CVEs from 2025
Total
9,075
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.3%
% with KEV
2.0%
% with exploit
2.7%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5780 | high | 7.5 | 7.5 | 1y ago | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The mani… | |||
| CVE-2025-5779 | high | 7.5 | 7.5 | 1y ago | A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. … | |||
| CVE-2025-5762 | high | 7.5 | 7.5 | 1y ago | A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation o… | |||
| CVE-2025-5729 | high | 7.5 | 7.5 | 1y ago | A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The… | |||
| CVE-2025-47541 | high | 7.5 | 7.5 | 1y ago | Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7. | |||
| CVE-2025-46454 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows P… | |||
| CVE-2025-39451 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n… | |||
| CVE-2025-39449 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2… | |||
| CVE-2025-39447 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: … | |||
| CVE-2025-26735 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9. | |||
| CVE-2025-39492 | high | 7.5 | 7.5 | 1y ago | Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||
| CVE-2025-0130 | high | 7.5 | 7.5 | 1y ago | A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the f… | |||
| CVE-2025-47653 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recal… | |||
| CVE-2025-39391 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce checkout-field-visibility-fo… | |||
| CVE-2025-26968 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a thr… | |||
| CVE-2025-27008 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a t… | |||
| CVE-2025-26953 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9. | |||
| CVE-2025-26730 | high | 7.5 | 7.5 | 1y ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Ema… | |||
| CVE-2025-26958 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3. | |||
| CVE-2025-26942 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1. | |||
| CVE-2025-26687 | high | 7.5 | 7.5 | 1y ago | Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-31001 | high | 7.5 | 7.5 | 1y ago | Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through <= 2.4.0. | |||
| CVE-2025-25374 | high | 7.5 | 7.5 | 1y ago | In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | |||
| CVE-2025-25372 | high | 7.5 | 7.5 | 1y ago | NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. | |||
| CVE-2025-25371 | high | 7.5 | 7.5 | 1y ago | NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||
| CVE-2025-26905 | high | 7.5 | 7.5 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <=… | |||
| CVE-2025-26760 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclus… | |||
| CVE-2025-26757 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This… | |||
| CVE-2025-24556 | high | 7.5 | 7.5 | 1y ago | Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle moowoodle allows Retrieve Embedded Sensitive Data.This issue affects MooWoodle: from n/a through <= 3.2.4. | |||
| CVE-2025-69419 | high | 7.4 | 7.4 | 4mo ago | RHSA-2026:3042: openssl security update (Moderate) | |||
| CVE-2025-11648 | high | 7.4 | 7.4 | 8mo ago | A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to se… | |||
| CVE-2025-8182 | high | 7.4 | 7.4 | 10mo ago | A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation l… | |||
| CVE-2025-6931 | high | 7.4 | 7.4 | 11mo ago | A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the c… | |||
| CVE-2025-5276 | high | 7.4 | 7.4 | 1y ago | Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function | |||
| CVE-2025-70103 | high | 7.3 | 7.3 | 4d ago | Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. | |||
| CVE-2025-70950 | high | 7.3 | 7.3 | 11d ago | An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request. | |||
| CVE-2025-51427 | high | 7.3 | 7.3 | 11d ago | An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module']. | |||
| CVE-2025-27853 | high | 7.3 | 7.3 | 17d ago | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser… | |||
| CVE-2025-61314 | high | 7.3 | 7.3 | 19d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in… | |||
| CVE-2025-61313 | high | 7.3 | 7.3 | 19d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascrip… | |||
| CVE-2025-61312 | high | 7.3 | 7.3 | 19d ago | A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in … | |||
| CVE-2025-61311 | high | 7.3 | 7.3 | 19d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t… | |||
| CVE-2025-10908 | high | 7.3 | 7.3 | 19d ago | Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security … | |||
| CVE-2025-50328 | high | 7.3 | 7.3 | 1mo ago | A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and e… | |||
| CVE-2025-7024 | high | 7.3 | 7.3 | 2mo ago | Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a u… | |||
| CVE-2025-15426 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted uplo… | |||
| CVE-2025-15264 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can… | |||
| CVE-2025-15142 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql i… | |||
| CVE-2025-15140 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation… | |||
| CVE-2025-15109 | high | 7.3 | 7.3 | 5mo ago | A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This mani… | |||
| CVE-2025-15097 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The att… | |||
| CVE-2025-15076 | high | 7.3 | 7.3 | 5mo ago | A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T… | |||
| CVE-2025-15053 | high | 7.3 | 7.3 | 5mo ago | A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can … | |||
