CVE-2025-7xxx

There are 804 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-7001 Insufficient Granularity of Access Control in GitLab
E S
CVE-2025-7012 Cato Networks Linux Client Local Privilege Escalation via Symlink
CVE-2025-7020 BYD DiLink OS Incorrect encryption Implementation of system log dumps
S
CVE-2025-7021 OpenAI Operator - API Spoofing through Locking Operator on FullScreen
E
CVE-2025-7022 My Reservation System <= 2.3 - Reflected XSS
E
CVE-2025-7025 Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation
CVE-2025-7026 SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0
CVE-2025-7027 SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1
CVE-2025-7028 SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer
CVE-2025-7029 SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler
CVE-2025-7030 Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
CVE-2025-7031 Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
CVE-2025-7032 Rockwell Automation Stack-based Buffer Overflow In Arena® Simulation
CVE-2025-7033 Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation
CVE-2025-7035 Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes
S
CVE-2025-7036 CleverReach WP <= 1.5.20 - Unauthenticated SQL Injection via title Parameter
CVE-2025-7037 SQL injection in Ivanti Endpoint Manager
CVE-2025-7042 Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
CVE-2025-7046 Portfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
S
CVE-2025-7050 Use-your-Drive | Google Drive plugin for WordPress <= 3.3.1- Unauthenticated Stored Cross-Site Scripting via File Metadata
CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference
S
CVE-2025-7053 Cockpit save cross site scripting
E S
CVE-2025-7054 Infinite loop triggered by connection ID retirement
CVE-2025-7056 Stored XSS in UrlShortener
CVE-2025-7057 Stored XSS in Quiz
CVE-2025-7059 Simple Featured Image <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via slideshow Parameter
CVE-2025-7060 Monitorr Installer mkdbajax.php input validation
E
CVE-2025-7061 Intelbras InControl operador csv injection
E
CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
S
CVE-2025-7067 HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
E
CVE-2025-7068 HDF5 H5FL.c H5FL__malloc memory leak
E
CVE-2025-7069 HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow
E
CVE-2025-7070 IROAD Dashcam Q9 MFA Pairing Request allocation of resources
E
CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
S
CVE-2025-7074 vercel hyper rimraf-standalone.js ignoreMap redos
E
CVE-2025-7075 BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload
E
CVE-2025-7076 BlackVue Dashcam 590X Configuration upload.cgi access control
E
CVE-2025-7077 Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow
E
CVE-2025-7078 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery
E
CVE-2025-7079 mao888 bluebell-plus JWT Token jwt.go hard-coded password
E
CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password
E
CVE-2025-7081 Belkin F9K1122 webs formSetWanStatic os command injection
E
CVE-2025-7082 Belkin F9K1122 webs formBSSetSitesurvey os command injection
E
CVE-2025-7083 Belkin F9K1122 webs mp os command injection
E
CVE-2025-7084 Belkin F9K1122 webs formWpsStart stack-based overflow
E
CVE-2025-7085 Belkin F9K1122 webs formiNICWpsStart stack-based overflow
E
CVE-2025-7086 Belkin F9K1122 webs formPPTPSetup stack-based overflow
E
CVE-2025-7087 Belkin F9K1122 webs formL2TPSetup stack-based overflow
E
CVE-2025-7088 Belkin F9K1122 webs formPPPoESetup stack-based overflow
E
CVE-2025-7089 Belkin F9K1122 webs formWanTcpipSetup stack-based overflow
E
CVE-2025-7090 Belkin F9K1122 webs formConnectionSetting stack-based overflow
E
CVE-2025-7091 Belkin F9K1122 webs formWlanMP stack-based overflow
E
CVE-2025-7092 Belkin F9K1122 webs formWlanSetupWPS stack-based overflow
E
CVE-2025-7093 Belkin F9K1122 webs formSetLanguage stack-based overflow
E
CVE-2025-7094 Belkin F9K1122 webs formBSSetSitesurvey stack-based overflow
E
CVE-2025-7095 Comodo Internet Security Premium Update certificate validation
E
CVE-2025-7096 Comodo Internet Security Premium Manifest File cis_update_x64.xml integrity check
E
CVE-2025-7097 Comodo Internet Security Premium Manifest File cis_update_x64.xml os command injection
E
CVE-2025-7098 Comodo Internet Security Premium File Name path traversal
E
CVE-2025-7099 BoyunCMS Installation install2.php deserialization
E
CVE-2025-7100 BoyunCMS Index.php unrestricted upload
E
CVE-2025-7101 BoyunCMS Configuration File install_ok.php code injection
E
CVE-2025-7102 BoyunCMS Server.php sql injection
E
CVE-2025-7103 BoyunCMS curl Index.php server-side request forgery
E
CVE-2025-7107 SimStudioAI sim route.ts handleLocalFile path traversal
E S
CVE-2025-7108 risesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversal
E
CVE-2025-7109 Portabilis i-Educar Student Benefits Registration educar_aluno_beneficio_lst.php cross site scripting
E
CVE-2025-7110 Portabilis i-Educar School Module educar_escola_lst.php cross site scripting
E
CVE-2025-7111 Portabilis i-Educar Course Module educar_curso_det.php cross site scripting
E
CVE-2025-7112 Portabilis i-Educar Function Management Module educar_funcao_det.php cross site scripting
E
CVE-2025-7113 Portabilis i-Educar Curricular Components Module edit cross site scripting
E
CVE-2025-7114 SimStudioAI sim Session route.ts POST missing authentication
E
CVE-2025-7115 rowboatlabs rowboat Session route.ts PUT missing authentication
CVE-2025-7116 UTT 进取 750W Fast_wireless_conf buffer overflow
E
CVE-2025-7117 UTT HiPER 840G websWhiteList buffer overflow
E
CVE-2025-7118 UTT HiPER 840G formPictureUrl buffer overflow
E
CVE-2025-7119 Campcodes Complaint Management System index.php sql injection
E
CVE-2025-7120 Campcodes Complaint Management System check_availability.php sql injection
E
CVE-2025-7121 Campcodes Complaint Management System complaint-details.php sql injection
E
CVE-2025-7122 Campcodes Complaint Management System index.php sql injection
E
CVE-2025-7123 Campcodes Complaint Management System complaint-details.php sql injection
E
CVE-2025-7124 code-projects Online Note Sharing Profile Image userprofile.php unrestricted upload
E
CVE-2025-7125 itsourcecode Employee Management System editempeducation.php sql injection
E
CVE-2025-7126 itsourcecode Employee Management System adminprofile.php sql injection
E
CVE-2025-7127 itsourcecode Employee Management System changepassword.php sql injection
E
CVE-2025-7128 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7129 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7130 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7131 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7132 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7133 CodeAstro Online Movie Ticket Booking System cross-site request forgery
E
CVE-2025-7134 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-7135 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-7136 Campcodes Online Recruitment Management System view_vacancy.php sql injection
E
CVE-2025-7137 SourceCodester Best Salon Management System schedule-staff.php sql injection
E
CVE-2025-7138 SourceCodester Best Salon Management System admin-profile.php sql injection
E
CVE-2025-7139 SourceCodester Best Salon Management System Update Customer Details Page edit-customer-detailed.php cross site scripting
E
CVE-2025-7140 SourceCodester Best Salon Management System Update Staff Page edit-staff.php cross site scripting
E
CVE-2025-7141 SourceCodester Best Salon Management System Update Staff Page edit_plan.php cross site scripting
E
CVE-2025-7142 SourceCodester Best Salon Management System search-appointment.php cross site scripting
E
CVE-2025-7143 SourceCodester Best Salon Management System Update Tax Page edit-tax.php cross site scripting
E
CVE-2025-7144 SourceCodester Best Salon Management System Admin Profile Page admin-profile.php cross site scripting
E
CVE-2025-7145 TeamT5|ThreatSonar Anti-Ransomware - OS Command Injection
S
CVE-2025-7146 Jhenggao iPublish System - Arbitrary File Reading through Path Traversal
S
CVE-2025-7147 CodeAstro Patient Record Management System login.php sql injection
E
CVE-2025-7148 CodeAstro Simple Hospital Management System POST Parameter patient.html cross site scripting
E M
CVE-2025-7149 Campcodes Advanced Online Voting System candidates_delete.php sql injection
E
CVE-2025-7150 Campcodes Advanced Online Voting System voters_delete.php sql injection
E
