CVEs from 2025
Total
11,985
critical
critical 1,301
high
high 1,894
medium
medium 1,908
low
low 193
% Critical
10.9%
% with KEV
1.5%
% with exploit
1.5%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- inventory_management_system 28
- gcp 24
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-68029 | medium | 6.3 | 6.3 | 5mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wal… | |
| CVE-2025-15453 | medium | 6.3 | 6.3 | 5mo ago | A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation … | |
| CVE-2025-15450 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Su… | |
| CVE-2025-15439 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulati… | |
| CVE-2025-15246 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argum… | |
| CVE-2025-15135 | medium | 6.3 | 6.3 | 5mo ago | A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Coo… | |
| CVE-2025-15129 | medium | 6.3 | 6.3 | 5mo ago | A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler.… | |
| CVE-2025-15098 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing … | |
| CVE-2025-15088 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation o… | |
| CVE-2025-15081 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. Th… | |
| CVE-2025-14546 | medium | 6.3 | 6.3 | 5mo ago | FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation | |
| CVE-2025-14889 | medium | 6.3 | 6.3 | 5mo ago | A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handle… | |
| CVE-2025-14780 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of th… | |
| CVE-2025-14695 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component … | |
| CVE-2025-14568 | medium | 6.3 | 6.3 | 6mo ago | A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipu… | |
| CVE-2025-14259 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id r… | |
| CVE-2025-14208 | medium | 6.3 | 6.3 | 6mo ago | A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results… | |
| CVE-2025-14204 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAut… | |
| CVE-2025-14185 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulati… | |
| CVE-2025-14184 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This m… | |
| CVE-2025-14089 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipula… | |
| CVE-2025-14088 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes impr… | |
| CVE-2025-13949 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to… | |
| CVE-2025-13875 | medium | 6.3 | 6.3 | 6mo ago | A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the comp… | |
| CVE-2025-13796 | medium | 6.3 | 6.3 | 6mo ago | A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the componen… | |
| CVE-2025-13588 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-s… | |
| CVE-2025-13268 | medium | 6.3 | 6.3 | 6mo ago | A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java… | |
| CVE-2025-13249 | medium | 6.3 | 6.3 | 6mo ago | A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface.… | |
| CVE-2025-13246 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suis… | |
| CVE-2025-13209 | medium | 6.3 | 6.3 | 6mo ago | A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPre… | |
| CVE-2025-13208 | medium | 6.3 | 6.3 | 6mo ago | A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php.… | |
| CVE-2025-13174 | medium | 6.3 | 6.3 | 7mo ago | A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component We… | |
| CVE-2025-24848 | medium | 6.3 | 6.3 | 7mo ago | Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary w… | |
| CVE-2025-12344 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such mani… | |
| CVE-2025-12266 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Perfo… | |
| CVE-2025-12249 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Tit… | |
| CVE-2025-58970 | medium | 6.3 | 6.3 | 7mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.… | |
| CVE-2025-49377 | medium | 6.3 | 6.3 | 7mo ago | Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through … | |
| CVE-2025-11649 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded … | |
| CVE-2025-11606 | medium | 6.3 | 6.3 | 8mo ago | A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing ma… | |
| CVE-2025-11445 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation r… | |
| CVE-2025-11438 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing au… | |
| CVE-2025-11320 | medium | 6.3 | 6.3 | 8mo ago | A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadControll… | |
| CVE-2025-11319 | medium | 6.3 | 6.3 | 8mo ago | A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.p… | |
| CVE-2025-11304 | medium | 6.3 | 6.3 | 8mo ago | A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross… | |
| CVE-2025-11273 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument … | |
| CVE-2025-10975 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server o… | |
| CVE-2025-10974 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such … | |
| CVE-2025-10965 | medium | 6.3 | 6.3 | 8mo ago | A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation… | |
| CVE-2025-10950 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. … | |
| CVE-2025-10787 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL… | |
| CVE-2025-10777 | medium | 6.3 | 6.3 | 8mo ago | A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path travers… | |
| CVE-2025-10763 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component… | |
| CVE-2025-10762 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the… | |
| CVE-2025-10760 | medium | 6.3 | 6.3 | 8mo ago | A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side… | |
| CVE-2025-10755 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in u… | |
| CVE-2025-10741 | medium | 6.3 | 6.3 | 8mo ago | A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument … | |
| CVE-2025-10669 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted uploa… | |
| CVE-2025-10619 | medium | 6.3 | 6.3 | 8mo ago | @sequa-ai/sequa-mcp has Command Injection vulnerability | |
| CVE-2025-10441 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. T… | |
| CVE-2025-10440 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the … | |
| CVE-2025-10433 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the arg… | |
| CVE-2025-10399 | medium | 6.3 | 6.3 | 9mo ago | A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipul… | |
| CVE-2025-10393 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes serve… | |
| CVE-2025-10247 | medium | 6.3 | 6.3 | 9mo ago | A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access contro… | |
| CVE-2025-10211 | medium | 6.3 | 6.3 | 9mo ago | A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument … | |
| CVE-2025-10197 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservi… | |
| CVE-2025-10121 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the… | |
| CVE-2025-10086 | medium | 6.3 | 6.3 | 9mo ago | A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation c… | |
| CVE-2025-10072 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper acce… | |
| CVE-2025-10071 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access control… | |
| CVE-2025-10070 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be… | |
| CVE-2025-10013 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The a… | |
| CVE-2025-9651 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results… | |
| CVE-2025-9395 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery… | |
| CVE-2025-9151 | medium | 6.3 | 6.3 | 9mo ago | A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing man… | |
| CVE-2025-9148 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component … | |
| CVE-2025-9099 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument Fi… | |
| CVE-2025-8938 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argumen… | |
| CVE-2025-8791 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argume… | |
| CVE-2025-8697 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The ma… | |
| CVE-2025-8667 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of th… | |
| CVE-2025-8665 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of th… | |
| CVE-2025-8529 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favori… | |
| CVE-2025-8517 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public an… | |
| CVE-2025-8266 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect… | |
| CVE-2025-8174 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation o… | |
| CVE-2025-8171 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation… | |
| CVE-2025-8133 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the … | |
| CVE-2025-8128 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routes\bf\prod… | |
| CVE-2025-7798 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/sy… | |
| CVE-2025-7487 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability, which was classified as critical, was found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the fil… | |
| CVE-2025-7452 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api… | |
| CVE-2025-7156 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument … | |
| CVE-2025-6883 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability classified as critical was found in code-projects Staff Audit System 1.0. This vulnerability affects unknown code of the file /update_index.php. The manipulation of the argument updat… | |
| CVE-2025-6839 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the fil… | |
| CVE-2025-6774 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argumen… | |
| CVE-2025-6768 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalService… | |
| CVE-2025-6767 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file Docto… | |
| CVE-2025-6753 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in huija bicycleSharingServer 1.0 and classified as critical. This issue affects the function selectAdminByNameLike of the file AdminController.java. The manipulation leads … |