 | LabRedesCefetRJ WeGIA Additional Categoria adicionar_categoria.php cross site scripting | E | |
| CVE-2025-6696 | LabRedesCefetRJ WeGIA Cadastro de Atendio Cadastro_Atendido.php cross site scripting | E | |
| CVE-2025-6697 | LabRedesCefetRJ WeGIA Adicionar tipo adicionar_tipoEntrada.php cross site scripting | E | |
| CVE-2025-6698 | LabRedesCefetRJ WeGIA Adicionar tipo adicionar_tipoSaida.php cross site scripting | E | |
| CVE-2025-6699 | LabRedesCefetRJ WeGIA Cadastro de Funcionário cadastro_funcionario.php cross site scripting | E | |
| CVE-2025-6700 | Xuxueli xxl-sso login cross site scripting | E | |
| CVE-2025-6701 | Xuxueli xxl-sso doLogin redirect | E | |
| CVE-2025-6702 | linlinjava litemall post improper authorization | E | |
| CVE-2025-6703 | transport/fc.rs: panic attempting to send MAX_DATA with value larger max varint | | |
| CVE-2025-6705 | A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed un... | S | |
| CVE-2025-6706 | Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server | | |
| CVE-2025-6707 | Race condition in privilege cache invalidation cycle | | |
| CVE-2025-6709 | Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication | | |
| CVE-2025-6710 | Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB | | |
| CVE-2025-6711 | Incomplete Redaction of Sensitive Information in MongoDB Server Logs | | |
| CVE-2025-6712 | MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation | | |
| CVE-2025-6713 | MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage | | |
| CVE-2025-6714 | Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections | | |
| CVE-2025-6716 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting | | |
| CVE-2025-6725 | Cross-Site Scripting (XSS) in PdfViewer | | |
| CVE-2025-6729 | PayMaster for WooCommerce <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery | | |
| CVE-2025-6731 | yzcheng90 X-SpringBoot APK File apk uploadApk path traversal | E | |
| CVE-2025-6732 | UTT HiPER 840G API setSysAdm strcpy buffer overflow | E | |
| CVE-2025-6733 | UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow | E | |
| CVE-2025-6734 | UTT HiPER 840G API formP2PLimitConfig sub_484E40 buffer overflow | E | |
| CVE-2025-6735 | juzaweb CMS Import Page imports improper authorization | E | |
| CVE-2025-6736 | juzaweb CMS Add New Themes Page install improper authorization | E | |
| CVE-2025-6738 | huija bicycleSharingServer UserServiceImpl.java userDao.selectUserByUserNameLike sql injection | E | |
| CVE-2025-6739 | WPQuiz <= 0.4.2 - Authenticated (Contributor+) SQL Injection | | |
| CVE-2025-6740 | Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter | S | |
| CVE-2025-6742 | SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion | S | |
| CVE-2025-6743 | WoodMart <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-6744 | Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution | | |
| CVE-2025-6745 | WoodMart <= 8.2.5 - Unauthenticated Post Disclosure | | |
| CVE-2025-6746 | WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion | | |
| CVE-2025-6748 | Bharti Airtel Thanks App files cleartext storage in a file or on disk | E | |
| CVE-2025-6749 | huija bicycleSharingServer AdminController.java searchAdminMessageShow sql injection | E | |
| CVE-2025-6750 | HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow | E | |
| CVE-2025-6751 | Linksys E8450 HTTP POST Request portal.cgi set_device_language buffer overflow | E | |
| CVE-2025-6752 | Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow | E | |
| CVE-2025-6753 | huija bicycleSharingServer AdminController.java selectAdminByNameLike sql injection | E | |
| CVE-2025-6755 | Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter | | |
| CVE-2025-6756 | Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode | | |
| CVE-2025-6759 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges | | |
| CVE-2025-6761 | Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine | S | |
| CVE-2025-6762 | diyhi bbs HTTP Header login getUrl server-side request forgery | E | |
| CVE-2025-6763 | Comet System H3531 Web-based Management Interface setupA.cfg missing authentication | E | |
| CVE-2025-6765 | Intelbras InControl HTTP PUT Request operador permission | E | |
| CVE-2025-6766 | sfturing hosp_order OfficeServiceImpl.java getOfficeName sql injection | E | |
| CVE-2025-6767 | sfturing hosp_order DoctorServiceImpl.java findDoctorByCondition sql injection | E | |
| CVE-2025-6768 | sfturing hosp_order HospitalServiceImpl.java findAllHosByCondition sql injection | E | |
| CVE-2025-6770 | OS command injection in Ivanti Endpoint Manager | | |