CVE-2025-7151 Campcodes Advanced Online Voting System voters_add.php unrestricted upload
E
CVE-2025-7152 Campcodes Advanced Online Voting System candidates_add.php unrestricted upload
E
CVE-2025-7153 CodeAstro Simple Hospital Management System POST Parameter doctor.html cross site scripting
E M
CVE-2025-7154 TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection
E
CVE-2025-7155 PHPGurukul Online Notes Sharing System Cookie Dashboard sql injection
E
CVE-2025-7156 hitsz-ids airda completions execute sql injection
E
CVE-2025-7157 code-projects Online Note Sharing login.php sql injection
E
CVE-2025-7158 PHPGurukul Zoo Management System manage-normal-ticket.php sql injection
E
CVE-2025-7159 PHPGurukul Zoo Management System manage-animals.php sql injection
E
CVE-2025-7160 PHPGurukul Zoo Management System index.php sql injection
E
CVE-2025-7161 PHPGurukul Zoo Management System add-normal-ticket.php sql injection
E
CVE-2025-7162 PHPGurukul Zoo Management System add-foreigners-ticket.php sql injection
E
CVE-2025-7163 PHPGurukul Zoo Management System add-animals.php sql injection
E
CVE-2025-7164 PHPGurukul/Campcodes Cyber Cafe Management System index.php sql injection
E
CVE-2025-7165 PHPGurukul/Campcodes Cyber Cafe Management System forgot-password.php sql injection
E
CVE-2025-7166 code-projects Responsive Blog Site single.php sql injection
E
CVE-2025-7167 code-projects Responsive Blog Site category.php sql injection
E
CVE-2025-7168 code-projects Crime Reporting System userlogin.php sql injection
E
CVE-2025-7169 code-projects Crime Reporting System complainer_page.php sql injection
E
CVE-2025-7170 code-projects Crime Reporting System registration.php sql injection
E
CVE-2025-7171 code-projects Crime Reporting System policelogin.php sql injection
E
CVE-2025-7172 code-projects Crime Reporting System headlogin.php sql injection
E
CVE-2025-7173 code-projects Library System add-student.php sql injection
E
CVE-2025-7174 code-projects Library System teacher-issue-book.php sql injection
E
CVE-2025-7175 code-projects E-Commerce Site users_photo.php unrestricted upload
E
CVE-2025-7176 PHPGurukul Hospital Management System view-medhistory.php sql injection
E
CVE-2025-7177 PHPGurukul Car Washing Management System editcar-washpoint.php sql injection
E
CVE-2025-7178 code-projects Food Distributor Site login.php sql injection
E
CVE-2025-7179 code-projects Library System add-teacher.php sql injection
E
CVE-2025-7180 code-projects Staff Audit System login.php sql injection
E
CVE-2025-7181 code-projects Staff Audit System test.php unrestricted upload
E
CVE-2025-7182 itsourcecode Student Transcript Processing System edit.php cross site scripting
E
CVE-2025-7183 Campcodes Sales and Inventory System customer_account.php sql injection
E
CVE-2025-7184 code-projects Library System books.php sql injection
E
CVE-2025-7185 code-projects Library System approve.php sql injection
E
CVE-2025-7186 code-projects Chat System fetch_chat.php sql injection
E
CVE-2025-7187 code-projects Chat System fetch_member.php sql injection
E
CVE-2025-7188 code-projects Chat System addmember.php sql injection
E
CVE-2025-7189 code-projects Chat System send_message.php sql injection
E
CVE-2025-7190 code-projects Library Management System student_edit_photo.php unrestricted upload
E
CVE-2025-7191 code-projects Student Enrollment System login.php sql injection
E
CVE-2025-7192 D-Link DIR-645 ssdpcgi cgibin ssdpcgi_main command injection
E
CVE-2025-7193 itsourcecode Agri-Trading Online Shopping System suppliercontroller.php sql injection
E
CVE-2025-7194 D-Link DI-500WF jhttpd ip_position.asp sprintf stack-based overflow
E
CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
M
CVE-2025-7196 code-projects Jonnys Liquor browse.php sql injection
E
CVE-2025-7197 code-projects Jonnys Liquor delete-row.php sql injection
E
CVE-2025-7198 code-projects Jonnys Liquor admin-area.php sql injection
E
CVE-2025-7199 code-projects Library System notapprove.php sql injection
E
CVE-2025-7200 krishna9772 Pharmacy Management System quantity_upd.php sql injection
E
CVE-2025-7202 Cross-Site Request Forgery (CSRF) allowed remote control of Elgato Key Lights
CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA
S
CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting
CVE-2025-7206 D-Link DIR-825 httpd switch_language.cgi sub_410DDC stack-based overflow
E
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
E S
CVE-2025-7208 9fans plan9port x509.c edump heap-based overflow
E S
CVE-2025-7209 9fans plan9port x509.c value_decode null pointer dereference
E S
CVE-2025-7210 code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload
E
CVE-2025-7211 code-projects LifeStyle Store cart_add.php sql injection
E
CVE-2025-7212 itsourcecode Insurance Management System insertAgent.php sql injection
E
CVE-2025-7213 FNKvision FNK-GU2 UART Interface on-chip debug and test interface with improper access control
E
CVE-2025-7214 FNKvision FNK-GU2 MD5 shadow risky encryption
E
CVE-2025-7215 FNKvision FNK-GU2 wpa_supplicant.conf cleartext storage
E
CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization
E
CVE-2025-7217 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7218 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7219 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7220 Campcodes Payroll Management System ajax.php sql injection
E
CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update
CVE-2025-7222 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7223 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7224 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7225 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7226 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7227 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7228 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7229 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7230 INVT VT-Designer PM3 File Parsing Type Confusion Remote Code Execution Vulnerability
CVE-2025-7231 INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7233 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2025-7234 IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7235 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7236 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7237 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7238 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7239 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7240 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7241 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7242 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7243 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7244 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7246 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7247 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7248 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7250 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7251 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7252 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7254 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7255 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7256 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7257 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7258 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7259 Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash
CVE-2025-7260 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2025-7261 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7262 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7263 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7264 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7265 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7266 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7267 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7268 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7269 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7270 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7271 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7272 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7273 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7274 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7275 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7276 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7277 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7278 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7279 IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7280 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7281 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7282 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7283 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7284 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7285 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7286 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7287 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7288 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7289 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7290 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7291 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7292 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7293 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7294 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7295 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7296 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7297 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7298 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7299 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7300 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7301 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7303 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7308 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7309 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7310 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7311 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7312 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7314 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7322 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2025-7326 EOL ASP.NET Core Elevation of Privilege Vulnerability
E
CVE-2025-7327 Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion
S
CVE-2025-7338 Multer vulnerable to Denial of Service via unhandled exception from malformed request
CVE-2025-7339 on-headers vulnerable to http response header manipulation
CVE-2025-7340 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload
S
CVE-2025-7341 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion
S
CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
S
CVE-2025-7343 Digiwin|SFT - SQL Injection
S
CVE-2025-7344 Digiwin|EAI - Privilege Escalation
S
CVE-2025-7345 Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf
M
CVE-2025-7346 Any unauthenticated attacker can bypass the localhost restrictions posed by the application and uti...
CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability
S
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes
CVE-2025-7356 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-7357 Plaintext Storage of a Password in LITEON IC48A and IC80A EV Chargers
S
CVE-2025-7359 Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block
CVE-2025-7360 HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move
S
CVE-2025-7361 Code Injection Vulnerability in NI LabVIEW when using CIN nodes
CVE-2025-7362 MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message
E
CVE-2025-7363 TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function
E
CVE-2025-7365 Keycloak: phishing attack via email verification step in first login flow
M
CVE-2025-7367 Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields
CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution
CVE-2025-7370 Rejected reason: Upon investigtion upstream maintainers discovered this was not a real issue. See th...
R
CVE-2025-7371 Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated pass...
S
CVE-2025-7376 Information Tampering Vulnerability in multiple processes of GENESIS64, MC Works64, and GENESIS
CVE-2025-7378 An improper input validation vulnerability was found on manipulating configuration of ADM
CVE-2025-7379 A security bypass vulnerability was found in DataSync Center installed on ADM
CVE-2025-7380 A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM
CVE-2025-7381 Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images
M
CVE-2025-7382 A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0....
CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library
S
CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE-2025-7390 Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
S
CVE-2025-7392 Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087
CVE-2025-7393 Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088
CVE-2025-7394 In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expe...
CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation
S
CVE-2025-7396 Curve25519 Blinding
CVE-2025-7397 CLI history displays inline passwords
CVE-2025-7398 Medium Strength Cipher Suites detected on port on ports 9000 and 8036
CVE-2025-7399 Betheme <= 28.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7401 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php
CVE-2025-7404 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C
E
CVE-2025-7407 Netgear D6400 diag.cgi os command injection
E
CVE-2025-7408 SourceCodester Zoo Management System animal_form_template.php cross site scripting
E
CVE-2025-7409 code-projects Mobile Shop LoginAsAdmin.php sql injection
E
CVE-2025-7410 code-projects LifeStyle Store cart_remove.php sql injection
E
CVE-2025-7411 code-projects LifeStyle Store success.php sql injection
E
CVE-2025-7412 code-projects Library System profile.php unrestricted upload
E
CVE-2025-7413 code-projects Library System profile.php unrestricted upload
E
CVE-2025-7414 Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection
E
CVE-2025-7415 Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection
E
CVE-2025-7416 Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow
E
CVE-2025-7417 Tenda O3V2 httpd setPingInfo fromNetToolGet stack-based overflow
E
CVE-2025-7418 Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow
E
CVE-2025-7419 Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow
E
CVE-2025-7420 Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow
E
CVE-2025-7421 Tenda O3V2 httpd operateMacFilter fromMacFilterModify stack-based overflow
E
CVE-2025-7422 Tenda O3V2 httpd setNetworkService setAutoReboot stack-based overflow
E
CVE-2025-7423 Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow
E
CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
M
CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
E M
CVE-2025-7426 MINOVA TTA Information Disclosure and Credential Exposure
E S
CVE-2025-7427 Uncontrolled Search Path Element in Arm Development Studio before 2025
CVE-2025-7431 Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug
CVE-2025-7433 A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Enc...
CVE-2025-7434 Tenda FH451 POST Request addressNat fromAddressNat stack-based overflow
E
CVE-2025-7435 LiveHelperChat lhc-php-resque Extension List list cross site scripting
E S
CVE-2025-7436 Campcodes Online Recruitment Management System ajax.php sql injection
E
CVE-2025-7437 Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload
CVE-2025-7438 MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-7439 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link
CVE-2025-7440 Anber Elementor Addon <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link
CVE-2025-7441 StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
CVE-2025-7442 WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection
CVE-2025-7443 BerqWP <= 2.2.42 - Unauthenticated Arbitrary File Upload
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider
CVE-2025-7450 letseeqiji gorobbs API user.go ResetUserAvatar path traversal
E
CVE-2025-7451 Hgiga|iSherlock - OS Command Injection
S
CVE-2025-7452 kone-net go-chat Endpoint file_controller.go GetFile path traversal
E
CVE-2025-7453 saltbo zpan JSON Web Token token.go NewToken hard-coded password
E
CVE-2025-7454 Campcodes Online Movie Theater Seat Reservation System manage_theater.php sql injection
E
CVE-2025-7455 Campcodes Online Movie Theater Seat Reservation System manage_reserve.php sql injection
E
CVE-2025-7456 Campcodes Online Movie Theater Seat Reservation System reserve.php sql injection
E
CVE-2025-7457 Campcodes Online Movie Theater Seat Reservation System manage_movie.php sql injection
E
CVE-2025-7458 SQLite integer overflow in key info allocation may lead to information disclosure.
