CVEs from 2025
Total
8,888
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.6%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7452 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api… | |||
| CVE-2025-7156 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument … | |||
| CVE-2025-6883 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability classified as critical was found in code-projects Staff Audit System 1.0. This vulnerability affects unknown code of the file /update_index.php. The manipulation of the argument updat… | |||
| CVE-2025-6839 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the fil… | |||
| CVE-2025-6774 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argumen… | |||
| CVE-2025-6768 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalService… | |||
| CVE-2025-6767 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file Docto… | |||
| CVE-2025-6753 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in huija bicycleSharingServer 1.0 and classified as critical. This issue affects the function selectAdminByNameLike of the file AdminController.java. The manipulation leads … | |||
| CVE-2025-6749 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of… | |||
| CVE-2025-6738 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUs… | |||
| CVE-2025-6731 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Ha… | |||
| CVE-2025-6518 | medium | 6.3 | 6.3 | 11mo ago | pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function | |||
| CVE-2025-6485 | medium | 6.3 | 6.3 | 11mo ago | A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulatio… | |||
| CVE-2025-6281 | medium | 6.3 | 6.3 | 1y ago | A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads… | |||
| CVE-2025-6142 | medium | 6.3 | 6.3 | 1y ago | A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 le… | |||
| CVE-2025-6108 | medium | 6.3 | 6.3 | 1y ago | A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function waterm… | |||
| CVE-2025-6100 | medium | 6.3 | 6.3 | 1y ago | A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument so… | |||
| CVE-2025-5873 | medium | 6.3 | 6.3 | 1y ago | A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manip… | |||
| CVE-2025-5836 | medium | 6.3 | 6.3 | 1y ago | A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. Th… | |||
| CVE-2025-5783 | medium | 6.3 | 6.3 | 1y ago | A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argu… | |||
| CVE-2025-5782 | medium | 6.3 | 6.3 | 1y ago | A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.… | |||
| CVE-2025-30981 | medium | 6.3 | 6.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14. | |||
| CVE-2025-5145 | medium | 6.3 | 6.3 | 1y ago | A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the … | |||
| CVE-2025-26940 | medium | 6.3 | 6.3 | 1y ago | Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||
| CVE-2025-22698 | medium | 6.3 | 6.3 | 1y ago | Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility S… | |||
| CVE-2025-14693 | medium | 6.2 | 6.2 | 6mo ago | A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed d… | |||
| CVE-2025-12464 | medium | 6.2 | 6.2 | 7mo ago | A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems… | |||
| CVE-2025-9769 | medium | 6.2 | 6.2 | 9mo ago | A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345… | |||
| CVE-2025-0395 | medium | 6.2 | 6.2 | 1y ago | RHSA-2025:3828: glibc security update (Moderate) | |||
| CVE-2025-3359 | medium | 6.2 | 6.2 | 1y ago | A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. | |||
| CVE-2025-66593 | medium | 6.1 | 6.1 | 4d ago | An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation. | |||
| CVE-2025-66592 | medium | 6.1 | 6.1 | 4d ago | An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation. | |||
| CVE-2025-13593 | medium | 6.1 | 6.1 | 4d ago | Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing. | |||
| CVE-2025-65954 | medium | 6.1 | 6.1 | 16d ago | SimpleSAMLphp casserver: Open Redirect in logout | |||
| CVE-2025-15345 | medium | 6.1 | 6.1 | 17d ago | The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.2… | |||
| CVE-2025-65417 | medium | 6.1 | 6.1 | 20d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application. | |||
| CVE-2025-61310 | medium | 6.1 | 6.1 | 20d ago | A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in… | |||
| CVE-2025-61309 | medium | 6.1 | 6.1 | 20d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript… | |||
| CVE-2025-61308 | medium | 6.1 | 6.1 | 20d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript… | |||
| CVE-2025-61307 | medium | 6.1 | 6.1 | 20d ago | A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t… | |||
| CVE-2025-61306 | medium | 6.1 | 6.1 | 20d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr… | |||
| CVE-2025-61305 | medium | 6.1 | 6.1 | 20d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in… | |||