| CVE-2025-6771 | OS command injection in Ivanti Endpoint Manager | | |
| CVE-2025-6772 | eosphoros-ai db-gpt import import_flow path traversal | E | |
| CVE-2025-6773 | HKUDS LightRAG File Upload document_routes.py upload_to_input_dir path traversal | S | |
| CVE-2025-6774 | gooaclok819 sublinkX template.go AddTemp path traversal | E S | |
| CVE-2025-6775 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection | E S | |
| CVE-2025-6776 | xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal | E S | |
| CVE-2025-6777 | code-projects Food Distributor Site process_login.php sql injection | E | |
| CVE-2025-6778 | code-projects Food Distributor Site save_settings.php cross site scripting | E | |
| CVE-2025-6782 | GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm() | | |
| CVE-2025-6783 | GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() | | |
| CVE-2025-6786 | DocCheck Login <= 1.1.5 - Unauthorized Post Access | | |
| CVE-2025-6787 | Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-6788 | CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resourc... | | |
| CVE-2025-6793 | Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability | | |
| CVE-2025-6794 | Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2025-6795 | Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6796 | Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6797 | Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6798 | Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2025-6799 | Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6800 | Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6801 | Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability | | |
| CVE-2025-6802 | Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability | | |
| CVE-2025-6803 | Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6804 | Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6805 | Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability | | |
| CVE-2025-6806 | Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability | | |
| CVE-2025-6807 | Marvell QConvergeConsole getDriverTmpPath Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2025-6810 | Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2025-6811 | Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability | | |
| CVE-2025-6814 | Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function | | |
| CVE-2025-6816 | HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow | E | |
| CVE-2025-6817 | HDF5 H5Centry.c H5C__load_entry resource consumption | E | |
| CVE-2025-6818 | HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow | E | |
| CVE-2025-6819 | code-projects Inventory Management System removeBrand.php sql injection | E | |
| CVE-2025-6820 | code-projects Inventory Management System createProduct.php sql injection | E | |
| CVE-2025-6821 | code-projects Inventory Management System createOrder.php sql injection | E | |
| CVE-2025-6822 | code-projects Inventory Management System removeProduct.php sql injection | E | |
| CVE-2025-6823 | code-projects Inventory Management System editProduct.php sql injection | E | |
| CVE-2025-6824 | TOTOLINK X15 HTTP POST Request formParentControl buffer overflow | E | |
| CVE-2025-6825 | TOTOLINK A702R HTTP POST Request formWlSiteSurvey buffer overflow | E | |
| CVE-2025-6826 | code-projects Payroll Management System ajax.php sql injection | E | |
| CVE-2025-6827 | code-projects Inventory Management System editOrder.php sql injection | E | |
| CVE-2025-6828 | code-projects Inventory Management System orders.php sql injection | E | |
| CVE-2025-6829 | aaluoxiang oa_system External Address Book outAddress sql injection | E | |
| CVE-2025-6834 | code-projects Inventory Management System editPayment.php sql injection | E | |
| CVE-2025-6835 | code-projects Library System student-issue-book.php sql injection | E | |
| CVE-2025-6836 | code-projects Library System profile.php sql injection | E | |
| CVE-2025-6837 | code-projects Library System profile.php unrestricted upload | E M | |
| CVE-2025-6838 | Broken Link Notifier <= 1.3.0 - Authenticated (Contributor+) CSV Injection | | |
| CVE-2025-6839 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor | E | |
| CVE-2025-6840 | code-projects Product Inventory System Login index.php sql injection | E | |
| CVE-2025-6841 | code-projects Product Inventory System edit_product.php sql injection | E | |
| CVE-2025-6842 | code-projects Product Inventory System edit_user.php sql injection | E | |
| CVE-2025-6843 | code-projects Simple Photo Gallery upload-photo.php unrestricted upload | E | |
| CVE-2025-6844 | code-projects Simple Forum signin.php sql injection | E | |
