| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-8009 | Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read | | |
| CVE-2025-8010 | Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potential... | | |
| CVE-2025-8011 | Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potential... | | |
| CVE-2025-8013 | Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery | | |
| CVE-2025-8015 | Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link | | |
| CVE-2025-8017 | Tenda AC7 httpd setMacFilterCfg formSetMacFilterCfg stack-based overflow | E | |
| CVE-2025-8018 | code-projects Food Ordering Review System reservation_page.php sql injection | E | |
| CVE-2025-8019 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi sub_40B6F0 buffer overflow | E | |
| CVE-2025-8020 | All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an... | E | |
| CVE-2025-8021 | All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attac... | | |
| CVE-2025-8022 | Rejected reason: Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals ... | R | |
| CVE-2025-8023 | Path Traversal in Template Upload Allows Uploading Files Outside Target Directory | S | |
| CVE-2025-8027 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. ... | | |
| CVE-2025-8028 | On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far ... | | |
| CVE-2025-8029 | Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affec... | | |
| CVE-2025-8030 | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into e... | | |
| CVE-2025-8031 | The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking... | | |
| CVE-2025-8032 | XSLT document loading did not correctly propagate the source document which bypassed its CSP. This v... | | |
| CVE-2025-8033 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them ... | | |
| CVE-2025-8034 | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefo... | | |
| CVE-2025-8035 | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunder... | | |
| CVE-2025-8036 | Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS w... | | |
| CVE-2025-8037 | Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the namel... | | |
| CVE-2025-8038 | Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affec... | | |
| CVE-2025-8039 | In some cases search terms persisted in the URL bar even after navigating away from the search page.... | | |
| CVE-2025-8040 | Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird ... | | |
| CVE-2025-8041 | In the address bar, Firefox for Android truncated the display of URLs from the end instead of priori... | E | |
| CVE-2025-8042 | Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start down... | | |
| CVE-2025-8043 | Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerabil... | E | |
| CVE-2025-8044 | Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of... | | |
| CVE-2025-8046 | Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] | E | |
| CVE-2025-8047 | Multiple Plugins from itayamar - Supply Chain Compromise | E | |
| CVE-2025-8058 | The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if s... | | |
| CVE-2025-8059 | B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function | | |
| CVE-2025-8060 | Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow | E | |
| CVE-2025-8062 | WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode | | |
| CVE-2025-8064 | Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter | | |
| CVE-2025-8066 | Bunker Web 1.6.2 - Uncontrolled external site redirect | S | |
| CVE-2025-8067 | Udisks: out-of-bounds read in udisks daemon | M | |
| CVE-2025-8068 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator Actions | S | |
| CVE-2025-8069 | Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client | | |
| CVE-2025-8070 | Windows service registered with an unquoted ImagePath vulnerability in the system registry | | |
| CVE-2025-8071 | Mine CloudVod <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via audio Parameter | | |
| CVE-2025-8073 | Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter | | |
| CVE-2025-8080 | Alobaidi Captcha <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | | |
| CVE-2025-8081 | Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import | S | |
| CVE-2025-8086 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-8088 | Path traversal vulnerability in WinRAR | KEV M | |
| CVE-2025-8089 | Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-8091 | EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure | | |
| CVE-2025-8092 | COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092 | | |
| CVE-2025-8097 | WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation | | |
| CVE-2025-8098 | An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local atta... | S | |
| CVE-2025-8100 | Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content | S | |
| CVE-2025-8101 | Linkify 4.3.1 - Prototype Pollution & HTML Attribute Injection (XSS) | S | |
| CVE-2025-8102 | Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions | | |
| CVE-2025-8103 | WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function | | |
| CVE-2025-8104 | Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function | | |
| CVE-2025-8105 | Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution | | |
| CVE-2025-8107 | In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege e... | | |
| CVE-2025-8109 | GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation | | |
| CVE-2025-8113 | Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI'] | E | |
| CVE-2025-8114 | : null pointer dereference in libssh kex session id calculation | M | |
| CVE-2025-8115 | PHPGurukul Taxi Stand Management System new-autoortaxi-entry-form.php cross site scripting | E | |
| CVE-2025-8123 | deerwms deer-wms-2 edit sql injection | E | |
| CVE-2025-8124 | deerwms deer-wms-2 unallocatedList sql injection | E | |
| CVE-2025-8125 | deerwms deer-wms-2 allocatedList sql injection | E | |
| CVE-2025-8126 | deerwms deer-wms-2 export sql injection | E | |
| CVE-2025-8127 | deerwms deer-wms-2 list sql injection | E | |
| CVE-2025-8128 | zhousg letao product.js unrestricted upload | E | |
| CVE-2025-8129 | KoaJS Koa HTTP Header response.js back redirect | E | |
| CVE-2025-8130 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-8131 | Tenda AC20 SetStaticRouteCfg stack-based overflow | E | |
| CVE-2025-8132 | yanyutao0402 ChanCMS utils.js delfile path traversal | E S | |
| CVE-2025-8133 | yanyutao0402 ChanCMS gather.js getArticle server-side request forgery | E S | |
| CVE-2025-8134 | PHPGurukul BP Monitoring Management System bwdates-report-result.php sql injection | E | |
| CVE-2025-8135 | itsourcecode Insurance Management System updateAgent.php sql injection | E | |
| CVE-2025-8136 | TOTOLINK A702R HTTP POST Request formFilter buffer overflow | E | |
| CVE-2025-8137 | TOTOLINK A702R HTTP POST Request formIpQoS buffer overflow | E | |
| CVE-2025-8138 | TOTOLINK A702R HTTP POST Request formOneKeyAccessButton buffer overflow | E | |
| CVE-2025-8139 | TOTOLINK A702R HTTP POST Request formPortFw buffer overflow | E | |
| CVE-2025-8140 | TOTOLINK A702R HTTP POST Request formWlanMultipleAP buffer overflow | E | |
| CVE-2025-8141 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion | | |
| CVE-2025-8142 | Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' | | |
| CVE-2025-8143 | Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' | | |
| CVE-2025-8145 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection | | |
| CVE-2025-8146 | Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget | | |
| CVE-2025-8147 | LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function | | |
| CVE-2025-8150 | Events Addon for Elementor <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets | | |
| CVE-2025-8151 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions | S | |
| CVE-2025-8152 | WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update | | |
| CVE-2025-8155 | D-Link DCS-6010L Management Application vb.htm cross site scripting | | |
| CVE-2025-8156 | PHPGurukul User Registration & Login and User Management lastsevendays-reg-users.php sql injection | E | |
| CVE-2025-8157 | PHPGurukul User Registration & Login and User Management lastthirtyays-reg-users.php sql injection | E | |
| CVE-2025-8158 | PHPGurukul Login and User Management System yesterday-reg-users.php sql injection | E | |
| CVE-2025-8159 | D-Link DIR-513 HTTP POST Request formLanguageChange stack-based overflow | E | |
| CVE-2025-8160 | Tenda AC20 httpd SetSysTimeCfg buffer overflow | E | |
| CVE-2025-8161 | deerwms deer-wms-2 export sql injection | E | |
| CVE-2025-8162 | deerwms deer-wms-2 list sql injection | E | |
| CVE-2025-8163 | deerwms deer-wms-2 list sql injection | E | |
| CVE-2025-8164 | code-projects Public Chat Room send_message.php sql injection | E | |
| CVE-2025-8165 | code-projects Food Review System approve_reservation.php sql injection | E | |
| CVE-2025-8166 | code-projects Church Donation System HTTP POST Request index.php sql injection | E | |
| CVE-2025-8167 | code-projects Church Donation System edit_members.php cross site scripting | E | |
| CVE-2025-8168 | D-Link DIR-513 formSetWanPPPoE websAspInit buffer overflow | E | |
| CVE-2025-8169 | D-Link DIR-513 HTTP POST Request formSetWanPPTPpath formSetWanPPTPcallback buffer overflow | E | |
| CVE-2025-8170 | TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow | E | |
| CVE-2025-8171 | code-projects Document Management System insert.php unrestricted upload | E | |
| CVE-2025-8172 | itsourcecode Employee Management System index.php sql injection | E | |
| CVE-2025-8173 | 1000 Projects ABC Courier Management System Add_reciver.php sql injection | E | |
| CVE-2025-8174 | code-projects Voting System candidates_add.php unrestricted upload | E | |
| CVE-2025-8175 | D-Link DI-8400 jhttpd usb_paswd.asp null pointer dereference | E | |
| CVE-2025-8176 | LibTIFF tiffmedian.c get_histogram use after free | E S | |
| CVE-2025-8177 | LibTIFF thumbnail.c setrow buffer overflow | E S | |
| CVE-2025-8178 | Tenda AC10 RequestsProcessLaid heap-based overflow | E | |
| CVE-2025-8179 | PHPGurukul Local Services Search Engine Management System changeimage.php sql injection | E | |
| CVE-2025-8180 | Tenda CH22 deleteUserName formdeleteUserName buffer overflow | E | |
| CVE-2025-8181 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation | | |
| CVE-2025-8182 | Tenda AC18 Samba smb.conf weak password | E | |
| CVE-2025-8183 | NULL Pointer Dereference in µD3TN | E S | |
| CVE-2025-8184 | D-Link DIR-513 HTTP POST Request formSetWanL2TPtriggers formSetWanL2TPcallback stack-based overflow | E | |
| CVE-2025-8185 | 1000 Projects ABC Courier Management System getbyid.php sql injection | E | |
| CVE-2025-8186 | Campcodes Courier Management System edit_branch.php sql injection | E | |
| CVE-2025-8187 | Campcodes Courier Management System edit_parcel.php sql injection | E | |
| CVE-2025-8188 | Campcodes Courier Management System edit_staff.php sql injection | E | |
| CVE-2025-8189 | Campcodes Courier Management System edit_user.php sql injection | E | |
| CVE-2025-8190 | Campcodes Courier Management System print_pdets.php sql injection | E | |
| CVE-2025-8191 | macrozheng mall Swagger UI index.html cross site scripting | E | |
| CVE-2025-8192 | Race condition in AndroidTV TvSettings | | |
| CVE-2025-8193 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-8194 | Tarfile infinite loop during parsing with negative member offset | S | |
| CVE-2025-8196 | Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | | |
| CVE-2025-8197 | Rejected reason: Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issue... | R | |
| CVE-2025-8198 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation | | |
| CVE-2025-8203 | Jingmen Zeyou Large File Upload Control index.jsp sql injection | E | |
| CVE-2025-8204 | Comodo Dragon HSTS security check | E | |
| CVE-2025-8205 | Comodo Dragon IP DNS Leakage Detector cleartext transmission | E | |
| CVE-2025-8206 | Comodo Dragon IP DNS Leakage Detector cross site scripting | E | |
| CVE-2025-8207 | Canara ai1 Mobile Banking App com.canarabank.mobility AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8208 | Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | | |
| CVE-2025-8210 | Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8211 | Roothub SystemConfigAdminController.java edit cross site scripting | E | |
| CVE-2025-8212 | Medical Addon for Elementor <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget | | |
| CVE-2025-8213 | NinjaScanner – Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion | | |
| CVE-2025-8216 | Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | | |
| CVE-2025-8217 | Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension | | |
| CVE-2025-8218 | Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' | | |
| CVE-2025-8219 | Shanghai Lingdang Information Technology Lingdang CRM HTTP POST Request tabdetail_moduleSave_dxkp.php sql injection | | |
| CVE-2025-8220 | Engeman Web Password Recovery Page RecoveryPass sql injection | E | |
| CVE-2025-8221 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsCustController.java goodsSearch cross site scripting | E | |
| CVE-2025-8222 | jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java cross site scripting | E | |
| CVE-2025-8223 | jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery | E | |
| CVE-2025-8224 | GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference | E S | |
| CVE-2025-8225 | GNU Binutils DWARF Section dwarf.c process_debug_info memory leak | E S | |
| CVE-2025-8226 | yanyutao0402 ChanCMS find information disclosure | E | |
| CVE-2025-8227 | yanyutao0402 ChanCMS getArticle deserialization | E S | |
| CVE-2025-8228 | yanyutao0402 ChanCMS getPages server-side request forgery | E S | |
| CVE-2025-8229 | Campcodes Courier Management System parcel_list.php sql injection | E | |
| CVE-2025-8230 | Campcodes Courier Management System manage_user.php sql injection | E | |
| CVE-2025-8231 | D-Link DIR-890L UART Port rgbin hard-coded credentials | E | |
| CVE-2025-8232 | code-projects Online Ordering System delete_user.php sql injection | E | |
| CVE-2025-8233 | code-projects Online Ordering System user.php sql injection | E | |
| CVE-2025-8234 | code-projects Online Ordering System delete_member.php sql injection | E | |
| CVE-2025-8235 | code-projects Online Ordering System product.php sql injection | E | |
| CVE-2025-8236 | code-projects Online Ordering System edit_product.php sql injection | E | |
| CVE-2025-8237 | code-projects Exam Form Submission update_s1.php sql injection | E | |
| CVE-2025-8238 | code-projects Exam Form Submission update_s2.php sql injection | E | |
| CVE-2025-8239 | code-projects Exam Form Submission admin sql injection | E | |
| CVE-2025-8240 | code-projects Exam Form Submission dashboard.php sql injection | E | |
| CVE-2025-8241 | 1000 Projects ABC Courier Management System report.php sql injection | E | |
| CVE-2025-8242 | TOTOLINK X15 HTTP POST Request formFilter buffer overflow | E | |
| CVE-2025-8243 | TOTOLINK X15 HTTP POST Request formMapDel buffer overflow | E | |
| CVE-2025-8244 | TOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow | E | |
| CVE-2025-8245 | TOTOLINK X15 HTTP POST Request formMultiAPVLAN buffer overflow | E | |
| CVE-2025-8246 | TOTOLINK X15 HTTP POST Request formRoute buffer overflow | E | |
| CVE-2025-8247 | Projectworlds Online Admission System admin.php sql injection | E | |
| CVE-2025-8248 | code-projects Online Ordering System signup.php sql injection | E | |
