CVE-2025-9xxx

There are 344 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-9000 Mechrevo Control Center GX V2 reg File uncontrolled search path
E
CVE-2025-9001 LemonOS HTTP Client main.cpp HTTPGet stack-based overflow
E
CVE-2025-9002 Surbowl dormitory-management-php login.php sql injection
E
CVE-2025-9003 D-Link DIR-818LW DHCP Reserved Address bsc_lan.php cross site scripting
CVE-2025-9004 mtons mblog password excessive authentication
E
CVE-2025-9005 mtons mblog register information exposure
E
CVE-2025-9006 Tenda CH22 delFileName formdelFileName buffer overflow
E
CVE-2025-9007 Tenda CH22 editFileName formeditFileName buffer overflow
E
CVE-2025-9008 itsourcecode Online Tour and Travel Management System sms_setting.php sql injection
E
CVE-2025-9009 itsourcecode Online Tour and Travel Management System email_setup.php sql injection
E
CVE-2025-9010 itsourcecode Online Tour and Travel Management System booking_report.php sql injection
E
CVE-2025-9011 PHPGurukul Online Shopping Portal Project signup.php sql injection
E
CVE-2025-9012 PHPGurukul Online Shopping Portal Project bill-ship-addresses.php sql injection
E
CVE-2025-9013 PHPGurukul Online Shopping Portal Project password-recovery.php sql injection
E
CVE-2025-9016 Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path
E
CVE-2025-9017 PHPGurukul Zoo Management System add-foreigner-ticket.php cross site scripting
E
CVE-2025-9019 tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow
E
CVE-2025-9020 PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free
S
CVE-2025-9021 SourceCodester Online Bank Management System transfer.php sql injection
CVE-2025-9022 SourceCodester Online Bank Management System statements.php sql injection
CVE-2025-9023 Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow
E
CVE-2025-9024 PHPGurukul Beauty Parlour Management System book-appointment.php sql injection
E
CVE-2025-9025 code-projects Simple Cafe Ordering System portal.php sql injection
E
CVE-2025-9026 D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection
E
CVE-2025-9027 code-projects Online Medicine Guide addelivery.php sql injection
E
CVE-2025-9028 code-projects Online Medicine Guide adphar.php sql injection
E
CVE-2025-9036 Rockwell Automation FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability
S
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent
S
CVE-2025-9041 Rockwell Automation FLEX 5000 I/O - Module Fault
S
CVE-2025-9042 Rockwell Automation FLEX 5000 I/O - Module Fault
S
CVE-2025-9043 The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an a...
CVE-2025-9046 Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow
E
CVE-2025-9047 projectworlds Visitor Management System visitor_out.php sql injection
E
CVE-2025-9048 Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion
CVE-2025-9050 projectworlds Travel Management System addcategory.php sql injection
E
CVE-2025-9051 projectworlds Travel Management System updatecategory.php sql injection
E
CVE-2025-9052 projectworlds Travel Management System updatepackage.php sql injection
E
CVE-2025-9053 projectworlds Travel Management System updatesubcategory.php sql injection
E
CVE-2025-9060 MFlash Remote Code Execution (RCE) after authentication of a user with the "administrator" role
CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto
CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers
E
CVE-2025-9087 Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow
E
CVE-2025-9088 Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow
E
CVE-2025-9089 Tenda AC20 SetIpMacBind sub_48E628 stack-based overflow
E
CVE-2025-9090 Tenda AC20 Telnet Service telnet websFormDefine command injection
E
CVE-2025-9091 Tenda AC20 shadow hard-coded credentials
E
CVE-2025-9092 Hybrid Module Deployment in Multi-JVM Environments Leading to Resource Exhaustion
M
CVE-2025-9093 BuzzFeed App com.buzzfeed.android AndroidManifest.xml improper export of android application components
E
CVE-2025-9094 ThingsBoard Add Gateway special elements used in a template engine
E
CVE-2025-9095 ExpressGateway express-gateway REST Endpoint users.js cross site scripting
E
CVE-2025-9096 ExpressGateway express-gateway REST Endpoint apps.js cross site scripting
E
CVE-2025-9097 Euro Information CIC banque et compte en ligne App com.cic_prod.bad AndroidManifest.xml improper export of android application components
E
CVE-2025-9098 Elseplus File Recovery App AndroidManifest.xml improper export of android application components
E
CVE-2025-9099 Acrel Environmental Monitoring Cloud Platform UploadNewsImg unrestricted upload
E
CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay
E
CVE-2025-9101 zhenfeng13 My-Blog Tag save cross site scripting
E
CVE-2025-9102 1&1 Mail & Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components
E
CVE-2025-9103 ZenCart CKEditor cross site scripting
E
CVE-2025-9104 Portabilis i-Diario Informações Adicionais /planos-de-aulas-por-disciplina cross site scripting
E
CVE-2025-9105 Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site scripting
E
CVE-2025-9106 Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-disciplina cross site scripting
E
CVE-2025-9107 Portabilis i-Diario search_autocomplete cross site scripting
E
CVE-2025-9108 Portabilis i-Diario Login Page ui layer
CVE-2025-9109 Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
CVE-2025-9118 Dataform Path Traversal
CVE-2025-9119 Netis WF2419 Wireless Settings index.htm cross site scripting
CVE-2025-9131 Ogulo – 360° Tour <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter
CVE-2025-9132 Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to pote...