| CVE-2025-6845 | code-projects Simple Forum register1.php sql injection | E | |
| CVE-2025-6846 | code-projects Simple Forum forum_viewfile.php sql injection | E | |
| CVE-2025-6847 | code-projects Simple Forum forum_edit.php sql injection | E | |
| CVE-2025-6848 | code-projects Simple Forum forum1.php unrestricted upload | E | |
| CVE-2025-6849 | code-projects Simple Forum forum_edit1.php cross site scripting | E | |
| CVE-2025-6850 | code-projects Simple Forum forum1.php sql injection | E | |
| CVE-2025-6851 | Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery | | |
| CVE-2025-6853 | chatchat-space Langchain-Chatchat Backend upload_temp_docs path traversal | E | |
| CVE-2025-6854 | chatchat-space Langchain-Chatchat files path traversal | E | |
| CVE-2025-6855 | chatchat-space Langchain-Chatchat file path traversal | E | |
| CVE-2025-6856 | HDF5 H5FL.c H5FL__reg_gc_list use after free | E | |
| CVE-2025-6857 | HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow | E | |
| CVE-2025-6858 | HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference | E | |
| CVE-2025-6859 | SourceCodester Best Salon Management System pro_sale.php sql injection | E | |
| CVE-2025-6860 | SourceCodester Best Salon Management System staff_commision.php sql injection | E | |
| CVE-2025-6861 | SourceCodester Best Salon Management System add_plan.php sql injection | E | |
| CVE-2025-6862 | SourceCodester Best Salon Management System edit_plan.php sql injection | E | |
| CVE-2025-6863 | PHPGurukul Local Services Search Engine Management System edit-category-detail.php sql injection | E | |
| CVE-2025-6864 | SeaCMS admin_type.php cross-site request forgery | E | |
| CVE-2025-6865 | DaiCuo index cross-site request forgery | E | |
| CVE-2025-6866 | code-projects Simple Forum forum_downloadfile.php path traversal | E | |
| CVE-2025-6867 | SourceCodester Simple Company Website manage.php sql injection | E | |
| CVE-2025-6868 | SourceCodester Simple Company Website manage.php sql injection | E | |
| CVE-2025-6869 | SourceCodester Simple Company Website manage.php sql injection | E | |
| CVE-2025-6870 | SourceCodester Simple Company Website Content.php unrestricted upload | E | |
| CVE-2025-6871 | SourceCodester Simple Company Website Login.php sql injection | E | |
| CVE-2025-6872 | SourceCodester Simple Company Website SystemSettings.php unrestricted upload | E | |
| CVE-2025-6873 | SourceCodester Simple Company Website Users.php unrestricted upload | E | |
| CVE-2025-6874 | SourceCodester Best Salon Management System add_subscribe.php sql injection | E | |
| CVE-2025-6875 | SourceCodester Best Salon Management System edit-subscription.php sql injection | E | |
| CVE-2025-6876 | SourceCodester Best Salon Management System add-category.php sql injection | E | |
| CVE-2025-6877 | SourceCodester Best Salon Management System edit-category.php sql injection | E | |
| CVE-2025-6878 | SourceCodester Best Salon Management System search-appointment.php sql injection | E | |
| CVE-2025-6879 | SourceCodester Best Salon Management System add-tax.php sql injection | E | |
| CVE-2025-6880 | SourceCodester Best Salon Management System edit-tax.php sql injection | E | |
| CVE-2025-6881 | D-Link DI-8100 jhttpd pppoe_base.asp buffer overflow | E | |
| CVE-2025-6882 | D-Link DIR-513 formSetWanPPTP buffer overflow | E | |
| CVE-2025-6883 | code-projects Staff Audit System update_index.php sql injection | E | |
| CVE-2025-6884 | code-projects Staff Audit System search_index.php sql injection | E | |
| CVE-2025-6885 | PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection | E | |
| CVE-2025-6886 | Tenda AC5 openSchedWifi stack-based overflow | E | |
| CVE-2025-6887 | Tenda AC5 SetSysTimeCfg stack-based overflow | E | |
| CVE-2025-6888 | PHPGurukul Teachers Record Management System changeimage.php sql injection | E | |
| CVE-2025-6889 | code-projects Movie Ticketing System logIn.php sql injection | E | |
| CVE-2025-6890 | code-projects Movie Ticketing System ticketConfirmation.php sql injection | E | |
| CVE-2025-6891 | code-projects Inventory Management System createUser.php sql injection | E | |
| CVE-2025-6896 | D-Link DI-7300G+ wget_test.asp os command injection | E | |
| CVE-2025-6897 | D-Link DI-7300G+ httpd_debug.asp os command injection | E | |
| CVE-2025-6898 | D-Link DI-7300G+ in proxy_client.asp os command injection | E | |
| CVE-2025-6899 | D-Link DI-7300G+/DI-8200G msp_info.htm os command injection | E | |
| CVE-2025-6900 | code-projects Library System add-book.php unrestricted upload | E M | |
| CVE-2025-6901 | code-projects Inventory Management System removeUser.php sql injection | E | |