| CVE-2025-8249 | code-projects Exam Form Submission update_s3.php sql injection | E | |
| CVE-2025-8250 | code-projects Exam Form Submission update_s4.php sql injection | E | |
| CVE-2025-8251 | code-projects Exam Form Submission delete_s4.php sql injection | E | |
| CVE-2025-8252 | code-projects Exam Form Submission delete_s5.php sql injection | E | |
| CVE-2025-8253 | code-projects Exam Form Submission delete_s6.php sql injection | E | |
| CVE-2025-8254 | Campcodes Courier Management System view_parcel.php sql injection | E | |
| CVE-2025-8255 | code-projects Exam Form Submission register.php unrestricted upload | E | |
| CVE-2025-8256 | code-projects Online Ordering System product.php unrestricted upload | E | |
| CVE-2025-8257 | Lobby Universe Lobby App com.maverick.lobby AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8258 | Cool Mo Maigcal Number App com.sdmagic.number AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8259 | Vaelsys vgrid_server.php execute_DataObjectProc os command injection | E | |
| CVE-2025-8260 | Vaelsys MD4 Hash vgrid_server.php weak hash | E | |
| CVE-2025-8261 | Vaelsys User Creation vgrid_server.php improper authorization | E | |
| CVE-2025-8262 | yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos | E S | |
| CVE-2025-8263 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi... | R | |
| CVE-2025-8264 | Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unpara... | | |
| CVE-2025-8265 | 299Ko CMS File Management view unrestricted upload | E | |
| CVE-2025-8266 | yanyutao0402 ChanCMS collect.js getArticle deserialization | E S | |
| CVE-2025-8267 | Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) ... | E S | |
| CVE-2025-8269 | code-projects Exam Form Submission delete_s1.php sql injection | E | |
| CVE-2025-8270 | code-projects Exam Form Submission delete_s2.php sql injection | E | |
| CVE-2025-8271 | code-projects Exam Form Submission delete_s3.php sql injection | E | |
| CVE-2025-8272 | code-projects Exam Form Submission update_fst.php sql injection | E | |
| CVE-2025-8273 | code-projects Exam Form Submission update_s8.php sql injection | E | |
| CVE-2025-8274 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-8275 | bsc Peru Cocktails App bsc.devy.peru_cocktails AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8279 | Missing Authentication for Critical Function in GitLab Language Server | S | |
| CVE-2025-8281 | WP Talroo <= 2.4 - Reflected XSS | E | |
| CVE-2025-8283 | Netavark: podman: netavark may resolve hostnames to unexpected hosts | M | |
| CVE-2025-8284 | Packet Power EMX and EG Missing Authentication for Critical Function | S | |
| CVE-2025-8285 | Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin | S | |
| CVE-2025-8286 | Güralp Systems FMUS Series and MIN Series Devices | | |
| CVE-2025-8289 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization | | |
| CVE-2025-8290 | List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter | | |
| CVE-2025-8292 | Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to... | | |
| CVE-2025-8293 | Intl DateTime Calendar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter | | |
| CVE-2025-8294 | Download Counter <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter | | |
| CVE-2025-8295 | Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | | |
| CVE-2025-8296 | SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker w... | | |
| CVE-2025-8297 | Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remot... | | |
| CVE-2025-8309 | User privilege escalation vulnerability | | |
| CVE-2025-8310 | Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before ... | | |
| CVE-2025-8312 | Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid b... | | |
| CVE-2025-8313 | Campus Directory <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | | |
| CVE-2025-8314 | Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | | |
| CVE-2025-8315 | WP Easy Contact <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | | |
| CVE-2025-8317 | Custom Word Cloud <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via angle Parameter | | |
| CVE-2025-8319 | the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s D... | E M | |
| CVE-2025-8320 | Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability | | |
| CVE-2025-8321 | Tesla Wall Connector Firmware Downgrade Vulnerability | | |
| CVE-2025-8322 | Ventem|e-School - Missing Authorization | S | |
| CVE-2025-8323 | Ventem|e-School - Arbitrary File Upload | S | |
| CVE-2025-8326 | code-projects Exam Form Submission delete_s7.php sql injection | E | |
| CVE-2025-8327 | code-projects Exam Form Submission delete_s8.php sql injection | E | |
| CVE-2025-8328 | code-projects Exam Form Submission register.php sql injection | E | |
| CVE-2025-8329 | code-projects Vehicle Management filter3.php sql injection | E | |
| CVE-2025-8330 | code-projects Vehicle Management edit1.php sql injection | E | |
| CVE-2025-8331 | code-projects Online Farm System forgot_pass.php sql injection | E | |
| CVE-2025-8332 | code-projects Online Farm System register.php sql injection | E | |
| CVE-2025-8333 | code-projects Online Farm System categoryvalue.php sql injection | E | |
| CVE-2025-8334 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-8335 | code-projects Simple Car Rental System cross-site request forgery | E | |
| CVE-2025-8336 | Campcodes Online Recruitment Management System ajax.php sql injection | E | |
| CVE-2025-8337 | code-projects Simple Car Rental System add_vehicles.php cross site scripting | E | |
| CVE-2025-8338 | projectworlds Online Admission System adminac.php sql injection | E | |
| CVE-2025-8339 | code-projects Intern Membership Management System student_login.php sql injection | E | |
| CVE-2025-8340 | code-projects Intern Membership Management System Error Message fill_details.php cross site scripting | E | |
| CVE-2025-8341 | SSRF in Infinity Datasource Plugin | S | |
| CVE-2025-8342 | WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass | | |
| CVE-2025-8343 | openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal | E | |
| CVE-2025-8344 | openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload | E | |
| CVE-2025-8345 | Shanghai Lingdang Information Technology Lingdang CRM yunzhijiaApi.php delete_user sql injection | E | |
| CVE-2025-8346 | Portabilis i-Educar educar_aluno_lst.php cross site scripting | E | |
| CVE-2025-8347 | Kehua Charging Pile Cloud Platform findAllTask sql injection | E | |
| CVE-2025-8348 | Kehua Charging Pile Cloud Platform home improper authentication | E | |
| CVE-2025-8353 | UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions ... | | |
| CVE-2025-8355 | XXE leading to SSRF | | |
| CVE-2025-8356 | Path Traversal leading to RCE | E | |
| CVE-2025-8357 | Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion | | |
| CVE-2025-8361 | Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093 | | |
| CVE-2025-8362 | GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094 | | |
| CVE-2025-8364 | A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potent... | | |
| CVE-2025-8365 | Portabilis i-Educar atendidos_cad.php cross site scripting | E | |
| CVE-2025-8366 | Portabilis i-Educar educar_servidor_lst.php cross site scripting | E | |
| CVE-2025-8367 | Portabilis i-Educar funcionario_vinculo_lst.php cross site scripting | E | |
| CVE-2025-8368 | Portabilis i-Educar pesquisa_pessoa_lst.php cross site scripting | E | |
| CVE-2025-8369 | Portabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scripting | E | |
| CVE-2025-8370 | Portabilis i-Educar educar_escolaridade_lst.php cross site scripting | E | |
| CVE-2025-8371 | code-projects Exam Form Submission update_s5.php sql injection | E | |