S
CVE-2025-7459 code-projects Mobile Shop EditMobile.php sql injection
E
CVE-2025-7460 TOTOLINK T6 HTTP POST Request cstecgi.cgi setWiFiAclRules buffer overflow
E
CVE-2025-7461 code-projects Modern Bag action.php sql injection
E
CVE-2025-7462 Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference
S
CVE-2025-7463 Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow
E
CVE-2025-7464 osrg GoBGP rtr.go SplitRTR out-of-bounds
S
CVE-2025-7465 Tenda FH1201 HTTP POST Request fromRouteStatic buffer overflow
E
CVE-2025-7466 1000projects ABC Courier Management add_dealerrequest.php sql injection
E
CVE-2025-7467 code-projects Modern Bag product-detail.php sql injection
E
CVE-2025-7468 Tenda FH1201 HTTP POST Request fromSafeUrlFilter buffer overflow
E
CVE-2025-7469 Campcodes Sales and Inventory System product_add.php sql injection
E
CVE-2025-7470 Campcodes Sales and Inventory System product_add.php unrestricted upload
E
CVE-2025-7471 code-projects Modern Bag login-back.php sql injection
E
CVE-2025-7472 A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1....
CVE-2025-7474 code-projects Job Diary search.php sql injection
E
CVE-2025-7475 code-projects Simple Car Rental System pay.php sql injection
E
CVE-2025-7476 code-projects Simple Car Rental System approve.php sql injection
E
CVE-2025-7477 code-projects Simple Car Rental System add_cars.php unrestricted upload
E
CVE-2025-7478 code-projects Modern Bag category-list.php sql injection
E
CVE-2025-7479 PHPGurukul Vehicle Parking Management System view--detail.php sql injection
E
CVE-2025-7480 PHPGurukul Vehicle Parking Management System signup.php sql injection
E
CVE-2025-7481 PHPGurukul Vehicle Parking Management System profile.php sql injection
E
CVE-2025-7482 PHPGurukul Vehicle Parking Management System print.php sql injection
E
CVE-2025-7483 PHPGurukul Vehicle Parking Management System forgot-password.php sql injection
E
CVE-2025-7484 PHPGurukul Vehicle Parking Management System view-outgoingvehicle-detail.php sql injection
E
CVE-2025-7485 Open5GS SCTP Partial Message recv_handler assertion
E S
CVE-2025-7486 Ebook Store <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details
CVE-2025-7487 JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload
E
CVE-2025-7488 JoeyBling SpringBoot_MyBatisPlus download path traversal
E
CVE-2025-7489 PHPGurukul Vehicle Parking Management System search-vehicle.php sql injection
E
CVE-2025-7490 PHPGurukul Vehicle Parking Management System reg-users.php sql injection
E
CVE-2025-7491 PHPGurukul Vehicle Parking Management System manage-outgoingvehicle.php sql injection
E
CVE-2025-7492 PHPGurukul Vehicle Parking Management System manage-incomingvehicle.php sql injection
E
CVE-2025-7495 WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7496 WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
CVE-2025-7497 PRT File Parsing Out-of-Bounds Write Vulnerability
S
CVE-2025-7498 Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown
S
CVE-2025-7499 BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure
CVE-2025-7500 Ocean Social Sharing <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7501 Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting
CVE-2025-7502 WPBakery Page Builder for WordPress <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7503 An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet ser...
CVE-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection
E S
CVE-2025-7505 Tenda FH451 HTTP POST Request L7Prot frmL7ProtForm stack-based overflow
E
CVE-2025-7506 Tenda FH451 HTTP POST Request Natlimit fromNatlimit stack-based overflow
E
CVE-2025-7507 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation
CVE-2025-7508 code-projects Modern Bag product-update.php sql injection
E
CVE-2025-7509 code-projects Modern Bag slide.php sql injection
E
CVE-2025-7510 code-projects Modern Bag productadd_back.php sql injection
E
CVE-2025-7511 code-projects Chat System update_account.php sql injection
E S
CVE-2025-7512 code-projects Modern Bag contact-back.php sql injection
E
CVE-2025-7513 code-projects Modern Bag slideupdate.php sql injection
E
CVE-2025-7514 code-projects Modern Bag contact-list.php sql injection
E
CVE-2025-7515 code-projects Online Appointment Booking System ulocateus.php sql injection
E
CVE-2025-7516 code-projects Online Appointment Booking System cancelbookingpatient.php sql injection
E
CVE-2025-7517 code-projects Online Appointment Booking System getDay.php sql injection
E
CVE-2025-7518 RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read
CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
S
CVE-2025-7520 PHPGurukul Vehicle Parking Management System manage-category.php sql injection
E
CVE-2025-7521 PHPGurukul Vehicle Parking Management System index.php sql injection
E
CVE-2025-7522 PHPGurukul Vehicle Parking Management System bwdates-reports-details.php sql injection
E
CVE-2025-7523 Jinher OA DelTemp.aspx xml external entity reference
E
CVE-2025-7524 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg command injection
E
CVE-2025-7525 TOTOLINK T6 HTTP POST Request cstecgi.cgi setTracerouteCfg command injection
E
CVE-2025-7527 Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow
E
CVE-2025-7528 Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow
E
CVE-2025-7529 Tenda FH1202 Natlimit fromNatlimit stack-based overflow
E
CVE-2025-7530 Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow
E
CVE-2025-7531 Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow
E
CVE-2025-7532 Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
E
CVE-2025-7533 code-projects Job Diary view-details.php sql injection
E
CVE-2025-7534 PHPGurukul Student Result Management System GET Parameter notice-details.php sql injection
E
CVE-2025-7535 Campcodes Sales and Inventory System reprint_cash.php sql injection
E
CVE-2025-7536 Campcodes Sales and Inventory System receipt_credit.php sql injection
E
CVE-2025-7537 Campcodes Sales and Inventory System product_update.php sql injection
E
CVE-2025-7538 Campcodes Sales and Inventory System product_update.php unrestricted upload
E
CVE-2025-7539 code-projects Online Appointment Booking System getdoctordaybooking.php sql injection
E
CVE-2025-7540 code-projects Online Appointment Booking System getclinic.php sql injection
E
CVE-2025-7541 code-projects Online Appointment Booking System get_town.php sql injection
E