| CVE-2025-14207 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. … | |||
| CVE-2025-14192 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth_login.php. Performing manipulation… | |||
| CVE-2025-14190 | high | 7.3 | 7.3 | 6mo ago | A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UI… | |||
| CVE-2025-14189 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql inject… | |||
| CVE-2025-14091 | high | 7.3 | 7.3 | 6mo ago | A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Produ… | |||
| CVE-2025-13792 | high | 7.3 | 7.3 | 6mo ago | A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a man… | |||
| CVE-2025-13395 | high | 7.3 | 7.3 | 6mo ago | A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results… | |||
| CVE-2025-13276 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the… | |||
| CVE-2025-13252 | high | 7.3 | 7.3 | 7mo ago | A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Databas… | |||
| CVE-2025-55449 | high | 7.3 | 7.3 | 7mo ago | AstrBot is vulnerable to RCE with hard-coded JWT signing keys | |||
| CVE-2025-13121 | high | 7.3 | 7.3 | 7mo ago | A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Su… | |||
| CVE-2025-13063 | high | 7.3 | 7.3 | 7mo ago | A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit… | |||
| CVE-2025-12342 | high | 7.3 | 7.3 | 7mo ago | A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection.… | |||
| CVE-2025-12277 | high | 7.3 | 7.3 | 7mo ago | A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argum… | |||
| CVE-2025-12248 | high | 7.3 | 7.3 | 7mo ago | A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. … | |||
| CVE-2025-11654 | high | 7.3 | 7.3 | 8mo ago | A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function of the file /log.php. Such manipu… | |||
| CVE-2025-11488 | high | 7.3 | 7.3 | 8mo ago | A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched rem… | |||
| CVE-2025-11284 | high | 7.3 | 7.3 | 8mo ago | A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of t… | |||
| CVE-2025-11135 | high | 7.3 | 7.3 | 8mo ago | A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.databa… | |||
| CVE-2025-11045 | high | 7.3 | 7.3 | 8mo ago | A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to comm… | |||
| CVE-2025-11030 | high | 7.3 | 7.3 | 8mo ago | A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php o… | |||
| CVE-2025-10973 | high | 7.3 | 7.3 | 8mo ago | A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This mani… | |||
| CVE-2025-10967 | high | 7.3 | 7.3 | 8mo ago | A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Us… | |||
| CVE-2025-10951 | high | 7.3 | 7.3 | 8mo ago | ml-logger has path traversal in the file argument | |||
| CVE-2025-10712 | high | 7.3 | 7.3 | 8mo ago | A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Us… | |||
| CVE-2025-10374 | high | 7.3 | 7.3 | 9mo ago | A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authoriz… | |||
| CVE-2025-10371 | high | 7.3 | 7.3 | 9mo ago | A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist resul… | |||
| CVE-2025-10164 | high | 7.3 | 7.3 | 9mo ago | SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor | |||
| CVE-2025-5005 | high | 7.3 | 7.3 | 9mo ago | A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulat… | |||
| CVE-2025-10116 | high | 7.3 | 7.3 | 9mo ago | A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack m… | |||
| CVE-2025-10115 | high | 7.3 | 7.3 | 9mo ago | A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The atta… | |||
| CVE-2025-9238 | high | 7.3 | 7.3 | 9mo ago | A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student L… | |||
| CVE-2025-9150 | high | 7.3 | 7.3 | 9mo ago | A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such mani… | |||
| CVE-2025-8744 | high | 7.3 | 7.3 | 10mo ago | A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injectio… | |||
| CVE-2025-8435 | high | 7.3 | 7.3 | 10mo ago | A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The… | |||
| CVE-2025-8434 | high | 7.3 | 7.3 | 10mo ago | A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID … | |||
| CVE-2025-7931 | high | 7.3 | 7.3 | 10mo ago | A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The mani… | |||
| CVE-2025-7886 | high | 7.3 | 7.3 | 10mo ago | A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the f… | |||
| CVE-2025-7801 | high | 7.3 | 7.3 | 11mo ago | A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The m… | |||
| CVE-2025-7576 | high | 7.3 | 7.3 | 11mo ago | A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16 and classified as critical. Affected by this issue is some unknown functionality of the file /priv/production/pro… | |||
| CVE-2025-7216 | high | 7.3 | 7.3 | 11mo ago | A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Ha… | |||
| CVE-2025-5878 | high | 7.3 | 7.3 | 11mo ago | A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper … | |||
| CVE-2025-6846 | high | 7.3 | 7.3 | 11mo ago | A vulnerability classified as critical has been found in code-projects Simple Forum 1.0. This affects an unknown part of the file /forum_viewfile.php. The manipulation of the argument Name leads to s… | |||
| CVE-2025-6761 | high | 7.3 | 7.3 | 11mo ago | A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \… | |||
| CVE-2025-5985 | high | 7.3 | 7.3 | 1y ago | A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authenti… | |||
| CVE-2025-5952 | high | 7.3 | 7.3 | 1y ago | A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_… | |||
| CVE-2025-5870 | high | 7.3 | 7.3 | 1y ago | A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the componen… |