CVE-2025-9134 AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components
E
CVE-2025-9135 Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim AndroidManifest.xml improper export of android application components
E
CVE-2025-9136 libretro RetroArch file_stream.c filestream_vscanf out-of-bounds
E S
CVE-2025-9137 Scada-LTS scheduled_events.shtm cross site scripting
E
CVE-2025-9138 Scada-LTS new cross site scripting
E
CVE-2025-9139 Scada-LTS WatchListDwr.init.dwr information disclosure
E
CVE-2025-9140 Shanghai Lingdang Information Technology Lingdang CRM tabdetail_moduleSave.php sql injection
E
CVE-2025-9143 Scada-LTS mailing_lists.shtm cross site scripting
E
CVE-2025-9144 Scada-LTS publisher_edit.shtm cross site scripting
E
CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting
E
CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption
E S
CVE-2025-9147 jasonclark getsemantic index.php cross site scripting
E
CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection
E
CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection
E
CVE-2025-9150 Surbowl dormitory-management-php violation_add.php sql injection
E
CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization
E
CVE-2025-9153 itsourcecode Online Tour and Travel Management System travellers.php unrestricted upload
E
CVE-2025-9154 itsourcecode Online Tour and Travel Management System page-login.php sql injection
E
CVE-2025-9155 itsourcecode Online Tour and Travel Management System forget_password.php sql injection
E
CVE-2025-9156 itsourcecode Sports Management System sports.php sql injection
E
CVE-2025-9157 appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free
E S
CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables
M
CVE-2025-9165 LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak
E S
CVE-2025-9167 SolidInvoice Recurring Invoice recurring cross site scripting
E
CVE-2025-9168 SolidInvoice Invoice Creation invoice cross site scripting
E
CVE-2025-9169 SolidInvoice Quote quotes cross site scripting
E
CVE-2025-9170 SolidInvoice Tax Rates rates cross site scripting
E
CVE-2025-9171 SolidInvoice Clients clients cross site scripting
E
CVE-2025-9172 Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter
CVE-2025-9173 Emlog Pro media.php unrestricted upload
E
CVE-2025-9174 neurobin shc Filename shc.c make os command injection
E
CVE-2025-9175 neurobin shc shc.c make stack-based overflow
E
CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection
E
CVE-2025-9179 An attacker was able to perform memory corruption in the GMP process which processes encrypted media...
CVE-2025-9180 'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox ...
CVE-2025-9181 Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, F...
CVE-2025-9182 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability af...
CVE-2025-9183 Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ES...
CVE-2025-9184 Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird ...
CVE-2025-9185 Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefo...
CVE-2025-9186 Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects...
CVE-2025-9187 Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of...
CVE-2025-9190 TCC Bypass via misconfigured Node fuses in Cursor
CVE-2025-9193 TOTVS Portal Meu RH Password Reset redirect
E
CVE-2025-9195 Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local ...
CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation
CVE-2025-9217 Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'
CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet
S
CVE-2025-9228 Insufficient authorization when creating notes
S
CVE-2025-9229 Information Disclosure in MiR robots and MiR fleet through verbose error pages
S
CVE-2025-9233 Scada-LTS view_edit.shtm cross site scripting
E
CVE-2025-9234 Scada-LTS maintenance_events.shtm cross site scripting
E
CVE-2025-9235 Scada-LTS compound_events.shtm cross site scripting
E
CVE-2025-9236 Portabilis i-Educar Tipos de usuàrio educar_tipo_usuario_lst.php sql injection
E
CVE-2025-9237 CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting
E
CVE-2025-9238 Swatadru Exam-Seating-Arrangement Student Login student.php sql injection
E
CVE-2025-9239 elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption
CVE-2025-9240 elunez eladmin info information disclosure
E
CVE-2025-9241 elunez eladmin exportUser csv injection
E
CVE-2025-9244 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection
E
CVE-2025-9245 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 WPSSTAPINEnr stack-based overflow
E
CVE-2025-9246 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 check_port_conflict stack-based overflow
E
CVE-2025-9247 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setVlan stack-based overflow
E
CVE-2025-9248 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_pingGatewayByBBS stack-based overflow
E
CVE-2025-9249 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DHCPReserveAddGroup stack-based overflow
E
CVE-2025-9250 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow
E
CVE-2025-9251 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 sta_wps_pin stack-based overflow
E
CVE-2025-9252 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect stack-based overflow
E
CVE-2025-9253 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_doSpecifySiteSurvey stack-based overflow
E
CVE-2025-9254 Uniong|WebITR - Missing Authentication
S
CVE-2025-9255 Uniong|WebITR - SQL Injection
CVE-2025-9256 Uniong|WebITR - Arbitrary File Reading through Path Traversal
S
CVE-2025-9257 Uniong|WebITR - Arbitrary File Reading through Path Traversal
S
CVE-2025-9258 Uniong|WebITR - Arbitrary File Reading through Path Traversal
S
CVE-2025-9259 Uniong|WebITR - Arbitrary File Reading through Path Traversal
S
CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection
E
CVE-2025-9263 Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection
E
CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection
E
CVE-2025-9277 SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression
CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data
E S
CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data
E S
CVE-2025-9296 Emlog Pro blogger.php unrestricted upload
E
CVE-2025-9297 Tenda i22 wxportalauth formWeixinAuthInfoGet stack-based overflow
E
CVE-2025-9298 Tenda M3 QuickIndex formQuickIndex stack-based overflow
E
CVE-2025-9299 Tenda M3 getMasterPassengerAnalyseData formGetMasterPassengerAnalyseData stack-based overflow
E
CVE-2025-9300 saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow
E S
CVE-2025-9301 cmake cmForEachCommand.cxx ReplayItems assertion
E S
CVE-2025-9302 PHPGurukul User Management System signup.php sql injection
E
CVE-2025-9303 TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow
E
CVE-2025-9304 SourceCodester Online Bank Management System show.php sql injection
E
CVE-2025-9305 SourceCodester Online Bank Management System mnotice.php sql injection
E
CVE-2025-9306 SourceCodester Advanced School Management System addNotice cross site scripting
E
CVE-2025-9307 PHPGurukul Online Course Registration session.php sql injection
E
CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos
E
CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials
E
CVE-2025-9310 yeqifu carRental Druid login.html hard-coded credentials
E
CVE-2025-9311 itsourcecode Apartment Management System addfair.php sql injection
E
CVE-2025-9331 Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import
CVE-2025-9340 native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.