CVE-2025-7542 PHPGurukul User Registration & Login and User Management System user-profile.php sql injection
E
CVE-2025-7543 PHPGurukul User Registration & Login and User Management System manage-users.php sql injection
E
CVE-2025-7544 Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow
E
CVE-2025-7545 GNU Binutils objcopy.c copy_section heap-based overflow
E S
CVE-2025-7546 GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write
E S
CVE-2025-7547 Campcodes Online Movie Theater Seat Reservation System admin_class.php save_movie unrestricted upload
E
CVE-2025-7548 Tenda FH1201 SafeEmailFilter formSafeEmailFilter stack-based overflow
E
CVE-2025-7549 Tenda FH1201 L7Prot frmL7ProtForm stack-based overflow
E
CVE-2025-7550 Tenda FH1201 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow
E
CVE-2025-7551 Tenda FH1201 PPTPDClient fromPptpUserAdd stack-based overflow
E
CVE-2025-7552 Dromara Northstar Path AuthorizationInterceptor.java preHandle access control
E S
CVE-2025-7553 D-Link DIR-818LW System Time Page os command injection
CVE-2025-7554 Sapido RB-1802 URL Filtering Page urlfilter.asp cross site scripting
CVE-2025-7555 code-projects Voting System voters_add.php sql injection
E
CVE-2025-7556 code-projects Voting System voters_edit.php sql injection
E
CVE-2025-7557 code-projects Voting System voters_row.php sql injection
E
CVE-2025-7558 code-projects Voting System positions_add.php sql injection
E
CVE-2025-7559 PHPGurukul Online Fire Reporting System bwdates-report-result.php sql injection
E
CVE-2025-7560 PHPGurukul Online Fire Reporting System workin-progress-requests.php sql injection
E
CVE-2025-7561 PHPGurukul Online Fire Reporting System team-ontheway-requests.php sql injection
E
CVE-2025-7562 PHPGurukul Online Fire Reporting System new-requests.php sql injection
E
CVE-2025-7563 PHPGurukul Online Fire Reporting System completed-requests.php sql injection
E
CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials
E
CVE-2025-7565 LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure
E
CVE-2025-7566 jshERP SystemConfigController.java exportExcelByParam path traversal
E
CVE-2025-7567 ShopXO header.html cross site scripting
E
CVE-2025-7568 qianfox FoxCMS Video.php batchCope sql injection
E
CVE-2025-7569 Bigotry OneBase think_exception.tpl parse_args cross site scripting
E
CVE-2025-7570 UTT HiPER 840G aspRemoteApConfTempSend buffer overflow
E
CVE-2025-7571 UTT HiPER 840G aspApBasicConfigUrcp buffer overflow
E
CVE-2025-7572 LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
E
CVE-2025-7573 LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
E
CVE-2025-7574 LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication
E
CVE-2025-7575 Zavy86 WikiDocs submit.php image_delete_ajax path traversal
E S
CVE-2025-7576 Teledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access control
E
CVE-2025-7577 Teledyne FLIR FB-Series O/FLIR FH-Series ID hard-coded password
E
CVE-2025-7578 Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection
CVE-2025-7579 chinese-poetry server.js redos
E
CVE-2025-7580 code-projects Voting System positions_row.php sql injection
E
CVE-2025-7581 code-projects Voting System positions_edit.php sql injection
E
CVE-2025-7582 PHPGurukul Online Fire Reporting System assigned-requests.php sql injection
E
CVE-2025-7583 PHPGurukul Online Fire Reporting System all-requests.php sql injection
E
CVE-2025-7584 PHPGurukul Online Fire Reporting System add-team.php sql injection
E
CVE-2025-7585 PHPGurukul Online Fire Reporting System manage-site.php sql injection
E
CVE-2025-7586 Tenda AC500 setWtpData formSetAPCfg stack-based overflow
E
CVE-2025-7587 code-projects Online Appointment Booking System cover.php sql injection
E
CVE-2025-7588 PHPGurukul Dairy Farm Shop Management System edit-product.php sql injection
E
CVE-2025-7589 PHPGurukul Dairy Farm Shop Management System edit-company.php sql injection
E
CVE-2025-7590 PHPGurukul Dairy Farm Shop Management System edit-category.php sql injection
E
CVE-2025-7591 PHPGurukul Dairy Farm Shop Management System view-invoice.php sql injection
E
CVE-2025-7592 PHPGurukul Dairy Farm Shop Management System invoices.php sql injection
E
CVE-2025-7593 code-projects Job Diary view-all.php sql injection
E
CVE-2025-7594 code-projects Job Diary view-emp.php sql injection
E
CVE-2025-7595 code-projects Job Diary view-cad.php sql injection
E
CVE-2025-7596 Tenda FH1205 WifiExtraSet formWifiExtraSet stack-based overflow
E
CVE-2025-7597 Tenda AX1803 setMacFilterCfg formSetMacFilterCfg stack-based overflow
E
CVE-2025-7598 Tenda AX1803 setWifiFilterCfg formSetWifiMacFilterCfg stack-based overflow
E
CVE-2025-7599 PHPGurukul Dairy Farm Shop Management System invoice.php sql injection
E
CVE-2025-7600 PHPGurukul Online Library Management System student-history.php sql injection
E
CVE-2025-7601 PHPGurukul Online Library Management System student-history.php cross site scripting
E
CVE-2025-7602 D-Link DI-8100 HTTP Request arp_sys.asp stack-based overflow
E
CVE-2025-7603 D-Link DI-8100 HTTP Request jingx.asp stack-based overflow
E
CVE-2025-7604 PHPGurukul Hospital Management System user-login.php sql injection
E
CVE-2025-7605 code-projects AVL Rooms profile.php sql injection
E
CVE-2025-7606 code-projects AVL Rooms city.php sql injection
E
CVE-2025-7607 code-projects Simple Shopping Cart save_order.php sql injection
E
CVE-2025-7608 code-projects Simple Shopping Cart userlogin.php sql injection
E
CVE-2025-7609 code-projects Simple Shopping Cart register.php sql injection
E
CVE-2025-7610 code-projects Electricity Billing System change_password.php sql injection
E
CVE-2025-7611 code-projects Wedding Reservation global.php sql injection
E
CVE-2025-7612 code-projects Mobile Shop login.php sql injection
E
CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection
E
CVE-2025-7614 TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection
E
CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection
E
CVE-2025-7616 gmg137 snap7-rs Public API pthread_cond_destroy memory corruption
E
CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM
CVE-2025-7619 WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal
S
CVE-2025-7620 DSIC|Cross-browser Components for Official Document Creation - Remote Code Execution
S
CVE-2025-7622 During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allo...
CVE-2025-7624 An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions ol...
