| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-7021 | OpenAI Operator - API Spoofing through Locking Operator on FullScreen | | |
| CVE-2025-7026 | SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0 | | |
| CVE-2025-7027 | SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1 | | |
| CVE-2025-7028 | SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer | | |
| CVE-2025-7029 | SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler | | |
| CVE-2025-7030 | Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085 | | |
| CVE-2025-7031 | Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086 | | |
| CVE-2025-7037 | SQL injection in Ivanti Endpoint Manager | | |
| CVE-2025-7046 | Portfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS | S | |
| CVE-2025-7053 | Cockpit save cross site scripting | E S | |
| CVE-2025-7056 | Stored XSS in UrlShortener | | |
| CVE-2025-7057 | Stored XSS in Quiz | | |
| CVE-2025-7059 | Simple Featured Image <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via slideshow Parameter | | |
| CVE-2025-7060 | Monitorr Installer mkdbajax.php input validation | E | |
| CVE-2025-7061 | Intelbras InControl operador csv injection | E | |
| CVE-2025-7066 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau | S | |
| CVE-2025-7067 | HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow | E | |
| CVE-2025-7068 | HDF5 H5FL.c H5FL__malloc memory leak | E | |
| CVE-2025-7069 | HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow | E | |
| CVE-2025-7070 | IROAD Dashcam Q9 MFA Pairing Request allocation of resources | E | |
| CVE-2025-7074 | vercel hyper rimraf-standalone.js ignoreMap redos | E | |
| CVE-2025-7075 | BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload | E | |
| CVE-2025-7076 | BlackVue Dashcam 590X Configuration upload.cgi access control | E | |
| CVE-2025-7077 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow | E | |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery | E | |
| CVE-2025-7079 | mao888 bluebell-plus JWT Token jwt.go hard-coded password | E | |
| CVE-2025-7080 | Done-0 Jank JWT Token jwt_utils.go hard-coded password | E | |
| CVE-2025-7081 | Belkin F9K1122 webs formSetWanStatic os command injection | E | |
| CVE-2025-7082 | Belkin F9K1122 webs formBSSetSitesurvey os command injection | E | |
| CVE-2025-7083 | Belkin F9K1122 webs mp os command injection | E | |
| CVE-2025-7084 | Belkin F9K1122 webs formWpsStart stack-based overflow | E | |
| CVE-2025-7085 | Belkin F9K1122 webs formiNICWpsStart stack-based overflow | E | |
| CVE-2025-7086 | Belkin F9K1122 webs formPPTPSetup stack-based overflow | E | |
| CVE-2025-7087 | Belkin F9K1122 webs formL2TPSetup stack-based overflow | E | |
| CVE-2025-7088 | Belkin F9K1122 webs formPPPoESetup stack-based overflow | E | |
| CVE-2025-7089 | Belkin F9K1122 webs formWanTcpipSetup stack-based overflow | E | |
| CVE-2025-7090 | Belkin F9K1122 webs formConnectionSetting stack-based overflow | E | |
| CVE-2025-7091 | Belkin F9K1122 webs formWlanMP stack-based overflow | E | |
| CVE-2025-7092 | Belkin F9K1122 webs formWlanSetupWPS stack-based overflow | E | |
| CVE-2025-7093 | Belkin F9K1122 webs formSetLanguage stack-based overflow | E | |
| CVE-2025-7094 | Belkin F9K1122 webs formBSSetSitesurvey stack-based overflow | E | |
| CVE-2025-7095 | Comodo Internet Security Premium Update certificate validation | E | |
| CVE-2025-7096 | Comodo Internet Security Premium Manifest File cis_update_x64.xml integrity check | E | |
| CVE-2025-7097 | Comodo Internet Security Premium Manifest File cis_update_x64.xml os command injection | E | |
| CVE-2025-7098 | Comodo Internet Security Premium File Name path traversal | E | |
| CVE-2025-7099 | BoyunCMS Installation install2.php deserialization | E | |
| CVE-2025-7100 | BoyunCMS Index.php unrestricted upload | E | |