| CVE-2025-8372 | code-projects Exam Form Submission update_s7.php sql injection | E | |
| CVE-2025-8373 | code-projects Vehicle Management print.php sql injection | E | |
| CVE-2025-8374 | code-projects Vehicle Management addcompany.php sql injection | E | |
| CVE-2025-8375 | code-projects Vehicle Management addvehicle.php sql injection | E | |
| CVE-2025-8376 | code-projects Vehicle Management updatebal.php sql injection | E | |
| CVE-2025-8378 | Campcodes Online Hotel Reservation System Login index.php sql injection | E | |
| CVE-2025-8379 | Campcodes Online Hotel Reservation System edit_room.php unrestricted upload | E | |
| CVE-2025-8380 | Campcodes Online Hotel Reservation System add_query_account.php cross site scripting | E | |
| CVE-2025-8381 | Campcodes Online Hotel Reservation System add_reserve.php sql injection | E | |
| CVE-2025-8382 | Campcodes Online Hotel Reservation System edit_room.php sql injection | E | |
| CVE-2025-8391 | Magic Edge – Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter | | |
| CVE-2025-8393 | Dreame Technology iOS and Android Mobile Applications Improper Certificate Validation | M | |
| CVE-2025-8395 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-8399 | Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter | | |
| CVE-2025-8400 | Image Gallery <= 1.0.0 - Reflected Cross-Site Scripting | | |
| CVE-2025-8401 | HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure | S | |
| CVE-2025-8402 | Nil pointer dereference in bulk import crashes server | S | |
| CVE-2025-8407 | code-projects Vehicle Management filter2.php sql injection | E | |
| CVE-2025-8408 | code-projects Vehicle Management filter1.php sql injection | E | |
| CVE-2025-8409 | code-projects Vehicle Management filter.php sql injection | E | |
| CVE-2025-8415 | Cryostat: authentication bypass if network policies are disabled | M | |
| CVE-2025-8418 | B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation | | |
| CVE-2025-8419 | Org.keycloak/keycloak-services: keycloak smtp inject vulnerability | M | |
| CVE-2025-8420 | Request a Quote Form Plugin <= 2.5.2 - Unauthenticated Limited Remote Code Execution | | |
| CVE-2025-8424 | Improper access control on the NetScaler Management Interface | | |
| CVE-2025-8426 | Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability | | |
| CVE-2025-8431 | PHPGurukul Boat Booking System add-boat.php sql injection | E | |
| CVE-2025-8433 | code-projects Document Management System dell.php unlink path traversal | E | |
| CVE-2025-8434 | code-projects Online Movie Streaming admin.php authorization | E | |
| CVE-2025-8435 | code-projects Online Movie Streaming admin-control.php authorization | E | |
| CVE-2025-8436 | projectworlds Online Admission System viewdoc.php sql injection | E | |
| CVE-2025-8437 | code-projects Kitchen Treasure userregistration.php sql injection | E | |
| CVE-2025-8438 | code-projects Wazifa System postpublish.php sql injection | E | |
| CVE-2025-8439 | code-projects Wazifa System updatesettings.php sql injection | E | |
| CVE-2025-8441 | code-projects Online Medicine Guide pharsignup.php sql injection | E | |
| CVE-2025-8442 | code-projects Online Medicine Guide cussignup.php sql injection | E | |
| CVE-2025-8443 | code-projects Online Medicine Guide login.php sql injection | E | |
| CVE-2025-8447 | Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access | | |
| CVE-2025-8448 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could ... | | |
| CVE-2025-8449 | CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service... | | |
| CVE-2025-8450 | Unrestricted File Upload in FileCatalyst | S | |
| CVE-2025-8451 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' | | |
| CVE-2025-8452 | Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc. | E M | |
| CVE-2025-8453 | CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation an... | | |
| CVE-2025-8454 | It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, in... | | |
| CVE-2025-8462 | RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-8464 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie | | |
| CVE-2025-8466 | code-projects Online Farm System forgot_passfarmer.php sql injection | E | |
| CVE-2025-8467 | code-projects Wazifa System regcontrol.php sql injection | E | |
| CVE-2025-8468 | code-projects Wazifa System reset.php sql injection | E | |
| CVE-2025-8469 | SourceCodester Online Hotel Reservation System deletegallery.php sql injection | E | |
| CVE-2025-8470 | SourceCodester Online Hotel Reservation System deleteroom.php sql injection | E | |
| CVE-2025-8471 | projectworlds Online Admission System adminlogin.php sql injection | E | |
| CVE-2025-8472 | Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-8473 | Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability | | |
| CVE-2025-8474 | Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability | | |
| CVE-2025-8475 | Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-8476 | Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability | | |
| CVE-2025-8477 | Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-8480 | Alpine iLX-507 Command Injection Remote Code Execution | | |
| CVE-2025-8482 | Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration | | |
| CVE-2025-8488 | Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update | | |
| CVE-2025-8490 | All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import | | |
| CVE-2025-8491 | Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload | | |
| CVE-2025-8493 | code-projects Intern Membership Management System edit_student_query.php sql injection | E | |
| CVE-2025-8494 | code-projects Intern Membership Management System delete_student.php sql injection | E | |
| CVE-2025-8495 | code-projects Intern Membership Management System edit_admin_query.php sql injection | E | |
| CVE-2025-8496 | projectworlds Online Admission System viewform.php sql injection | E | |
| CVE-2025-8497 | code-projects Online Medicine Guide cusfindphar2.php sql injection | E | |
| CVE-2025-8498 | code-projects Online Medicine Guide index.php sql injection | E | |
| CVE-2025-8499 | code-projects Online Medicine Guide cusfindambulence2.php sql injection | E | |
| CVE-2025-8500 | code-projects Human Resource Integrated System action.php sql injection | E | |
| CVE-2025-8501 | code-projects Human Resource Integrated System action.php cross site scripting | E | |
| CVE-2025-8502 | code-projects Online Medicine Guide changepass.php sql injection | E | |
| CVE-2025-8503 | code-projects Online Medicine Guide adaddmed.php sql injection | E | |
| CVE-2025-8504 | code-projects Kitchen Treasure userregistration.php unrestricted upload | E | |
| CVE-2025-8505 | 495300897 wx-shop cross-site request forgery | E | |
| CVE-2025-8506 | 495300897 wx-shop editUI cross site scripting | E | |
| CVE-2025-8507 | Portabilis i-Educar educar_funcao_lst.php cross site scripting | E | |
| CVE-2025-8508 | Portabilis i-Educar educar_avaliacao_desempenho_cad.php cross site scripting | E | |
| CVE-2025-8509 | Portabilis i-Educar educar_servidor_cad.php cross site scripting | E | |
| CVE-2025-8510 | Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting | E S | |
| CVE-2025-8511 | Portabilis i-Diario Observações diario-de-observacoes cross site scripting | E | |
| CVE-2025-8512 | TVB Big Big Shop App hk.com.tvb.bigbigshop AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8513 | Caixin News App com.caixin.news AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8515 | Intelbras InControl JSON Endpoint operador information disclosure | | |
| CVE-2025-8516 | Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal | E | |
| CVE-2025-8517 | givanz Vvveb session fixiation | E S | |
| CVE-2025-8518 | givanz Vvveb Code Editor code.php save code injection | E S | |