| CVE-2025-6902 | code-projects Inventory Management System editUser.php sql injection | E | |
| CVE-2025-6903 | code-projects Car Rental System approve.php sql injection | E | |
| CVE-2025-6904 | code-projects Car Rental System add_cars.php sql injection | E | |
| CVE-2025-6905 | code-projects Car Rental System signup.php sql injection | E | |
| CVE-2025-6906 | code-projects Car Rental System login.php sql injection | E | |
| CVE-2025-6907 | code-projects Car Rental System book_car.php sql injection | E | |
| CVE-2025-6908 | PHPGurukul Old Age Home Management System edit-services.php sql injection | E | |
| CVE-2025-6909 | PHPGurukul Old Age Home Management System add-scdetails.php sql injection | E | |
| CVE-2025-6910 | PHPGurukul Student Record System session.php sql injection | E | |
| CVE-2025-6911 | PHPGurukul Student Record System manage-subjects.php sql injection | E | |
| CVE-2025-6912 | PHPGurukul Student Record System manage-students.php sql injection | E | |
| CVE-2025-6913 | PHPGurukul Student Record System admin-profile.php sql injection | E | |
| CVE-2025-6914 | PHPGurukul Student Record System edit-student.php sql injection | E | |
| CVE-2025-6915 | PHPGurukul Student Record System register.php sql injection | E | |
| CVE-2025-6916 | TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication | E | |
| CVE-2025-6917 | code-projects Online Hotel Booking registration.php sql injection | E | |
| CVE-2025-6920 | Ai-inference-server: authentication bypass via unprotected inference endpoint in api | M | |
| CVE-2025-6925 | Dromara RuoYi-Vue-Plus Mail MailController.java path traversal | E | |
| CVE-2025-6926 | Security Authentication Bypass in CentralAuth | | |
| CVE-2025-6929 | PHPGurukul Zoo Management System view-normal-ticket.php sql injection | E | |
| CVE-2025-6930 | PHPGurukul Zoo Management System manage-foreigners-ticket.php sql injection | E | |
| CVE-2025-6931 | D-Link DCS-6517/DCS-7517 Root Password Generation httpd generate_pass_from_mac entropy | E | |
| CVE-2025-6932 | D-Link DCS-7517 Qlync Password Generation httpd g_F_n_GenPassForQlync hard-coded password | E | |
| CVE-2025-6934 | Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' | | |
| CVE-2025-6935 | Campcodes Sales and Inventory System payment_add.php sql injection | E | |
| CVE-2025-6936 | code-projects Simple Pizza Ordering System addpro.php sql injection | E | |
| CVE-2025-6937 | code-projects Simple Pizza Ordering System large.php sql injection | E | |
| CVE-2025-6938 | code-projects Simple Pizza Ordering System editcus.php sql injection | E | |
| CVE-2025-6939 | TOTOLINK A3002RU HTTP POST Request formWlSiteSurvey buffer overflow | E | |
| CVE-2025-6940 | TOTOLINK A702R HTTP POST Request formParentControl buffer overflow | E | |
| CVE-2025-6942 | The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier c... | | |
| CVE-2025-6943 | Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that all... | | |
| CVE-2025-6944 | Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes | | |
| CVE-2025-6948 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | E S | |
| CVE-2025-6951 | SAFECAM X300 FTP Service default credentials | E | |
| CVE-2025-6952 | Open5GS AMF Service amf-sm.c amf_state_operational assertion | S | |
| CVE-2025-6953 | TOTOLINK A3002RU HTTP POST Request formParentControl buffer overflow | E | |
| CVE-2025-6954 | Campcodes Employee Management System applyleave.php sql injection | E | |
| CVE-2025-6955 | Campcodes Employee Management System aprocess.php sql injection | E | |
| CVE-2025-6956 | Campcodes Employee Management System changepassemp.php sql injection | E | |
| CVE-2025-6957 | Campcodes Employee Management System eprocess.php sql injection | E | |
| CVE-2025-6958 | Campcodes Employee Management System edit.php sql injection | E | |
| CVE-2025-6959 | Campcodes Employee Management System eloginwel.php sql injection | E | |
| CVE-2025-6960 | Campcodes Employee Management System empproject.php sql injection | E | |
| CVE-2025-6961 | Campcodes Employee Management System mark.php sql injection | E | |
| CVE-2025-6962 | Campcodes Employee Management System myprofileup.php sql injection | E | |
| CVE-2025-6963 | Campcodes Employee Management System myprofile.php sql injection | E | |
| CVE-2025-6970 | Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter | S | |
| CVE-2025-6975 | Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter | S | |
| CVE-2025-6976 | Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes | S | |
| CVE-2025-6995 | Improper Encryption in Ivanti Endpoint Manager | | |
| CVE-2025-6996 | Improper Encryption in Ivanti Endpoint Manager | |