M
CVE-2025-9341 Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion
M
CVE-2025-9344 UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9345 File Manager, Code Editor, and Backup by Managefy <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download
CVE-2025-9346 Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9352 Pronamic Google Maps <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-9355 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow
E
CVE-2025-9356 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow
E
CVE-2025-9357 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow
E
CVE-2025-9358 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow
E
CVE-2025-9359 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow
E
CVE-2025-9360 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow
E
CVE-2025-9361 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow
E
CVE-2025-9362 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow
CVE-2025-9363 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portTriggerManageRule stack-based overflow
E
CVE-2025-9374 Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery
CVE-2025-9376 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass
CVE-2025-9377 Authenticated RCE via Parental Control command injection
S
CVE-2025-9379 Belkin AX1800 Firmware Update data authenticity
S
CVE-2025-9380 FNKvision Y215 CCTV Camera Firmware passwd hard-coded credentials
E
CVE-2025-9381 FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure
E
CVE-2025-9382 FNKvision Y215 CCTV Camera Telnet Sevice s1_rf_test_config backdoor
E
CVE-2025-9383 FNKvision Y215 CCTV Camera passwd crypt weak hash
E
CVE-2025-9384 appneta tcpreplay parse_args.c tcpedit_post_args null pointer dereference
E
CVE-2025-9385 appneta tcpreplay tcprewrite edit_packet.c fix_ipv6_checksums use after free
E
CVE-2025-9386 appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free
E
CVE-2025-9387 DCN DCME-720 Web Management Backend ip_block.php os command injection
E
CVE-2025-9388 Scada-LTS watch_list.shtm cross site scripting
E
CVE-2025-9389 vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_erms memory corruption
E
CVE-2025-9390 vim xxd xxd.c main buffer overflow
E S
CVE-2025-9391 Bjskzy Zhiyou ERP com.artery.workflow.ServiceImpl getFieldValue sql injection
E
CVE-2025-9392 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow
E
CVE-2025-9393 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaProfile stack-based overflow
E
CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free
E S
CVE-2025-9395 wangsongyan wblog backup.go RestorePost server-side request forgery
E
CVE-2025-9396 ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference
E
CVE-2025-9397 givanz Vvveb media.php unrestricted upload
E
CVE-2025-9398 YiFang CMS Migrate.php exportInstallTable information disclosure
E
CVE-2025-9399 YiFang CMS L_tool.php sql injection
E
CVE-2025-9400 YiFang CMS P_file.php mergeMultipartUpload unrestricted upload
E
CVE-2025-9401 HuangDou UTCMS Login login.php comparison
E
CVE-2025-9402 HuangDou UTCMS Config update.php server-side request forgery
E
CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion
E
CVE-2025-9404 Scada-LTS Folder pointHierarchySLTS cross site scripting
E
CVE-2025-9405 Open5GS gmm-sm.c gmm_state_exception assertion
E S
CVE-2025-9406 xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload
E
CVE-2025-9407 mtons mblog profile cross site scripting
E
CVE-2025-9409 lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal
E
CVE-2025-9410 lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection
E
CVE-2025-9411 lostvip-com ruoyi-go LoginInforService.go SelectPageList sql injection
E
CVE-2025-9412 lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection
E
CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection
E
CVE-2025-9414 kalcaddle kodbox Download from Link serverDownload server-side request forgery
E
CVE-2025-9415 GreenCMS index.php unrestricted upload
E
CVE-2025-9416 oitcode samarium Pages Image webpage cross site scripting
E
CVE-2025-9417 itsourcecode Apartment Management System addemployee.php sql injection
E
CVE-2025-9418 itsourcecode Apartment Management System addowner.php sql injection
E
CVE-2025-9419 itsourcecode Apartment Management System addunit.php sql injection
E
CVE-2025-9420 itsourcecode Apartment Management System addfloor.php sql injection
E
CVE-2025-9421 itsourcecode Apartment Management System addcomplain.php sql injection
E
CVE-2025-9422 oitcode samarium Team Image team cross site scripting
E
CVE-2025-9423 Campcodes Online Water Billing System editecex.php sql injection
E
CVE-2025-9424 Ruijie WS7204-A branch_import.php os command injection
E
CVE-2025-9425 itsourcecode Online Tour and Travel Management System enquiry.php sql injection
E
CVE-2025-9426 itsourcecode Online Tour and Travel Management System package.php sql injection
E
CVE-2025-9429 mtons mblog Post submit cross site scripting
E
CVE-2025-9430 mtons mblog update cross site scripting
E
CVE-2025-9431 mtons mblog search cross site scripting
E
CVE-2025-9432 mtons mblog Admin Panel list cross site scripting
E
CVE-2025-9433 mtons mblog Admin Panel list cross site scripting
E
CVE-2025-9434 1000projects Online Project Report Submission and Evaluation System edit_title.php cross site scripting
E
CVE-2025-9438 1000projects Online Project Report Submission and Evaluation System add_student.php cross site scripting
E
CVE-2025-9439 1000projects Online Project Report Submission and Evaluation System edit_faculty.php cross site scripting
E
CVE-2025-9440 1000projects Online Project Report Submission and Evaluation System add_title.php cross site scripting
E
CVE-2025-9441 iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter
CVE-2025-9443 Tenda CH22 editUserName formeditUserName buffer overflow
E
CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection
E
CVE-2025-9461 diyhi bbs File Compression FilePackageManageAction.java information disclosure
E
CVE-2025-9468 itsourcecode Apartment Management System add_bill.php sql injection
E
CVE-2025-9469 itsourcecode Apartment Management System add_fund.php sql injection
E
CVE-2025-9470 itsourcecode Apartment Management System add_m_committee.php sql injection
E
CVE-2025-9471 itsourcecode Apartment Management System add_maintenance_cost.php sql injection
E
CVE-2025-9472 itsourcecode Apartment Management System add_owner_utility.php sql injection
E
CVE-2025-9473 SourceCodester Online Bank Management System feedback.php sql injection
E
CVE-2025-9474 Mihomo Party Socket sysproxy.ts enableSysProxy temp file
E
CVE-2025-9475 SourceCodester Human Resource Information System editemployee_process.php unrestricted upload
E
CVE-2025-9476 SourceCodester Human Resource Information System editemployee_process.php unrestricted upload
E
CVE-2025-9478 Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potent...