| CVE-2025-8519 | givanz Vvveb Drag-and-Drop Editor editor information disclosure | E S | |
| CVE-2025-8520 | givanz Vvveb Drag-and-Drop Editor editor server-side request forgery | E S | |
| CVE-2025-8521 | givanz Vvveb Add Type post-types cross site scripting | E S | |
| CVE-2025-8522 | givanz Vvvebjs node.js save.php path traversal | E | |
| CVE-2025-8523 | RiderLike Fruit Crush-Brain App com.fruitcrush.fun AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8524 | Boquan DotWallet App com.boquanhash.dotwallet AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8525 | Exrick xboot Spring Boot Admin/Spring Actuator information disclosure | E | |
| CVE-2025-8526 | Exrick xboot UploadController.java upload unrestricted upload | E | |
| CVE-2025-8527 | Exrick xboot Swagger SecurityController.java server-side request forgery | E | |
| CVE-2025-8528 | Exrick xboot getMenuList sensitive information in a cookie | E | |
| CVE-2025-8529 | cloudfavorites favorites-web CollectController.java getCollectLogoUrl server-side request forgery | E | |
| CVE-2025-8530 | elunez eladmin Druid application-prod.yml default credentials | E | |
| CVE-2025-8533 | Incorrect Authorization of XPC Service in Fantastical.app | | |
| CVE-2025-8534 | libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference | E S | |
| CVE-2025-8535 | cronoh NanoVault xrb URL main.js executeJavaScript cross site scripting | E | |
| CVE-2025-8537 | Axiomatic Bento4 mp4decrypt Mp4Decrypt.cpp SetDataSize allocation of resources | E | |
| CVE-2025-8538 | Portabilis i-Educar novo cross site scripting | E | |
| CVE-2025-8539 | Portabilis i-Educar public_distrito_cad.php cross site scripting | E | |
| CVE-2025-8540 | Portabilis i-Educar public_municipio_cad.php cross site scripting | E | |
| CVE-2025-8541 | Portabilis i-Educar public_uf_cad.php cross site scripting | E | |
| CVE-2025-8542 | Portabilis i-Educar empresas_cad.php cross site scripting | E | |
| CVE-2025-8543 | Portabilis i-Educar educar_raca_cad.php cross site scripting | E | |
| CVE-2025-8544 | Portabilis i-Educar edit cross site scripting | E | |
| CVE-2025-8545 | Portabilis i-Educar educar_motivo_afastamento_cad.php cross site scripting | E | |
| CVE-2025-8546 | atjiu pybbs Verification Code login Captcha | E S | |
| CVE-2025-8547 | atjiu pybbs Email Verification improper authorization | E S | |
| CVE-2025-8548 | atjiu pybbs Registered Email SettingsApiController.java sendEmailCode information exposure | E S | |
| CVE-2025-8549 | atjiu pybbs UserAdminController.java update weak password | E S | |
| CVE-2025-8550 | atjiu pybbs list cross site scripting | E S | |
| CVE-2025-8551 | atjiu pybbs list cross site scripting | E S | |
| CVE-2025-8552 | atjiu pybbs list cross site scripting | E S | |
| CVE-2025-8553 | atjiu pybbs list cross site scripting | E S | |
| CVE-2025-8554 | atjiu pybbs list cross site scripting | E S | |
| CVE-2025-8555 | atjiu pybbs search cross site scripting | E S | |
| CVE-2025-8556 | Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results | M | |
| CVE-2025-8562 | Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter | | |
| CVE-2025-8567 | Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | | |
| CVE-2025-8568 | GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter | | |
| CVE-2025-8571 | Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page | | |
| CVE-2025-8573 | Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page | | |
| CVE-2025-8576 | Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to po... | | |
| CVE-2025-8577 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a... | | |
| CVE-2025-8578 | Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentia... | | |
| CVE-2025-8579 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a... | | |
| CVE-2025-8580 | Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote... | | |
| CVE-2025-8581 | Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote ... | | |
| CVE-2025-8582 | Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a... | | |
| CVE-2025-8583 | Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote... | | |
| CVE-2025-8584 | libav AVI File Parser buffer.c av_buffer_unref null pointer dereference | E | |
| CVE-2025-8585 | libav DSS File Demuxer avconv.c main double free | E | |
| CVE-2025-8586 | libav MPEG File Parser utils.c ff_seek_frame_binary null pointer dereference | E | |
| CVE-2025-8592 | Inspiro <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation | | |
| CVE-2025-8595 | Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import | | |
| CVE-2025-8597 | Privilege Escalation via get-task-allow entitlement in MacVim.app | | |
| CVE-2025-8603 | Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-8604 | WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | | |
| CVE-2025-8607 | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-8610 | AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability | | |
| CVE-2025-8611 | AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability | | |
| CVE-2025-8612 | AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability | | |
| CVE-2025-8616 | Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication | | |
| CVE-2025-8618 | WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode | | |
| CVE-2025-8619 | OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL | | |
| CVE-2025-8620 | GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure | S | |
| CVE-2025-8621 | Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter | | |
| CVE-2025-8622 | Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode | | |
| CVE-2025-8627 | Unauthenticated Protocol Commands on TP-Link KP303 | | |
| CVE-2025-8628 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8629 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8630 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8631 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8632 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8633 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8634 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8635 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8636 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8637 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8638 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8639 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8640 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8641 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8642 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8643 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8644 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8645 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8646 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8647 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8648 | Kenwood DMX958XR Firmware Update Command Injection Vulnerability | | |
| CVE-2025-8649 | Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability | | |
| CVE-2025-8650 | Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability | | |
| CVE-2025-8651 | Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability | | |
| CVE-2025-8652 | Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability | | |
| CVE-2025-8653 | Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2025-8654 | Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability | | |
| CVE-2025-8655 | Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability | | |
| CVE-2025-8656 | Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability | | |
| CVE-2025-8660 | Privilege Escalation in Symantec PGP Encryption 11.0.1 | | |
| CVE-2025-8661 | Stored Cross-Site Scripting in Symantec PGP Encryption 11.0.1 | | |
| CVE-2025-8665 | agno-agi agno Model Context Protocol mcp.py MultiMCPTools os command injection | E | |
