CVEs from 2025
Total
12,202
critical
critical 1,301
high
high 1,894
medium
medium 1,908
low
low 193
% Critical
10.7%
% with KEV
1.5%
% with exploit
1.5%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- inventory_management_system 28
- gcp 24
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-57965 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | |
| CVE-2025-57938 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themewant Easy Hotel Booking easy-hotel allows DOM-Based XSS.This issue affects Easy Hotel Bookin… | |
| CVE-2025-57902 | medium | 6.5 | 6.5 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue … | |
| CVE-2025-53570 | medium | 6.5 | 6.5 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a throug… | |
| CVE-2025-10770 | medium | 6.5 | 6.5 | 8mo ago | A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing mani… | |
| CVE-2025-10607 | medium | 6.5 | 6.5 | 8mo ago | A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosur… | |
| CVE-2025-6395 | medium | 6.5 | 6.5 | 8mo ago | Moderate: gnutls security, bug fix, and enhancement update | |
| CVE-2025-10319 | medium | 6.5 | 6.5 | 9mo ago | A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulati… | |
| CVE-2025-10096 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can … | |
| CVE-2025-48103 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's… | |
| CVE-2025-58887 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Course Finder | andré martin - it solutions & research UG Course Booking Platform course-booking-… | |
| CVE-2025-58607 | medium | 6.5 | 6.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance cookie-notice-and-consent-ban… | |
| CVE-2025-9602 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possibl… | |
| CVE-2025-9409 | medium | 6.5 | 6.5 | 9mo ago | A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipu… | |
| CVE-2025-54008 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Retrieve Embedded Sensitive Data.This issue affects JetSmartFilters: from n/a th… | |
| CVE-2025-53998 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through … | |
| CVE-2025-53993 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15. | |
| CVE-2025-53992 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1. | |
| CVE-2025-53988 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: fr… | |
| CVE-2025-53987 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1. | |
| CVE-2025-53985 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9. | |
| CVE-2025-53983 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Element… | |
| CVE-2025-53196 | medium | 6.5 | 6.5 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0. | |
| CVE-2025-47650 | medium | 6.5 | 6.5 | 9mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global infility-global allows Path Traversal.This issue affects Infility Global: from… | |
| CVE-2025-9139 | medium | 6.5 | 6.5 | 9mo ago | A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation… | |
| CVE-2025-49895 | medium | 6.5 | 6.5 | 10mo ago | Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. | |
| CVE-2025-8992 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remot… | |
| CVE-2025-52721 | medium | 6.5 | 6.5 | 10mo ago | Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3. | |
| CVE-2025-49437 | medium | 6.5 | 6.5 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL R… | |
| CVE-2025-49433 | medium | 6.5 | 6.5 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a thro… | |
| CVE-2025-8347 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql i… | |
| CVE-2025-7948 | medium | 6.5 | 6.5 | 10mo ago | A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to … | |
| CVE-2025-7784 | medium | 6.5 | 6.5 | 10mo ago | Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) | |
| CVE-2025-48339 | medium | 6.5 | 6.5 | 11mo ago | Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - Wha… | |
| CVE-2025-7511 | medium | 6.5 | 6.5 | 11mo ago | A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/update_account.php. The manipulation of the argumen… | |
| CVE-2025-50032 | medium | 6.5 | 6.5 | 11mo ago | Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce paytiko allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… | |
| CVE-2025-53320 | medium | 6.5 | 6.5 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from … | |
| CVE-2025-53290 | medium | 6.5 | 6.5 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap wp-visual-sitemap allows Stored XSS.This issue affects WP Visual Sitemap: fr… | |
| CVE-2025-50034 | medium | 6.5 | 6.5 | 11mo ago | Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.… | |
| CVE-2025-5888 | medium | 6.5 | 6.5 | 1y ago | A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request fo… | |
| CVE-2025-48147 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |
| CVE-2025-5273 | medium | 6.5 | 6.5 | 1y ago | Markdownify MCP Server allows attackers to read arbitrary files | |
| CVE-2025-47619 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2. | |
| CVE-2025-47529 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Con… | |
| CVE-2025-4969 | medium | 6.5 | 6.5 | 1y ago | A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially… | |
| CVE-2025-48251 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce all… | |
| CVE-2025-48250 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algor… | |
| CVE-2025-48232 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS… | |
| CVE-2025-47664 | medium | 6.5 | 6.5 | 1y ago | Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. | |