CVE-2025-7625 YiJiuSmile kkFileViewOfficeEdit download path traversal
E
CVE-2025-7626 YiJiuSmile kkFileViewOfficeEdit onlinePreview path traversal
E
CVE-2025-7627 YiJiuSmile kkFileViewOfficeEdit fileUpload unrestricted upload
E
CVE-2025-7628 YiJiuSmile kkFileViewOfficeEdit deleteFile path traversal
E
CVE-2025-7638 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter
CVE-2025-7640 hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion
CVE-2025-7641 Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion
CVE-2025-7642 Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass
CVE-2025-7643 Attachment Manager <= 2.1.2 - Unauthenticated Arbitrary File Deletion
CVE-2025-7644 Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7645 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion
CVE-2025-7646 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7648 Ruven Themes: Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7650 BizCalendar Web <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion
CVE-2025-7651 Earnware Connect <= 1.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7653 EPay.bg Payments <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library
CVE-2025-7655 Live Stream Badger <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7656 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potenti...
CVE-2025-7657 Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to poten...
CVE-2025-7658 Temporarily Hidden Content <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7660 Map My Locations <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7661 Partnerský systém Martinus <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7662 Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection
CVE-2025-7664 Al Pack <= 1.0.2 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function
CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
CVE-2025-7668 Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7669 Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7670 JS Archive List <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function
CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4
CVE-2025-7673 A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K fir...
CVE-2025-7674 navify Monitoring API input validation
CVE-2025-7675 3DM File Parsing Out-of-Bounds Write Vulnerability
S
CVE-2025-7676 DLL hijacking of all PE32 executables on Windows 11 for ARM CPUs
CVE-2025-7677 DOS attack possible
CVE-2025-7679 Session ID Basic Auth Bypass
CVE-2025-7683 LatestCheckins <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7685 Like & Share My Site <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7687 Latest Post Accordian Slider <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7689 Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function
CVE-2025-7690 Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-7692 Orion Login with SMS <= 1.0.5 - Authenticated Bypass via Weak OTP
CVE-2025-7693 Rockwell Automation Micro800 Vulnerability
S
CVE-2025-7694 Woffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion
CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route
CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function
CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function
CVE-2025-7699 An improper access control vulnerability was found in the EZ Sync Manager of ADM
CVE-2025-7703 Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of informat...
CVE-2025-7705 Authentication bypass due to compatibility mode enabled by default
CVE-2025-7710 Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator
CVE-2025-7712 Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion
CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090
CVE-2025-7716 Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091
CVE-2025-7717 File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089
CVE-2025-7722 Social Streams <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-7723 Authenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2
S
CVE-2025-7724 Unauthenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2
S
CVE-2025-7725 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-7726 The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes
CVE-2025-7727 Gutenverse <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Fun Fact Blocks
CVE-2025-7728 Scada-LTS users.shtm cross site scripting
E
CVE-2025-7729 Scada-LTS usersProfiles.shtm cross site scripting
E
CVE-2025-7732 Lazy Load for Videos <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes
CVE-2025-7734 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-7735 UNIMAX|Hospital Information System - SQL Injection
S
CVE-2025-7738 Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap
M
CVE-2025-7739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2025-7742 Authentication Bypass in LG Innotek Camera
CVE-2025-7745 Modbus TCP buffer overread
CVE-2025-7747 Tenda FH451 POST Request WizardHandle fromWizardHandle buffer overflow
E
CVE-2025-7748 ZCMS Create Article Page cross site scripting
E
CVE-2025-7749 code-projects Online Appointment Booking System getmanagerregion.php sql injection
E
CVE-2025-7750 code-projects Online Appointment Booking System adddoctorclinic.php sql injection
E
CVE-2025-7751 code-projects Online Appointment Booking System addclinic.php sql injection
E
CVE-2025-7752 code-projects Online Appointment Booking System deletedoctor.php sql injection
E
CVE-2025-7753 code-projects Online Appointment Booking System adddoctor.php sql injection
E
CVE-2025-7754 code-projects Patient Record Management System xray_form.php sql injection
E
CVE-2025-7755 code-projects Online Ordering System edit_product.php unrestricted upload
E
CVE-2025-7756 code-projects E-Commerce Site cross-site request forgery
E
CVE-2025-7757 PHPGurukul Land Record System edit-property.php sql injection
E
CVE-2025-7758 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow
E
CVE-2025-7759 thinkgem JeeSite UEditor Image Grabber ActionEnter.java server-side request forgery
E S
CVE-2025-7761 Reflected XSS in Lepszy BIP
E
CVE-2025-7762 D-Link DI-8100 HTTP Request menu_nat_more.asp stack-based overflow
E
CVE-2025-7763 thinkgem JeeSite Site Controller SiteController.java select redirect
E S
CVE-2025-7764 code-projects Online Appointment Booking System deletedoctorclinic.php sql injection
E
CVE-2025-7765 code-projects Online Appointment Booking System addmanagerclinic.php sql injection
E
CVE-2025-7766 Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
S
CVE-2025-7767 PHPGurukul Art Gallery Management System edit-art-medium-detail.php cross site scripting
E
CVE-2025-7768 Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced
M
CVE-2025-7769 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced
M
CVE-2025-7770 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced
M
CVE-2025-7771 Code Execution / Escalation of Privileges in ThrottleStop
CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
CVE-2025-7773 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities
S
CVE-2025-7774 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities
S
CVE-2025-7775 Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service
KEV