| CVE-2025-8667 | SkyworkAI DeepResearchAgent tools.py from_mcp os command injection | E | |
| CVE-2025-8671 | CVE-2025-8671 | E | |
| CVE-2025-8672 | TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app | | |
| CVE-2025-8675 | AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095 | | |
| CVE-2025-8676 | B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure | | |
| CVE-2025-8678 | WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery | | |
| CVE-2025-8680 | B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery | | |
| CVE-2025-8685 | Wp chart generator <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode | | |
| CVE-2025-8688 | Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode | | |
| CVE-2025-8690 | Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-8697 | agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection | E | |
| CVE-2025-8698 | Open5GS AMF Service nsmf-handler.c amf_nsmf_pdusession_handle_release_sm_context assertion | E S | |
| CVE-2025-8700 | Privilege Escalation via get-task-allow entitlement in Invoice Ninja | | |
| CVE-2025-8701 | Wanzhou WOES Intelligent Optimization Energy Saving System GetPageList sql injection | E | |
| CVE-2025-8702 | Wanzhou WOES Intelligent Optimization Energy Saving System Historical Data Query Module GetVariableByOneIDNew sql injection | E | |
| CVE-2025-8703 | Wanzhou WOES Intelligent Optimization Energy Saving System Environmental Real-Time Data Module GetAreaTrendChartData sql injection | E | |
| CVE-2025-8704 | Wanzhou WOES Intelligent Optimization Energy Saving System Analysis Conclusion Query Module GetAlarmResultProcessList sql injection | E | |
| CVE-2025-8705 | Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module GetTargetConfig sql injection | E | |
| CVE-2025-8706 | Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module CreateFunctionLog sql injection | E | |
| CVE-2025-8707 | Huuge Box App com.huuge.game.zjbox AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8708 | Antabot White-Jotter com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization | E | |
| CVE-2025-8713 | PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table | | |
| CVE-2025-8714 | PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client | M | |
| CVE-2025-8715 | PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server | M | |
| CVE-2025-8719 | Translate This - Google Translate Web Element Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter | | |
| CVE-2025-8720 | Plugin README Parser <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter | | |
| CVE-2025-8723 | Cloudflare Image Resizing <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook | | |
| CVE-2025-8729 | MigoXLab LMeterX upload_service.py process_cert_files path traversal | E S | |
| CVE-2025-8730 | Belkin F9K1009/F9K1010 Web Interface hard-coded credentials | E | |
| CVE-2025-8731 | TRENDnet TI-G160i/TI-PG102i/TPL-430AP SSH Service default credentials | E | |
| CVE-2025-8732 | libxml2 xmlcatalog xmlParseSGMLCatalog recursion | E | |
| CVE-2025-8733 | GNU Bison obprintf.c __obstack_vprintf_internal assertion | E | |
| CVE-2025-8734 | GNU Bison scan-code.c code_free double free | E | |
| CVE-2025-8735 | GNU cflow Lexer c.c yylex null pointer dereference | E | |
| CVE-2025-8736 | GNU cflow Lexer c.c yylex buffer overflow | E | |
| CVE-2025-8737 | zlt2000 microservices-platform OauthLogoutSuccessHandler.java onLogoutSuccess redirect | E | |
| CVE-2025-8738 | zlt2000 microservices-platform Spring Actuator Interface actuator information disclosure | E | |
| CVE-2025-8739 | zhenfeng13 My-Blog save cross-site request forgery | E | |
| CVE-2025-8740 | zhenfeng13 My-Blog Category save cross site scripting | E | |
| CVE-2025-8741 | macrozheng mall login cleartext transmission | E | |
| CVE-2025-8742 | macrozheng mall Admin Login excessive authentication | E | |
| CVE-2025-8743 | Scada-LTS Virtual Data Source Property data_source_edit.shtm cross site scripting | E | |
| CVE-2025-8744 | CesiumLab Web lodmodels sql injection | | |
| CVE-2025-8745 | Weee RICEPO App com.ricepo.app AndroidManifest.xml improper export of android application components | E | |
| CVE-2025-8746 | GNU libopts __strstr_sse2 memory corruption | E | |
| CVE-2025-8747 | Keras safe_mode bypass allows arbitrary code execution when loading a malicious model. | E S | |
| CVE-2025-8748 | OS command injection in MiR robots and MiR fleet via crafted HTTP requests | S | |
| CVE-2025-8749 | Path traversal vulnerability in MiR robot software via API requests | S | |
| CVE-2025-8750 | macrozheng mall Add Product Page upload cross site scripting | E | |
| CVE-2025-8751 | Protected Total WebShield Extension Block Page cross site scripting | E | |
| CVE-2025-8752 | wangzhixuan spring-shiro-training add command injection | E | |
| CVE-2025-8753 | linlinjava litemall File delete path traversal | E | |
| CVE-2025-8754 | ABB AbilityTM zenon Remote Transport Vulnerability | | |
| CVE-2025-8755 | macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization | E | |
| CVE-2025-8756 | TDuckCloud tduck-platform manage preHandle improper authorization | E | |
| CVE-2025-8757 | TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation | E | |
| CVE-2025-8758 | TRENDnet TEW-822DRE vsftpd least privilege violation | E | |
| CVE-2025-8759 | TRENDnet TN-200 Lighttpd hard-coded key | E | |
| CVE-2025-8760 | INSTAR 2K+/4K fcgi_server base64_decode buffer overflow | | |
| CVE-2025-8761 | INSTAR 2K+/4K Backend IPC Server denial of service | E | |
| CVE-2025-8762 | INSTAR 2K+/4K UART improper physical access control | E | |
| CVE-2025-8763 | Ruijie EG306MG strongSwan strongswan.conf missing encryption | | |
| CVE-2025-8764 | linlinjava litemall upload unrestricted upload | E | |
| CVE-2025-8765 | Datacom DM955 5GT 1200 Wireless Basic Settings cross site scripting | | |
| CVE-2025-8767 | AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection | | |
| CVE-2025-8770 | Authorization Bypass Through User-Controlled Key in GitLab | S | |
| CVE-2025-8771 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi... | R | |
| CVE-2025-8772 | Vinades NukeViet Module index.php server-side request forgery | E | |
| CVE-2025-8773 | Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection | E | |
| CVE-2025-8774 | riscv-boom SonicBOOM L1 Data Cache timing discrepancy | E | |
| CVE-2025-8775 | Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload | E | |
| CVE-2025-8782 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2025-8783 | Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' | | |
| CVE-2025-8784 | Portabilis i-Educar Cadastrar Vínculo funcionario_vinculo_cad.php cross site scripting | E | |
| CVE-2025-8785 | Portabilis i-Educar educar_usuario_lst.php cross site scripting | E | |
| CVE-2025-8786 | Portabilis i-Diario Registro das atividades registros-de-conteudos-por-areas-de-conhecimento cross site scripting | E | |
| CVE-2025-8787 | Portabilis i-Diario Registro das atividades registros-de-conteudos-por-disciplina cross site scripting | E | |
| CVE-2025-8788 | Portabilis i-Diario Informações adicionais planos-de-aula-por-areas-de-conhecimento cross site scripting | E | |
| CVE-2025-8789 | Portabilis i-Educar API Endpoint Diario authorization | E | |
| CVE-2025-8790 | Portabilis i-Educar API Endpoint pessoa improper authorization | E | |
| CVE-2025-8791 | LitmusChaos Litmus list_projects improper authorization | E | |
| CVE-2025-8792 | LitmusChaos Litmus client-side enforcement of server-side security | E | |
| CVE-2025-8793 | LitmusChaos Litmus resource injection | E | |
| CVE-2025-8794 | LitmusChaos Litmus LocalStorage authorization | E | |
| CVE-2025-8795 | LitmusChaos Litmus login access control | E | |