| CVE-2025-7101 | BoyunCMS Configuration File install_ok.php code injection | E | |
| CVE-2025-7102 | BoyunCMS Server.php sql injection | E | |
| CVE-2025-7103 | BoyunCMS curl Index.php server-side request forgery | E | |
| CVE-2025-7107 | SimStudioAI sim route.ts handleLocalFile path traversal | E S | |
| CVE-2025-7108 | risesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversal | E | |
| CVE-2025-7109 | Portabilis i-Educar Student Benefits Registration educar_aluno_beneficio_lst.php cross site scripting | E | |
| CVE-2025-7110 | Portabilis i-Educar School Module educar_escola_lst.php cross site scripting | E | |
| CVE-2025-7111 | Portabilis i-Educar Course Module educar_curso_det.php cross site scripting | E | |
| CVE-2025-7112 | Portabilis i-Educar Function Management Module educar_funcao_det.php cross site scripting | E | |
| CVE-2025-7113 | Portabilis i-Educar Curricular Components Module edit cross site scripting | E | |
| CVE-2025-7114 | SimStudioAI sim Session route.ts POST missing authentication | E | |
| CVE-2025-7115 | rowboatlabs rowboat Session route.ts PUT missing authentication | | |
| CVE-2025-7116 | UTT 进取 750W Fast_wireless_conf buffer overflow | E | |
| CVE-2025-7117 | UTT HiPER 840G websWhiteList buffer overflow | E | |
| CVE-2025-7118 | UTT HiPER 840G formPictureUrl buffer overflow | E | |
| CVE-2025-7119 | Campcodes Complaint Management System index.php sql injection | E | |
| CVE-2025-7120 | Campcodes Complaint Management System check_availability.php sql injection | E | |
| CVE-2025-7121 | Campcodes Complaint Management System complaint-details.php sql injection | E | |
| CVE-2025-7122 | Campcodes Complaint Management System index.php sql injection | E | |
| CVE-2025-7123 | Campcodes Complaint Management System complaint-details.php sql injection | E | |
| CVE-2025-7124 | code-projects Online Note Sharing Profile Image userprofile.php unrestricted upload | E | |
| CVE-2025-7125 | itsourcecode Employee Management System editempeducation.php sql injection | E | |
| CVE-2025-7126 | itsourcecode Employee Management System adminprofile.php sql injection | E | |
| CVE-2025-7127 | itsourcecode Employee Management System changepassword.php sql injection | E | |
| CVE-2025-7128 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7129 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7130 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7131 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7132 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7133 | CodeAstro Online Movie Ticket Booking System cross-site request forgery | E | |
| CVE-2025-7134 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-7135 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-7136 | Campcodes Online Recruitment Management System view_vacancy.php sql injection | E | |
| CVE-2025-7137 | SourceCodester Best Salon Management System schedule-staff.php sql injection | E | |
| CVE-2025-7138 | SourceCodester Best Salon Management System admin-profile.php sql injection | E | |
| CVE-2025-7139 | SourceCodester Best Salon Management System Update Customer Details Page edit-customer-detailed.php cross site scripting | E | |
| CVE-2025-7140 | SourceCodester Best Salon Management System Update Staff Page edit-staff.php cross site scripting | E | |
| CVE-2025-7141 | SourceCodester Best Salon Management System Update Staff Page edit_plan.php cross site scripting | E | |
| CVE-2025-7142 | SourceCodester Best Salon Management System search-appointment.php cross site scripting | E | |
| CVE-2025-7143 | SourceCodester Best Salon Management System Update Tax Page edit-tax.php cross site scripting | E | |
| CVE-2025-7144 | SourceCodester Best Salon Management System Admin Profile Page admin-profile.php cross site scripting | E | |