| CVE-2025-23906 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from… | |
| CVE-2025-23773 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1. | |
| CVE-2025-3406 | medium | 6.5 | 6.5 | 1y ago | A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The mani… | |
| CVE-2025-32187 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quý Lê 91 Administrator Z administrator-z allows DOM-Based XSS.This issue affects Administrator Z… | |
| CVE-2025-32183 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube video-playlist-for-youtube allows Stored XSS.This issu… | |
| CVE-2025-32162 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Morgan Kay Chamber Dashboard Business Directory allows DOM-Based XSS. This issue affects Chamber … | |
| CVE-2025-31407 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. | |
| CVE-2025-22285 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in enituretechnology Pallet Packaging for WooCommerce pallet-packaging-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This… | |
| CVE-2025-31889 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a th… | |
| CVE-2025-31875 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through… | |
| CVE-2025-31409 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a. | |
| CVE-2025-31593 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5. | |
| CVE-2025-31419 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeix Churel allows DOM-Based XSS.This issue affects Churel: from n/a through 1.0.8. | |
| CVE-2025-22278 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1… | |
| CVE-2025-26737 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.… | |
| CVE-2025-30893 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: … | |
| CVE-2025-26747 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.… | |
| CVE-2025-26739 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1. | |
| CVE-2025-25084 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antrouss UniTimetable unitimetable allows Stored XSS.This issue affects UniTimetable: from n/a th… | |
| CVE-2025-23763 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0. | |
| CVE-2025-27016 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Drivr Lite – Google Drive Plugin allows Stored XSS. This issue affects Drivr Lite – Googl… | |
| CVE-2025-22650 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Sma… | |
| CVE-2025-1211 | medium | 6.5 | 6.5 | 1y ago | Server-side Request Forgery (SSRF) in hackney | |
| CVE-2025-24643 | medium | 6.5 | 6.5 | 1y ago | Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a thr… | |
| CVE-2025-23907 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2. | |
| CVE-2025-23824 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io … | |
| CVE-2025-23816 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n… | |
| CVE-2025-23772 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petulla’ imaGenius imagenius allows Stored XSS.This issue affects imaGenius: from n/a thr… | |
| CVE-2025-23444 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Scroll Top Advanced scroll-top-advanced allows Stored XSS.This issue affects Scroll T… | |
| CVE-2025-23434 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viher3 Easy EU Cookie law easy-eu-cookie-law allows Stored XSS.This issue affects Easy EU Cookie … | |
| CVE-2025-22365 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a thr… | |
| CVE-2025-22354 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4. | |
| CVE-2025-22334 | medium | 6.5 | 6.5 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0… | |
| CVE-2025-36126 | medium | 6.4 | 6.4 | 1d ago | IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows… | |
| CVE-2025-58713 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during b… | |
| CVE-2025-57854 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during buil… | |
| CVE-2025-57853 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain … | |
| CVE-2025-57847 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the bui… | |
| CVE-2025-46256 | medium | 6.4 | 6.4 | 5mo ago | Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. | |
| CVE-2025-12915 | medium | 6.4 | 6.4 | 7mo ago | A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack require… | |
| CVE-2025-9806 | medium | 6.4 | 6.4 | 9mo ago | A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with t… | |
| CVE-2025-9382 | medium | 6.4 | 6.4 | 9mo ago | A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1_rf_test_config of the component Telnet Sevice. Executing manipulatio… | |
| CVE-2025-7213 | medium | 6.4 | 6.4 | 11mo ago | A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and t… | |
| CVE-2025-5715 | medium | 6.4 | 6.4 | 1y ago | A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipula… | |
| CVE-2025-24606 | medium | 6.4 | 6.4 | 1y ago | Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client I… | |
| CVE-2025-22346 | medium | 6.4 | 6.4 | 1y ago | Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 throu… | |
| CVE-2025-67031 | medium | 6.3 | 6.3 | 12d ago | ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con… | |
| CVE-2025-69443 | medium | 6.3 | 6.3 | 14d ago | Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all … | |
| CVE-2025-65416 | medium | 6.3 | 6.3 | 16d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php. | |
| CVE-2025-67886 | medium | 6.3 | 6.3 | 20d ago | Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file… | |
| CVE-2025-15597 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads… |