CVE-2025-7776 Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service
CVE-2025-7777 Mirror-registry: host header injection in mirror-registry
CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function
CVE-2025-7780 Ai Engine <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary
E S
CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)
M
CVE-2025-7785 thinkgem JeeSite SsoController.java sso redirect
E S
CVE-2025-7786 Gnuboard g6 Post Reply qa cross site scripting
E
CVE-2025-7787 Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery
E
CVE-2025-7788 Xuxueli xxl-job SampleXxlJob.java commandJobHandler os command injection
E
CVE-2025-7789 Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash
E
CVE-2025-7790 D-Link DI-8100 HTTP Request menu_nat.asp stack-based overflow
E
CVE-2025-7791 PHPGurukul Online Security Guards Hiring System search.php cross site scripting
E
CVE-2025-7792 Tenda FH451 SafeEmailFilter formSafeEmailFilter stack-based overflow
E
CVE-2025-7793 Tenda FH451 webtypelibrary formWebTypeLibrary stack-based overflow
E
CVE-2025-7794 Tenda FH451 NatStaticSetting fromNatStaticSetting stack-based overflow
E
CVE-2025-7795 Tenda FH451 P2pListFilter fromP2pListFilter stack-based overflow
E
CVE-2025-7796 Tenda FH451 PPTPDClient fromPptpUserAdd stack-based overflow
E
CVE-2025-7797 GPAC dash_client.c gf_dash_download_init_segment null pointer dereference
E S
CVE-2025-7798 Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System companyManage sql injection
E
CVE-2025-7800 cgpandey hotelmis HTTP GET Request admin.php cross site scripting
CVE-2025-7801 BossSoft CRM HNDCBas_customPrmSearchDtl.jsp sql injection
E
CVE-2025-7802 PHPGurukul Complaint Management System complaint-search.php cross site scripting
E
CVE-2025-7803 descreekert wx-discuz wx.php validToken cross site scripting
E
CVE-2025-7805 Tenda FH451 PPTPUserSetting fromPptpUserSetting stack-based overflow
E
CVE-2025-7806 Tenda FH451 SafeClientFilter fromSafeClientFilter stack-based overflow
E
CVE-2025-7807 Tenda FH451 SafeUrlFilter fromSafeUrlFilter stack-based overflow
E
CVE-2025-7808 WP Shopify < 1.5.4 - Reflected XSS
E
CVE-2025-7809 StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7810 StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7811 StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection
CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery
CVE-2025-7814 code-projects Food Ordering Review System signup_function.php sql injection
E
CVE-2025-7815 PHPGurukul Apartment Visitors Management System HTTP POST Request manage-newvisitors.php cross site scripting
E
CVE-2025-7816 PHPGurukul Apartment Visitors Management System HTTP POST Request visitor-detail.php cross site scripting
E
CVE-2025-7817 PHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-reports.php cross site scripting
E
CVE-2025-7818 PHPGurukul Apartment Visitors Management System HTTP POST Request category.php cross site scripting
E
CVE-2025-7819 PHPGurukul Apartment Visitors Management System HTTP POST Request create-pass.php cross site scripting
E
CVE-2025-7821 WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation
CVE-2025-7822 WP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/Disable
CVE-2025-7823 Jinher OA ProjectScheduleDelete.aspx xml external entity reference
E
CVE-2025-7824 Jinher OA XmlHttp.aspx xml external entity reference
E
CVE-2025-7827 Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2025-7828 WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion
CVE-2025-7829 code-projects Church Donation System login.php sql injection
E
CVE-2025-7830 code-projects Church Donation System reg.php sql injection
E
CVE-2025-7831 code-projects Church Donation System Tithes.php sql injection
E
CVE-2025-7832 code-projects Church Donation System offering.php sql injection
E
CVE-2025-7833 code-projects Church Donation System giving.php sql injection
E
CVE-2025-7834 PHPGurukul Complaint Management System cross-site request forgery
E
CVE-2025-7835 iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update
CVE-2025-7836 D-Link DIR-816L Environment Variable cgibin lxmldbc_system command injection
E
CVE-2025-7837 TOTOLINK T6 MQTT Service recvSlaveStaInfo buffer overflow
E
CVE-2025-7838 Campcodes Online Movie Theater Seat Reservation System manage_seat.php sql injection
E
CVE-2025-7839 Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery
CVE-2025-7840 Campcodes Online Movie Theater Seat Reservation System Reserve Your Seat Page index.php cross site scripting
E
CVE-2025-7841 Sertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings Update
CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion
CVE-2025-7844 wolfTPM library wrapper function `wolfTPM2_RsaKey_TpmToWolf` copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow
CVE-2025-7845 Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets
CVE-2025-7847 AI Engine 2.9.3 - 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-7848 Missing input check in lvpict.cpp used in NI LabVIEW
CVE-2025-7849 Memory Corruption Issue in NI LabVIEW due to improper error handling
CVE-2025-7852 WPBookit <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function
CVE-2025-7853 Tenda FH451 SetIpBind fromSetIpBind stack-based overflow
E
CVE-2025-7854 Tenda FH451 VirtualSer fromVirtualSer stack-based overflow
E
CVE-2025-7855 Tenda FH451 qossetting fromqossetting stack-based overflow
E
CVE-2025-7856 PHPGurukul Apartment Visitors Management System HTTP POST Request pass-details.php cross site scripting
E
CVE-2025-7857 PHPGurukul Apartment Visitors Management System HTTP POST Request bwdates-passreports-details.php cross site scripting
E
CVE-2025-7858 PHPGurukul Apartment Visitors Management System HTTP POST Request admin-profile.php cross site scripting
E
CVE-2025-7859 code-projects Church Donation System update_password_admin.php sql injection
E
CVE-2025-7860 code-projects Church Donation System login_admin.php sql injection
E
CVE-2025-7861 code-projects Church Donation System search.php sql injection
E
CVE-2025-7862 TOTOLINK T6 Telnet Service cstecgi.cgi setTelnetCfg missing authentication
E
CVE-2025-7863 thinkgem JeeSite ServletUtils.java redirectUrl
E S
CVE-2025-7864 thinkgem JeeSite FileUploadController.java upload unrestricted upload
E S
CVE-2025-7865 thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting
E S
CVE-2025-7866 Portabilis i-Educar Disabilities Module educar_deficiencia_lst.php cross site scripting
E
CVE-2025-7867 Portabilis i-Educar Agenda agenda.php cross site scripting
E
CVE-2025-7868 Portabilis i-Educar Calendar Module educar_calendario_dia_motivo_cad.php cross site scripting
E
CVE-2025-7869 Portabilis i-Educar Turma Module educar_turma_tipo_det.php cross site scripting
E
CVE-2025-7870 Portabilis i-Diario justificativas-de-falta Endpoint cross site scripting
E
CVE-2025-7871 Portabilis i-Diario conteudos cross site scripting
E
CVE-2025-7872 Portabilis i-Diario justificativas-de-falta cross site scripting
E
CVE-2025-7873 Metasoft 美特软件 MetaCRM mcc_login.jsp sql injection
E
CVE-2025-7874 Metasoft 美特软件 MetaCRM env.jsp information disclosure
E
CVE-2025-7875 Metasoft 美特软件 MetaCRM debug.jsp improper authentication
E
CVE-2025-7876 Metasoft 美特软件 MetaCRM download.jsp AnalyzeParam deserialization
E