CVE-2025-9481 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 stack-based overflow
E
CVE-2025-9482 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portRangeForwardAdd stack-based overflow
E
CVE-2025-9483 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 singlePortForwardAdd stack-based overflow
E
CVE-2025-9491 Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability
CVE-2025-9492 Campcodes Online Water Billing System addclient1.php sql injection
E
CVE-2025-9502 Campcodes Online Loan Management System ajax.php sql injection
E
CVE-2025-9503 Campcodes Online Loan Management System ajax.php sql injection
E
CVE-2025-9504 Campcodes Online Loan Management System ajax.php sql injection
E
CVE-2025-9505 Campcodes Online Loan Management System ajax.php sql injection
E
CVE-2025-9506 Campcodes Online Loan Management System ajax.php sql injection
E
CVE-2025-9507 itsourcecode Apartment Management System visitor_info.php sql injection
E
CVE-2025-9508 itsourcecode Apartment Management System rented_info.php sql injection
E
CVE-2025-9509 itsourcecode Apartment Management System fair_info_all.php sql injection
E
CVE-2025-9510 itsourcecode Apartment Management System addbranch.php sql injection
E
CVE-2025-9511 itsourcecode Apartment Management System addvisitor.php sql injection
E
CVE-2025-9513 editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption
CVE-2025-9514 macrozheng mall Registration weak password
CVE-2025-9523 Tenda AC1206 GetParentControlInfo stack-based overflow
E
CVE-2025-9525 Linksys E1700 setWan stack-based overflow
E
CVE-2025-9526 Linksys E1700 setSysAdm stack-based overflow
E
CVE-2025-9527 Linksys E1700 QoSSetup stack-based overflow
E
CVE-2025-9528 Linksys E1700 systemCommand os command injection
E
CVE-2025-9529 Campcodes Payroll Management System index.php include file inclusion
E
CVE-2025-9531 Portabilis i-Educar Agenda agenda.php sql injection
E
CVE-2025-9532 Portabilis i-Educar view sql injection
E
CVE-2025-9533 TOTOLINK T10 formLoginAuth.htm improper authentication
E
CVE-2025-9575 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 upload.cgi cgiMain os command injection
E
CVE-2025-9576 seeedstudio ReSpeaker Administrative shadow default credentials
E
CVE-2025-9577 TOTOLINK X2000R Administrative shadow.sample default credentials
E
CVE-2025-9578 Local privilege escalation due to insecure folder permissions. The following products are affected: ...
