CVEs from 2025
Total
9,121
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.3%
% with KEV
2.0%
% with exploit
2.7%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-65122 | high | 7.5 | 7.5 | 23d ago | youtube-regex vulnerable to Regex Denial of Service | |||
| CVE-2025-31976 | high | 7.5 | 7.5 | 24d ago | HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to… | |||
| CVE-2025-71256 | high | 7.5 | 7.5 | 25d ago | In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71255 | high | 7.5 | 7.5 | 25d ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71254 | high | 7.5 | 7.5 | 25d ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71253 | high | 7.5 | 7.5 | 25d ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71252 | high | 7.5 | 7.5 | 25d ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71251 | high | 7.5 | 7.5 | 25d ago | In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-66369 | high | 7.5 | 7.5 | 25d ago | An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem… | |||
| CVE-2025-59032 | high | 7.5 | 7.5 | 26d ago | RHSA-2026:13830: dovecot security update (Important) | |||
| CVE-2025-47403 | high | 7.5 | 7.5 | 26d ago | Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | |||
| CVE-2025-47401 | high | 7.5 | 7.5 | 26d ago | Transient DOS when processing target power rate tables during channel configuration. | |||
| CVE-2025-70069 | high | 7.5 | 7.5 | 26d ago | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method | |||
| CVE-2025-63548 | high | 7.5 | 7.5 | 29d ago | An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field. | |||
| CVE-2025-63547 | high | 7.5 | 7.5 | 29d ago | An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field | |||
| CVE-2025-36180 | high | 7.5 | 7.5 | 1mo ago | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | |||
| CVE-2025-56568 | high | 7.5 | 7.5 | 1mo ago | Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial … | |||
| CVE-2025-46115 | high | 7.5 | 7.5 | 1mo ago | An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request | |||
| CVE-2025-51846 | high | 7.5 | 7.5 | 1mo ago | CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2. | |||
| CVE-2025-67223 | high | 7.5 | 7.5 | 1mo ago | The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthen… | |||
| CVE-2025-48431 | high | 7.5 | 7.5 | 1mo ago | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, w… | |||
| CVE-2025-69428 | high | 7.5 | 7.5 | 1mo ago | An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. | |||
| CVE-2025-67805 | high | 7.5 | 7.5 | 2mo ago | A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table … | |||
| CVE-2025-59028 | high | 7.5 | 7.5 | 2mo ago | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable serv… | |||
| CVE-2025-70034 | high | 7.5 | 7.5 | 3mo ago | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. | |||
| CVE-2025-69340 | high | 7.5 | 7.5 | 3mo ago | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2025-63912 | high | 7.5 | 7.5 | 3mo ago | Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose… | |||
| CVE-2025-69373 | high | 7.5 | 7.5 | 3mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-69298 | high | 7.5 | 7.5 | 3mo ago | Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. | |||
| CVE-2025-68841 | high | 7.5 | 7.5 | 3mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder topper-pa… | |||
| CVE-2025-68834 | high | 7.5 | 7.5 | 3mo ago | Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Contro… | |||
| CVE-2025-69421 | high | 7.5 | 7.5 | 4mo ago | Important: openssl security update | |||
| CVE-2025-69420 | high | 7.5 | 7.5 | 4mo ago | Important: openssl security update | |||
| CVE-2025-13836 | high | 7.5 | 7.5 | 4mo ago | RHSA-2026:2419: python3.12 security update (Moderate) | |||
| CVE-2025-68907 | high | 7.5 | 7.5 | 4mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= … | |||
| CVE-2025-71066 | high | 7.5 | 7.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: Th… | |||
| CVE-2025-46255 | high | 7.5 | 7.5 | 5mo ago | Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | |||
| CVE-2025-68850 | high | 7.5 | 7.5 | 5mo ago | Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a thr… | |||
| CVE-2025-15456 | high | 7.5 | 7.5 | 5mo ago | A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation le… | |||
| CVE-2025-15126 | high | 7.5 | 7.5 | 5mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the arg… | |||
| CVE-2025-65857 | high | 7.5 | 7.5 | 5mo ago | An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct una… | |||
| CVE-2025-60078 | high | 7.5 | 7.5 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File… | |||
| CVE-2025-58938 | high | 7.5 | 7.5 | 5mo ago | Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2… | |||
| CVE-2025-68065 | high | 7.5 | 7.5 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core allows PHP Local File Inclusion. This issue affects Hub… | |||
| CVE-2025-14521 | high | 7.5 | 7.5 | 6mo ago | A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. S… | |||
| CVE-2025-55752 | high | 7.5 | 7.5 | 6mo ago | RHSA-2025:23048: tomcat security update (Important) | |||
| CVE-2025-14206 | high | 7.5 | 7.5 | 6mo ago | A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler.… | |||
| CVE-2025-59375 | high | 7.5 | 7.5 | 6mo ago | RHSA-2026:3407: mingw-fontconfig security update (Important) | |||