CVE-2025-7877 Metasoft 美特软件 MetaCRM sendfile.jsp unrestricted upload
E
CVE-2025-7878 Metasoft 美特软件 MetaCRM upload2.jsp unrestricted upload
E
CVE-2025-7879 Metasoft 美特软件 MetaCRM mobileupload.jsp unrestricted upload
E
CVE-2025-7880 Metasoft 美特软件 MetaCRM sendsms.jsp unrestricted upload
E
CVE-2025-7881 Mercusys MW301R Web Interface password recovery
E
CVE-2025-7882 Mercusys MW301R Login excessive authentication
E
CVE-2025-7883 Eluktronics Control Center Powershell Script Command command injection
E
CVE-2025-7884 Eluktronics Control Center REG File data authenticity
E
CVE-2025-7885 Huashengdun WebSSH Login Page cross site scripting
E
CVE-2025-7886 pmTicket Project-Management-Software class.database.php getUserLanguage sql injection
CVE-2025-7887 Zavy86 WikiDocs template.inc.php cross site scripting
E
CVE-2025-7888 TDuckCloud tduck-platform UserFormDataMapper.java UserFormDataMapper sql injection
E
CVE-2025-7889 CallApp Caller ID App caller.id.phone.number.block AndroidManifest.xml improper export of android application components
E
CVE-2025-7890 Dunamu StockPlus App com.dunamu.stockplus AndroidManifest.xml improper export of android application components
E
CVE-2025-7891 InstantBits Web Video Cast App com.instantbits.cast.webvideo AndroidManifest.xml improper export of android application components
E
CVE-2025-7892 IDnow App de.idnow AndroidManifest.xml improper export of android application components
E
CVE-2025-7893 Foresight News App pro.foresightnews.appa AndroidManifest.xml improper export of android application components
E
CVE-2025-7894 Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection
E
CVE-2025-7895 harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload
CVE-2025-7896 harry0703 MoneyPrinterTurbo video.py delete_video path traversal
CVE-2025-7897 harry0703 MoneyPrinterTurbo API Endpoint base.py verify_token missing authentication
CVE-2025-7898 Codecanyon iDentSoft Account Setting Page updateSetting unrestricted upload
E
CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)
CVE-2025-7900 Insecure Direct Object Reference in extension "femanager" (femanager)
CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting
CVE-2025-7902 yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting
E
CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer
E
CVE-2025-7904 itsourcecode Insurance Management System insertNominee.php sql injection
E
CVE-2025-7905 itsourcecode Insurance Management System insertPayment.php sql injection
E
CVE-2025-7906 yangzongzhuan RuoYi CommonController.java uploadFile unrestricted upload
E
CVE-2025-7907 yangzongzhuan RuoYi Druid application-druid.yml default credentials
E
CVE-2025-7908 D-Link DI-8100 jhttpd ddns.asp sprintf stack-based overflow
E
CVE-2025-7909 D-Link DIR-513 Boa Webserver formLanSetupRouterSettings sprintf stack-based overflow
E
CVE-2025-7910 D-Link DIR-513 Boa Webserver formSetWanNonLogin sprintf stack-based overflow
E
CVE-2025-7911 D-Link DI-8100 jhttpd upnp_ctrl.asp sprintf stack-based overflow
E
CVE-2025-7912 TOTOLINK T6 MQTT Service recvSlaveUpgstatus buffer overflow
E
CVE-2025-7913 TOTOLINK T6 MQTT Service updateWifiInfo buffer overflow
E
CVE-2025-7914 Tenda AC6 httpd setparentcontrolinfo buffer overflow
CVE-2025-7915 Chanjet CRM Login Page mailinactive.php sql injection
E
CVE-2025-7916 Simopro Technology|WinMatrix3 - Insecure Deserialization
S
CVE-2025-7917 Simopro Technology|WinMatrix3 Web package - Arbitrary File Upload
S
CVE-2025-7918 Simopro Technology|WinMatrix3 Web package - SQL Injection
S
CVE-2025-7919 Simopro Technology|WinMatrix3 Web package - SQL Injection
S
CVE-2025-7920 Simopro Technology|WinMatrix3 Web package - Reflected Cross-Site Scripting
S
CVE-2025-7921 ASKEY|modem - Stack-based Buffer Overflow
S
CVE-2025-7924 PHPGurukul Online Banquet Booking System admin-profile.php cross site scripting
E
CVE-2025-7925 PHPGurukul Online Banquet Booking System login.php cross site scripting
E
CVE-2025-7926 PHPGurukul Online Banquet Booking System booking-search.php cross site scripting
E
CVE-2025-7927 PHPGurukul Online Banquet Booking System view-user-queries.php sql injection
E
CVE-2025-7928 code-projects Church Donation System edit_user.php sql injection
E
CVE-2025-7929 code-projects Church Donation System edit_Members.php sql injection
E
CVE-2025-7930 code-projects Church Donation System add_members.php sql injection
E
CVE-2025-7931 code-projects Church Donation System admin_pic.php unrestricted upload
E
CVE-2025-7932 D-Link DIR‑817L ssdpcgi lxmldbc_system command injection
E
CVE-2025-7933 Campcodes Sales and Inventory System Setting settings_update.php sql injection
E
CVE-2025-7934 fuyang_lipengjun platform ScheduleJobController.java queryPage sql injection
E
CVE-2025-7935 fuyang_lipengjun platform SysLogController.java SysLogController sql injection
E
CVE-2025-7936 fuyang_lipengjun platform ScheduleJobLogController.java queryPage sql injection
E
CVE-2025-7938 jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization
E
CVE-2025-7939 jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload
CVE-2025-7940 Genshin Albedo Cat House App com.house.auscat AndroidManifest.xml improper export of android application components
E
CVE-2025-7941 PHPGurukul Time Table Generator System profile.php cross site scripting
E
CVE-2025-7942 PHPGurukul Taxi Stand Management System admin-profile.php cross site scripting
E
CVE-2025-7943 PHPGurukul Taxi Stand Management System search-autoortaxi.php cross site scripting
E
CVE-2025-7944 PHPGurukul Taxi Stand Management System search.php cross site scripting
E
CVE-2025-7945 D-Link DIR-513 formSetWanDhcpplus buffer overflow
CVE-2025-7946 PHPGurukul Apartment Visitors Management System HTTP POST Request search-visitor.php cross site scripting
E
CVE-2025-7947 jshERP Account delete improper authorization
E
CVE-2025-7948 jshERP updatePwd password recovery
E
CVE-2025-7949 Sanluan PublicCMS preview.html redirect
E S
CVE-2025-7950 code-projects Public Chat Room login.php sql injection
E
CVE-2025-7951 code-projects Public Chat Room send_message.php cross site scripting
E
CVE-2025-7952 TOTOLINK T6 MQTT Packet wireless.so ckeckKeepAlive command injection
E
CVE-2025-7953 Sanluan PublicCMS viewer.html redirect
E S
CVE-2025-7954 Race Condition in Shopware Voucher Submission
E M
CVE-2025-7955 RingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function
CVE-2025-7956 Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler
CVE-2025-7957 ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter
CVE-2025-7959 Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters
CVE-2025-7961 KAP 3.6.0 - TCC Bypass
CVE-2025-7962 In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 ch...
CVE-2025-7965 CBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRF
E
CVE-2025-7966 Get Youtube Subs <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via subscribe_link_att Function
CVE-2025-7969 Markdown-it 14.1.0 - Cross-site scripting (XSS)
E
CVE-2025-7971 Studio 5000 Logix Designer® – Arbitrary Code Execution Vulnerability
CVE-2025-7972 Rockwell Automation FactoryTalk® Linx Network Browser Security Bypass Vulnerability
S
CVE-2025-7973 Rockwell Automation FactoryTalk® ViewPoint Privilege Escalation Vulnerability
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.