| CVE-2025-7145 | TeamT5|ThreatSonar Anti-Ransomware - OS Command Injection | S | |
| CVE-2025-7146 | Jhenggao iPublish System - Arbitrary File Reading through Path Traversal | S | |
| CVE-2025-7147 | CodeAstro Patient Record Management System login.php sql injection | E | |
| CVE-2025-7148 | CodeAstro Simple Hospital Management System POST Parameter patient.html cross site scripting | E M | |
| CVE-2025-7149 | Campcodes Advanced Online Voting System candidates_delete.php sql injection | E | |
| CVE-2025-7150 | Campcodes Advanced Online Voting System voters_delete.php sql injection | E | |
| CVE-2025-7151 | Campcodes Advanced Online Voting System voters_add.php unrestricted upload | E | |
| CVE-2025-7152 | Campcodes Advanced Online Voting System candidates_add.php unrestricted upload | E | |
| CVE-2025-7153 | CodeAstro Simple Hospital Management System POST Parameter doctor.html cross site scripting | E M | |
| CVE-2025-7154 | TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection | E | |
| CVE-2025-7155 | PHPGurukul Online Notes Sharing System Cookie Dashboard sql injection | E | |
| CVE-2025-7156 | hitsz-ids airda completions execute sql injection | E | |
| CVE-2025-7157 | code-projects Online Note Sharing login.php sql injection | E | |
| CVE-2025-7158 | PHPGurukul Zoo Management System manage-normal-ticket.php sql injection | E | |
| CVE-2025-7159 | PHPGurukul Zoo Management System manage-animals.php sql injection | E | |
| CVE-2025-7160 | PHPGurukul Zoo Management System index.php sql injection | E | |
| CVE-2025-7161 | PHPGurukul Zoo Management System add-normal-ticket.php sql injection | E | |
| CVE-2025-7162 | PHPGurukul Zoo Management System add-foreigners-ticket.php sql injection | E | |
| CVE-2025-7163 | PHPGurukul Zoo Management System add-animals.php sql injection | E | |
| CVE-2025-7164 | PHPGurukul/Campcodes Cyber Cafe Management System index.php sql injection | E | |
| CVE-2025-7165 | PHPGurukul/Campcodes Cyber Cafe Management System forgot-password.php sql injection | E | |
| CVE-2025-7166 | code-projects Responsive Blog Site single.php sql injection | E | |
| CVE-2025-7167 | code-projects Responsive Blog Site category.php sql injection | E | |
| CVE-2025-7168 | code-projects Crime Reporting System userlogin.php sql injection | E | |
| CVE-2025-7169 | code-projects Crime Reporting System complainer_page.php sql injection | E | |
| CVE-2025-7170 | code-projects Crime Reporting System registration.php sql injection | E | |
| CVE-2025-7171 | code-projects Crime Reporting System policelogin.php sql injection | E | |
| CVE-2025-7172 | code-projects Crime Reporting System headlogin.php sql injection | E | |
| CVE-2025-7173 | code-projects Library System add-student.php sql injection | E | |
| CVE-2025-7174 | code-projects Library System teacher-issue-book.php sql injection | E | |
| CVE-2025-7175 | code-projects E-Commerce Site users_photo.php unrestricted upload | E | |
| CVE-2025-7176 | PHPGurukul Hospital Management System view-medhistory.php sql injection | E | |
| CVE-2025-7177 | PHPGurukul Car Washing Management System editcar-washpoint.php sql injection | E | |
| CVE-2025-7178 | code-projects Food Distributor Site login.php sql injection | E | |
| CVE-2025-7179 | code-projects Library System add-teacher.php sql injection | E | |
| CVE-2025-7180 | code-projects Staff Audit System login.php sql injection | E | |
| CVE-2025-7181 | code-projects Staff Audit System test.php unrestricted upload | E | |
| CVE-2025-7182 | itsourcecode Student Transcript Processing System edit.php cross site scripting | E | |
| CVE-2025-7183 | Campcodes Sales and Inventory System customer_account.php sql injection | E | |
| CVE-2025-7184 | code-projects Library System books.php sql injection | E | |
| CVE-2025-7185 | code-projects Library System approve.php sql injection | E | |