| CVE-2025-8796 | LitmusChaos Litmus Delete Request delete_project authorization | E | |
| CVE-2025-8797 | LitmusChaos Litmus LocalStorage permission | E | |
| CVE-2025-8798 | oitcode samarium Create Product product unrestricted upload | E | |
| CVE-2025-8799 | Open5GS AMF npcf-build.c amf_nsmf_pdusession_build_create_sm_context denial of service | E S | |
| CVE-2025-8800 | Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service | E S | |
| CVE-2025-8801 | Open5GS AMF gmm-sm.c gmm_state_exception denial of service | E S | |
| CVE-2025-8802 | Open5GS SMF smf-sm.c smf_state_operational denial of service | E S | |
| CVE-2025-8803 | Open5GS AMF gmm-sm.c gmm_state_exception denial of service | E S | |
| CVE-2025-8804 | Open5GS AMF ngap_build_downlink_nas_transport assertion | E S | |
| CVE-2025-8805 | Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service | E S | |
| CVE-2025-8806 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 treeData sql injection | | |
| CVE-2025-8807 | xujeff tianti 天梯 save authorization | E | |
| CVE-2025-8808 | xujeff tianti 天梯 com.jeff.tianti.controller save exportOrder csv injection | E | |
| CVE-2025-8809 | code-projects Online Medicine Guide addelidetails.php sql injection | E | |
| CVE-2025-8810 | Tenda AC20 SetFirewallCfg strcpy stack-based overflow | E | |
| CVE-2025-8811 | code-projects Simple Art Gallery registration.php sql injection | E | |
| CVE-2025-8812 | atjiu pybbs Admin Panel settings cross site scripting | E S | |
| CVE-2025-8813 | atjiu pybbs IndexController.java changeLanguage redirect | E S | |
| CVE-2025-8814 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery | E S | |
| CVE-2025-8815 | 猫宁i Morning Shiro Configuration index path traversal | E | |
| CVE-2025-8816 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setOpMode stack-based overflow | E | |
| CVE-2025-8817 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan stack-based overflow | E | |
| CVE-2025-8818 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection | E | |
| CVE-2025-8819 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan stack-based overflow | E | |
| CVE-2025-8820 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 wirelessBasic stack-based overflow | E | |
| CVE-2025-8821 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection | E | |
| CVE-2025-8822 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setOpMode algDisable stack-based overflow | E | |
| CVE-2025-8823 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection | E | |
| CVE-2025-8824 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setRIP stack-based overflow | E | |
| CVE-2025-8825 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection | E | |
| CVE-2025-8826 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_rp_autochannel stack-based overflow | E | |
| CVE-2025-8827 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection | E | |
| CVE-2025-8828 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection | E | |
| CVE-2025-8829 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection | E | |
| CVE-2025-8830 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan sub_3517C os command injection | E | |
| CVE-2025-8831 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 remoteManagement stack-based overflow | E | |
| CVE-2025-8832 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDMZ stack-based overflow | E | |
| CVE-2025-8833 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchBack stack-based overflow | E | |
| CVE-2025-8834 | JCG Link-net LW-N915R Wireless Basic Settings basic.asp cross site scripting | | |
| CVE-2025-8835 | JasPer Image Color Space Conversion jas_image.c jas_image_chclrspc null pointer dereference | E S | |
| CVE-2025-8836 | JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion | E S | |
| CVE-2025-8837 | JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free | E S | |
| CVE-2025-8838 | WinterChenS my-site Backend admin preHandle improper authentication | E | |
| CVE-2025-8839 | jshERP Endpoint addUser improper authorization | E | |
| CVE-2025-8840 | jshERP Endpoint deleteBatch improper authorization | E | |
| CVE-2025-8841 | zlt2000 microservices-platform FileController.java upload unrestricted upload | E | |
| CVE-2025-8842 | NASM Netwide Assember preproc.c do_directive use after free | E | |
| CVE-2025-8843 | NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow | E | |
| CVE-2025-8844 | NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference | E | |
| CVE-2025-8845 | NASM Netwide Assember nasm.c assemble_file stack-based overflow | E | |
| CVE-2025-8846 | NASM Netwide Assember parser.c parse_line stack-based overflow | E | |
| CVE-2025-8847 | yangzongzhuan RuoYi edit cross site scripting | E | |
| CVE-2025-8851 | LibTIFF tiffcrop tiffcrop.c readSeparateStripsetoBuffer stack-based overflow | E S | |
| CVE-2025-8852 | WuKongOpenSource WukongCRM API Response upload information exposure | E | |
| CVE-2025-8853 | 2100 Technology|Official Document Management System - Authentication Bypass | S | |
| CVE-2025-8854 | bullet3 VHACD utility: stack-based buffer overflow in OFF parser (LoadOFF) | E | |
| CVE-2025-8857 | Changing|Clinic Image System - Use of Hard-coded Credentials | S | |
| CVE-2025-8858 | Changing|Clinic Image System - SQL Injection | S | |
| CVE-2025-8859 | code-projects eBlog Site File Upload save-slider.php unrestricted upload | E | |
| CVE-2025-8861 | Changing|TSA - Missing Authentication | S | |
| CVE-2025-8862 | YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include se... | | |
| CVE-2025-8863 | YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data durin... | | |
| CVE-2025-8864 | Shared Access Signature token is not masked in the backup configuration response and is also exposed... | | |
| CVE-2025-8865 | The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null poin... | | |
| CVE-2025-8866 | YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe... | | |
| CVE-2025-8867 | Graphina - Elementor Charts and Graphs <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | | |
| CVE-2025-8874 | Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox | | |
| CVE-2025-8875 | Insecure Deserialization Vulnerability | KEV | |
| CVE-2025-8876 | Command Injection Vulnerability | KEV | |
| CVE-2025-8878 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution | | |
| CVE-2025-8879 | Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to... | | |
| CVE-2025-8880 | Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary c... | | |
| CVE-2025-8881 | Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remot... | | |
| CVE-2025-8882 | Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convin... | | |
| CVE-2025-8885 | Possible DOS in processing specially formed ASN.1 Object Identifiers | M | |
| CVE-2025-8891 | OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation | E | |
| CVE-2025-8895 | WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy | | |
| CVE-2025-8896 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | | |
| CVE-2025-8897 | Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting | | |
| CVE-2025-8898 | Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover | | |
| CVE-2025-8901 | Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to p... | | |
| CVE-2025-8904 | Privilege escalation issue in Amazon EMR Secret Agent component | | |
| CVE-2025-8905 | Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call | | |
| CVE-2025-8907 | H3C M2 NAS Webserver Configuration unnecessary privileges | E | |
| CVE-2025-8908 | Shanghai Lingdang Information Technology Lingdang CRM event.php sql injection | E | |
| CVE-2025-8909 | WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal | S | |
| CVE-2025-8910 | WellChoose|Organization Portal System - Reflected Cross-site Scripting | S | |