CVE-2025-9579 LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
E
CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection
E
CVE-2025-9581 Comfast CF-N1 webmgnt multi_pppoe command injection
E
CVE-2025-9582 Comfast CF-N1 webmgnt ntp_timezone command injection
E
CVE-2025-9583 Comfast CF-N1 webmgnt ping_config command injection
E
CVE-2025-9584 Comfast CF-N1 webmgnt update_interface_png command injection
E S
CVE-2025-9585 Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection
E
CVE-2025-9586 Comfast CF-N1 webmgnt wireless_device_dissoc command injection
E
CVE-2025-9589 Cudy WR1200EA shadow default password
E
CVE-2025-9590 Weaver E-Mobile Mobile Management Platform cross site scripting
E
CVE-2025-9591 ZrLog Theme Configuration Form config cross site scripting
E
CVE-2025-9592 itsourcecode Apartment Management System bill_info.php sql injection
E
CVE-2025-9593 itsourcecode Apartment Management System unit_status_info.php sql injection
E
CVE-2025-9594 itsourcecode Apartment Management System complain_info.php sql injection
E
CVE-2025-9595 code-projects Student Information Management System login.php cross site scripting
E
CVE-2025-9596 itsourcecode Sports Management System login.php sql injection
E
CVE-2025-9597 itsourcecode Apartment Management System rented_all_info.php sql injection
E
CVE-2025-9598 itsourcecode Apartment Management System year_setup.php sql injection
E
CVE-2025-9599 itsourcecode Apartment Management System month_setup.php sql injection
E
CVE-2025-9600 itsourcecode Apartment Management System member_type_setup.php sql injection
E
CVE-2025-9601 itsourcecode Apartment Management System employee_salary_setup.php sql injection
E
CVE-2025-9602 Xinhu RockOA index.php publicsaveAjax improper authorization
E
CVE-2025-9603 Telesquare TLR-2005KSH internet.cgi command injection
E
CVE-2025-9604 coze-studio aes.go hard-coded key
S
CVE-2025-9605 Tenda AC21/AC23 GetParentControlInfo stack-based overflow
E
CVE-2025-9606 Portabilis i-Educar agenda_preferencias.php sql injection
E
CVE-2025-9607 Portabilis i-Educar Tabelas de Arredondamento view sql injection
E
CVE-2025-9608 Portabilis i-Educar Formula de Cálculo de Média view sql injection
E
CVE-2025-9609 Portabilis i-Educar consulta improper authorization
E
CVE-2025-9610 code-projects Online Event Judging System create_account.php sql injection
E
CVE-2025-9619 E4 Sistemas Mercatus ERP id resource injection
CVE-2025-9639 Ai3|QbiCRMGateway - Arbitrary File Reading through Path Traversal
S
CVE-2025-9643 itsourcecode Apartment Management System utility_bill_setup.php sql injection
E
CVE-2025-9644 itsourcecode Apartment Management System bill_setup.php sql injection
E
CVE-2025-9645 itsourcecode Apartment Management System r_all_info.php sql injection
E
CVE-2025-9646 O2OA calendarConfig cross site scripting
E
CVE-2025-9647 mtons mblog list cross site scripting
E
CVE-2025-9649 appneta tcpreplay send_packets.c calc_sleep_time divide by zero
E
CVE-2025-9650 yeqifu carRental AppFileUtils.java removeFileByPath path traversal
E
CVE-2025-9651 shafhasan chatbox chat.php sql injection
E
CVE-2025-9652 Portabilis i-Educar Cadastrar tipo de transferência educar_transferencia_tipo_cad.php cross site scripting
E
CVE-2025-9653 Portabilis i-Educar Cadastrar projeto educar_projeto_cad.php cross site scripting
E
CVE-2025-9654 AiondaDotCom mcp-ssh server-simple.mjs command injection
S
CVE-2025-9655 O2OA Personal Profile person cross site scripting
CVE-2025-9656 PHPGurukul Directory Management System add-directory.php cross site scripting
E
CVE-2025-9657 O2OA Personal Profile script cross site scripting
E
CVE-2025-9658 O2OA Personal Profile dict cross site scripting
E
CVE-2025-9659 O2OA Personal Profile widget cross site scripting
E
CVE-2025-9660 SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection
E
CVE-2025-9662 code-projects Simple Grading System Admin Panel login.php sql injection
E
CVE-2025-9663 code-projects Simple Grading System Admin Panel edit_account.php sql injection
E
CVE-2025-9664 code-projects Simple Grading System Admin Panel add_student_grade.php sql injection
E
CVE-2025-9665 code-projects Simple Grading System Admin Panel edit_student.php sql injection
E
CVE-2025-9666 code-projects Simple Grading System Admin Panel delete_student.php sql injection
E
CVE-2025-9667 code-projects Simple Grading System Admin Panel delete_account.php sql injection
E
CVE-2025-9669 Jinher OA GetTreeDate.aspx sql injection
E
CVE-2025-9670 mixmark-io turndown commonmark-rules.js redos
E
CVE-2025-9671 UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components
E
CVE-2025-9672 Rejseplanen App de.hafas.android.rejseplanen AndroidManifest.xml improper export of android application components
E
CVE-2025-9673 Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.