| CVE-2025-13239 | high | 7.5 | 7.5 | 7mo ago | A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkou… | |||
| CVE-2025-13033 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient addres… | |||
| CVE-2025-9230 | high | 7.5 | 7.5 | 7mo ago | RHSA-2026:0337: openssl security update (Moderate) | |||
| CVE-2025-60189 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP … | |||
| CVE-2025-48330 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gra… | |||
| CVE-2025-12326 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. … | |||
| CVE-2025-12276 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation result… | |||
| CVE-2025-12270 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id… | |||
| CVE-2025-53066 | high | 7.5 | 7.5 | 7mo ago | RHSA-2025:22370: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2025-62022 | high | 7.5 | 7.5 | 7mo ago | Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4. | |||
| CVE-2025-49935 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects Wo… | |||
| CVE-2025-49925 | high | 7.5 | 7.5 | 7mo ago | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | |||
| CVE-2025-49921 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue a… | |||
| CVE-2025-48338 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local Fi… | |||
| CVE-2025-11914 | high | 7.5 | 7.5 | 8mo ago | A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulat… | |||
| CVE-2025-11026 | high | 7.5 | 7.5 | 8mo ago | A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes informat… | |||
| CVE-2025-40838 | high | 7.5 | 7.5 | 8mo ago | Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. | |||
| CVE-2025-10236 | high | 7.5 | 7.5 | 9mo ago | A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Ha… | |||
| CVE-2025-54376 | high | 7.5 | 7.5 | 9mo ago | WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly | |||
| CVE-2025-32689 | high | 7.5 | 7.5 | 9mo ago | Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2. | |||
| CVE-2025-9848 | high | 7.5 | 7.5 | 9mo ago | A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to… | |||
| CVE-2025-9805 | high | 7.5 | 7.5 | 9mo ago | A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipula… | |||
| CVE-2025-9742 | high | 7.5 | 7.5 | 9mo ago | A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass le… | |||
| CVE-2025-9461 | high | 7.5 | 7.5 | 9mo ago | A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component F… | |||
| CVE-2025-9241 | high | 7.5 | 7.5 | 9mo ago | A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been ma… | |||
| CVE-2025-49428 | high | 7.5 | 7.5 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3. | |||
| CVE-2025-48989 | high | 7.5 | 7.5 | 9mo ago | RHSA-2025:14177: tomcat security update (Important) | |||
| CVE-2025-8708 | high | 7.5 | 7.5 | 10mo ago | A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the co… | |||
| CVE-2025-8348 | high | 7.5 | 7.5 | 10mo ago | A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper auth… | |||
| CVE-2025-8260 | high | 7.5 | 7.5 | 10mo ago | A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation o… | |||
| CVE-2025-8175 | high | 7.5 | 7.5 | 10mo ago | A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the … | |||
| CVE-2025-7875 | high | 7.5 | 7.5 | 10mo ago | A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It … | |||
| CVE-2025-7754 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation… | |||
| CVE-2025-53816 | high | 7.5 | 7.5 | 11mo ago | 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Ve… | |||
| CVE-2025-52803 | high | 7.5 | 7.5 | 11mo ago | Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | |||
| CVE-2025-7626 | high | 7.5 | 7.5 | 11mo ago | A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerability is the function onlinePrevi… | |||
| CVE-2025-7616 | high | 7.5 | 7.5 | 11mo ago | A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the component Public API. The manipu… | |||
| CVE-2025-7424 | high | 7.5 | 7.5 | 11mo ago | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allow… | |||
| CVE-2025-6021 | high | 7.5 | 7.5 | 11mo ago | RHSA-2025:10698: libxml2 security update (Important) | |||
| CVE-2025-7114 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim… | |||
| CVE-2025-7103 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. … | |||
| CVE-2025-7074 | high | 7.5 | 7.5 | 11mo ago | A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulati… | |||
| CVE-2025-47627 | high | 7.5 | 7.5 | 11mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issu… | |||
| CVE-2025-6772 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of … | |||
| CVE-2025-49451 | high | 7.5 | 7.5 | 1y ago | Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects A… | |||
| CVE-2025-47572 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects… | |||
| CVE-2025-32549 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from… | |||
| CVE-2025-6052 | high | 7.5 | 7.5 | 1y ago | A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation.… | |||
| CVE-2025-5895 | high | 7.5 | 7.5 | 1y ago | A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inef… | |||
| CVE-2025-5892 | high | 7.5 | 7.5 | 1y ago | A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/pa… | |||
| CVE-2025-48261 | high | 7.5 | 7.5 | 1y ago | Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from … | |||
| CVE-2025-31635 | high | 7.5 | 7.5 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER… |