| CVE-2025-7186 | code-projects Chat System fetch_chat.php sql injection | E | |
| CVE-2025-7187 | code-projects Chat System fetch_member.php sql injection | E | |
| CVE-2025-7188 | code-projects Chat System addmember.php sql injection | E | |
| CVE-2025-7189 | code-projects Chat System send_message.php sql injection | E | |
| CVE-2025-7190 | code-projects Library Management System student_edit_photo.php unrestricted upload | E | |
| CVE-2025-7191 | code-projects Student Enrollment System login.php sql injection | E | |
| CVE-2025-7192 | D-Link DIR-645 ssdpcgi cgibin ssdpcgi_main command injection | E | |
| CVE-2025-7193 | itsourcecode Agri-Trading Online Shopping System suppliercontroller.php sql injection | E | |
| CVE-2025-7194 | D-Link DI-500WF jhttpd ip_position.asp sprintf stack-based overflow | E | |
| CVE-2025-7196 | code-projects Jonnys Liquor browse.php sql injection | E | |
| CVE-2025-7197 | code-projects Jonnys Liquor delete-row.php sql injection | E | |
| CVE-2025-7198 | code-projects Jonnys Liquor admin-area.php sql injection | E | |
| CVE-2025-7199 | code-projects Library System notapprove.php sql injection | E | |
| CVE-2025-7200 | krishna9772 Pharmacy Management System quantity_upd.php sql injection | E | |
| CVE-2025-7204 | Exposure of password hashes via API responses in ConnectWise PSA | S | |
| CVE-2025-7206 | D-Link DIR-825 httpd switch_language.cgi sub_410DDC stack-based overflow | E | |
| CVE-2025-7207 | mruby nregs codegen.c scope_new heap-based overflow | E S | |
| CVE-2025-7208 | 9fans plan9port x509.c edump heap-based overflow | E S | |
| CVE-2025-7209 | 9fans plan9port x509.c value_decode null pointer dereference | E S | |
| CVE-2025-7210 | code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload | E | |
| CVE-2025-7211 | code-projects LifeStyle Store cart_add.php sql injection | E | |
| CVE-2025-7212 | itsourcecode Insurance Management System insertAgent.php sql injection | E | |
| CVE-2025-7213 | FNKvision FNK-GU2 UART Interface on-chip debug and test interface with improper access control | E | |
| CVE-2025-7214 | FNKvision FNK-GU2 MD5 shadow risky encryption | E | |
| CVE-2025-7215 | FNKvision FNK-GU2 wpa_supplicant.conf cleartext storage | E | |
| CVE-2025-7216 | lty628 Aidigu PHP Object common.php checkUserCookie deserialization | E | |
| CVE-2025-7217 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7218 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7219 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7220 | Campcodes Payroll Management System ajax.php sql injection | E | |
| CVE-2025-7259 | Certain Queries with Duplicate _id Fields May Cause MongoDB Server to Crash | | |
| CVE-2025-7326 | EOL ASP.NET Core Elevation of Privilege Vulnerability | | |
| CVE-2025-7327 | Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion | S | |
| CVE-2025-7345 | Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf | M | |
| CVE-2025-7346 | Any unauthenticated attacker can bypass the localhost restrictions posed by the application and uti... | | |
| CVE-2025-7362 | MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message | E | |
| CVE-2025-7363 | TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function | E | |
| CVE-2025-7365 | Keycloak: phishing attack via email verification step in first login flow | M | |
| CVE-2025-7370 | Libsoup: libsoup null pointer dereference | M | |
| CVE-2025-7378 | An improper input validation vulnerability was found on manipulating configuration of ADM | | |
| CVE-2025-7379 | A security bypass vulnerability was found in DataSync Center installed on ADM | | |
| CVE-2025-7381 | Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images | M | |
| CVE-2025-7387 | Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | | |
| CVE-2025-7401 | Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php | | |