| CVE-2025-8911 | WellChoose|Organization Portal System - Reflected Cross-site Scripting | S | |
| CVE-2025-8912 | WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal | S | |
| CVE-2025-8913 | WellChoose|Organization Portal System - Local File Inclusion | S | |
| CVE-2025-8914 | WellChoose|Organization Portal System - SQL Injection | S | |
| CVE-2025-8916 | Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer | M | |
| CVE-2025-8918 | Portabilis i-Educar Editar educar_instituicao_cad.php cross site scripting | E | |
| CVE-2025-8919 | Portabilis i-Diario History objetivos-de-aprendizagem-e-habilidades cross site scripting | E | |
| CVE-2025-8920 | Portabilis i-Diario Dicionário de Termos BNCC dicionario-de-termos-bncc cross site scripting | E | |
| CVE-2025-8921 | code-projects Job Diary user-apply.php sql injection | E | |
| CVE-2025-8922 | code-projects Job Diary admin-inbox.php sql injection | E | |
| CVE-2025-8923 | code-projects Job Diary edit-details.php sql injection | E | |
| CVE-2025-8924 | Campcodes Online Water Billing System viewbill.php sql injection | E | |
| CVE-2025-8925 | itsourcecode Sports Management System match.php sql injection | E | |
| CVE-2025-8926 | SourceCodester COVID 19 Testing Management System login.php sql injection | E | |
| CVE-2025-8927 | mtons mblog Verification Code send_code excessive authentication | E | |
| CVE-2025-8928 | code-projects Medical Store Management System Update Medicines UpdateMedicines.java sql injection | E | |
| CVE-2025-8929 | code-projects Medical Store Management System MainPanel.java sql injection | E | |
| CVE-2025-8930 | code-projects Medical Store Management System Update Company UpdateCompany.java sql injection | E | |
| CVE-2025-8931 | code-projects Medical Store Management System ChangePassword.java sql injection | E | |
| CVE-2025-8932 | 1000 Projects Sales Management System sales.php sql injection | E | |
| CVE-2025-8933 | 1000 Projects Sales Management System sales.php cross site scripting | E | |
| CVE-2025-8934 | 1000 Projects Sales Management System sales.php cross site scripting | E | |
| CVE-2025-8935 | 1000 Projects Sales Management System custcmp.php sql injection | E | |
| CVE-2025-8936 | 1000 Projects Sales Management System dordupdate.php sql injection | E | |
| CVE-2025-8937 | TOTOLINK N350R formSysCmd command injection | E | |
| CVE-2025-8938 | TOTOLINK N350R Telnet Service formSysTel backdoor | E | |
| CVE-2025-8939 | Tenda AC20 WifiGuestSet buffer overflow | E | |
| CVE-2025-8940 | Tenda AC20 saveParentControlInfo strcpy buffer overflow | E | |
| CVE-2025-8941 | Linux-pam: incomplete fix for cve-2025-6020 | M | |
| CVE-2025-8943 | Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers | | |
| CVE-2025-8946 | projectworlds Online Notes Sharing Platform login.php sql injection | E | |
| CVE-2025-8947 | projectworlds Visitor Management System query_data.php sql injection | E | |
| CVE-2025-8948 | projectworlds Visitor Management System front.php sql injection | E | |
| CVE-2025-8949 | D-Link DIR-825 httpd ping_response.cgi get_ping_app_stat stack-based overflow | E | |
| CVE-2025-8950 | Campcodes Online Recruitment Management System index.php sql injection | E | |
| CVE-2025-8951 | PHPGurukul Teachers Record Management System search.php sql injection | E | |
| CVE-2025-8952 | Campcodes Online Flight Booking Management System Login ajax.php sql injection | E | |
| CVE-2025-8953 | SourceCodester COVID 19 Testing Management System check_availability.php sql injection | E | |
| CVE-2025-8954 | PHPGurukul Hospital Management System doctor-specilization.php sql injection | E | |
| CVE-2025-8955 | PHPGurukul Hospital Management System edit-doctor.php sql injection | E | |
| CVE-2025-8956 | D-Link DIR‑818L ssdpcgi cgibin getenv command injection | E | |
| CVE-2025-8957 | Campcodes Online Flight Booking Management System flights.php sql injection | E | |
| CVE-2025-8958 | Tenda TX3 fast_setting_wifi_set stack-based overflow | E | |
| CVE-2025-8959 | HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack | | |
| CVE-2025-8960 | Campcodes Online Flight Booking Management System save_airlines.php sql injection | E | |
| CVE-2025-8961 | LibTIFF tiffcrop tiffcrop.c main memory corruption | E | |
| CVE-2025-8962 | code-projects Hostel Management System Login Form hostel_manage.exe stack-based overflow | E | |
| CVE-2025-8963 | jeecgboot JimuReport Data Large Screen Template testConnection deserialization | | |
| CVE-2025-8964 | code-projects Hostel Management System Login hostel_manage.exe improper authentication | E | |
| CVE-2025-8965 | linlinjava litemall Endpoint AdminStorageController.java create unrestricted upload | E | |
| CVE-2025-8966 | itsourcecode Online Tour and Travel Management System tax.php sql injection | E | |
| CVE-2025-8967 | itsourcecode Online Tour and Travel Management System packages.php sql injection | E | |
| CVE-2025-8968 | itsourcecode Online Tour and Travel Management System disapprove_user.php sql injection | E | |
| CVE-2025-8969 | itsourcecode Online Tour and Travel Management System approve_user.php sql injection | E | |
| CVE-2025-8970 | itsourcecode Online Tour and Travel Management System booking.php sql injection | E | |
| CVE-2025-8971 | itsourcecode Online Tour and Travel Management System travellers.php sql injection | E | |
| CVE-2025-8972 | itsourcecode Online Tour and Travel Management System page-login.php sql injection | E | |
| CVE-2025-8973 | SourceCodester Cashier Queuing System Actions.php sql injection | E | |
| CVE-2025-8974 | linlinjava litemall JSON Web Token JwtHelper.java hard-coded credentials | E | |
| CVE-2025-8975 | givanz Vvveb edit.tpl cross site scripting | E S | |
| CVE-2025-8976 | givanz Vvveb Endpoint post cross site scripting | E S | |
| CVE-2025-8977 | Simple Download Monitor <= 3.9.33 - Simple Download Monitor <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality | | |
| CVE-2025-8978 | D-Link DIR-619L boa FirmwareUpgrade data authenticity | E S | |
| CVE-2025-8979 | Tenda AC15 Firmware Update check_fw data authenticity | E S | |
| CVE-2025-8980 | Tenda G1 Firmware Update check_upload_file data authenticity | E S | |
| CVE-2025-8981 | itsourcecode Online Tour and Travel Management System payment.php sql injection | E | |
| CVE-2025-8982 | itsourcecode Online Tour and Travel Management System currency.php sql injection | E | |
| CVE-2025-8983 | itsourcecode Online Tour and Travel Management System expense.php sql injection | E | |
| CVE-2025-8984 | itsourcecode Online Tour and Travel Management System expense_category.php sql injection | E | |
| CVE-2025-8985 | SourceCodester COVID 19 Testing Management System profile.php sql injection | E | |
| CVE-2025-8986 | SourceCodester COVID 19 Testing Management System search-report-result.php sql injection | E | |
| CVE-2025-8987 | SourceCodester COVID 19 Testing Management System test-details.php sql injection | E | |
| CVE-2025-8988 | SourceCodester COVID 19 Testing Management System bwdates-report-result.php sql injection | E | |
| CVE-2025-8989 | SourceCodester COVID 19 Testing Management System edit-phlebotomist.php sql injection | E | |
| CVE-2025-8990 | code-projects Online Medicine Guide browsemdcn.php sql injection | E | |
| CVE-2025-8991 | linlinjava litemall Business Logic express logic error | E | |
| CVE-2025-8992 | mtons mblog cross-site request forgery | E | |
| CVE-2025-8993 | itsourcecode Online Tour and Travel Management System expense_report.php sql injection | E | |
| CVE-2025-8995 | Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096 | | |
| CVE-2025-8996 | Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097 | | |
| CVE-2025-8997 | OpenText Enterprise Security Manager Information Exposure | |