| CVE-2025-7407 | Netgear D6400 diag.cgi os command injection | E | |
| CVE-2025-7408 | SourceCodester Zoo Management System animal_form_template.php cross site scripting | E | |
| CVE-2025-7409 | code-projects Mobile Shop LoginAsAdmin.php sql injection | E | |
| CVE-2025-7410 | code-projects LifeStyle Store cart_remove.php sql injection | E | |
| CVE-2025-7411 | code-projects LifeStyle Store success.php sql injection | E | |
| CVE-2025-7412 | code-projects Library System profile.php unrestricted upload | E | |
| CVE-2025-7413 | code-projects Library System profile.php unrestricted upload | E | |
| CVE-2025-7414 | Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection | E | |
| CVE-2025-7415 | Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection | E | |
| CVE-2025-7416 | Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow | E | |
| CVE-2025-7417 | Tenda O3V2 httpd setPingInfo fromNetToolGet stack-based overflow | E | |
| CVE-2025-7418 | Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow | E | |
| CVE-2025-7419 | Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow | E | |
| CVE-2025-7420 | Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow | E | |
| CVE-2025-7421 | Tenda O3V2 httpd operateMacFilter fromMacFilterModify stack-based overflow | E | |
| CVE-2025-7422 | Tenda O3V2 httpd setNetworkService setAutoReboot stack-based overflow | E | |
| CVE-2025-7423 | Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow | E | |
| CVE-2025-7424 | Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes | M | |
| CVE-2025-7425 | Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | E M | |
| CVE-2025-7434 | Tenda FH451 POST Request addressNat fromAddressNat stack-based overflow | E | |
| CVE-2025-7435 | LiveHelperChat lhc-php-resque Extension List list cross site scripting | E S | |
| CVE-2025-7436 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-7442 | WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection | | |
| CVE-2025-7450 | letseeqiji gorobbs API user.go ResetUserAvatar path traversal | E | |
| CVE-2025-7452 | kone-net go-chat Endpoint file_controller.go GetFile path traversal | E | |
| CVE-2025-7453 | saltbo zpan JSON Web Token token.go NewToken hard-coded password | E | |
| CVE-2025-7454 | Campcodes Online Movie Theater Seat Reservation System manage_theater.php sql injection | E | |
| CVE-2025-7455 | Campcodes Online Movie Theater Seat Reservation System manage_reserve.php sql injection | E | |
| CVE-2025-7456 | Campcodes Online Movie Theater Seat Reservation System reserve.php sql injection | E | |
| CVE-2025-7457 | Campcodes Online Movie Theater Seat Reservation System manage_movie.php sql injection | E | |
| CVE-2025-7459 | code-projects Mobile Shop EditMobile.php sql injection | E | |
| CVE-2025-7460 | TOTOLINK T6 HTTP POST Request cstecgi.cgi setWiFiAclRules buffer overflow | E | |
| CVE-2025-7461 | code-projects Modern Bag action.php sql injection | E | |
| CVE-2025-7462 | Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference | S | |
| CVE-2025-7463 | Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow | E | |
| CVE-2025-7464 | osrg GoBGP rtr.go SplitRTR out-of-bounds | S | |
| CVE-2025-7465 | Tenda FH1201 HTTP POST Request fromRouteStatic buffer overflow | E | |
| CVE-2025-7466 | 1000projects ABC Courier Management add_dealerrequest.php sql injection | E | |
| CVE-2025-7467 | code-projects Modern Bag product-detail.php sql injection | E | |
| CVE-2025-7468 | Tenda FH1201 HTTP POST Request fromSafeUrlFilter buffer overflow | E | |
| CVE-2025-7503 | An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet ser... | | |
| CVE-2025-7504 | Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection | | |
| CVE-2025-7518 | RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read | |