| CVE-2025-67202 | medium | 6.1 | 6.1 | 25d ago | Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL | |||
| CVE-2025-59854 | medium | 6.1 | 6.1 | 25d ago | HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b… | |||
| CVE-2025-31970 | medium | 6.1 | 6.1 | 25d ago | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could al… | |||
| CVE-2025-61669 | medium | 6.1 | 6.1 | 26d ago | Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red… | |||
| CVE-2025-69606 | medium | 6.1 | 6.1 | 1mo ago | Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-suppli… | |||
| CVE-2025-56537 | medium | 6.1 | 6.1 | 1mo ago | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual… | |||
| CVE-2025-56536 | medium | 6.1 | 6.1 | 1mo ago | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter. | |||
| CVE-2025-56535 | medium | 6.1 | 6.1 | 1mo ago | A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter. | |||
| CVE-2025-56534 | medium | 6.1 | 6.1 | 1mo ago | A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2025-10503 | medium | 6.1 | 6.1 | 1mo ago | The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious Java… | |||
| CVE-2025-41011 | medium | 6.1 | 6.1 | 1mo ago | HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a req… | |||
| CVE-2025-65134 | medium | 6.1 | 6.1 | 2mo ago | In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter. | |||
| CVE-2025-62320 | medium | 6.1 | 6.1 | 3mo ago | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML c… | |||
| CVE-2025-70025 | medium | 6.1 | 6.1 | 3mo ago | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14. | |||
| CVE-2025-36173 | medium | 6.1 | 6.1 | 3mo ago | Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 | |||
| CVE-2025-15223 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument… | |||
| CVE-2025-15258 | medium | 6.1 | 6.1 | 5mo ago | A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. … | |||
| CVE-2025-15220 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in… | |||
| CVE-2025-15170 | medium | 6.1 | 6.1 | 5mo ago | A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The man… | |||
| CVE-2025-15145 | medium | 6.1 | 6.1 | 5mo ago | A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. … | |||
| CVE-2025-15144 | medium | 6.1 | 6.1 | 5mo ago | A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handle… | |||
| CVE-2025-15094 | medium | 6.1 | 6.1 | 5mo ago | A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserCo… | |||
| CVE-2025-15093 | medium | 6.1 | 6.1 | 5mo ago | A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/Ind… | |||
| CVE-2025-14962 | medium | 6.1 | 6.1 | 5mo ago | A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack… | |||
| CVE-2025-14691 | medium | 6.1 | 6.1 | 6mo ago | A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be … | |||
| CVE-2025-14692 | medium | 6.1 | 6.1 | 6mo ago | A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the atta… | |||
| CVE-2025-14580 | medium | 6.1 | 6.1 | 6mo ago | A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such… | |||
| CVE-2025-14284 | medium | 6.1 | 6.1 | 6mo ago | @tiptap/extension-link vulnerable to Cross-site Scripting (XSS) | |||
| CVE-2025-14200 | medium | 6.1 | 6.1 | 6mo ago | A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of… | |||
| CVE-2025-14007 | medium | 6.1 | 6.1 | 6mo ago | A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The m… | |||
| CVE-2025-14006 | medium | 6.1 | 6.1 | 6mo ago | A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page… | |||
| CVE-2025-14005 | medium | 6.1 | 6.1 | 6mo ago | A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of … | |||
| CVE-2025-13484 | medium | 6.1 | 6.1 | 6mo ago | A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the … | |||
| CVE-2025-13412 | medium | 6.1 | 6.1 | 6mo ago | A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing a manipulatio… | |||
| CVE-2025-13244 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability was determined in code-projects Student Information System 2.0. The affected element is an unknown function of the file /register.php. This manipulation causes cross site scripting. I… | |||
| CVE-2025-12335 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the arg… | |||
| CVE-2025-12334 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost r… | |||
| CVE-2025-12333 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address l… | |||
| CVE-2025-12302 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/… | |||
| CVE-2025-12300 | medium | 6.1 | 6.1 | 7mo ago | A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname cause… | |||
| CVE-2025-12299 | medium | 6.1 | 6.1 | 7mo ago | A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/categ… | |||
| CVE-2025-12298 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site… | |||
| CVE-2025-12246 | medium | 6.1 | 6.1 | 7mo ago | A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface.… | |||
| CVE-2025-12244 | medium | 6.1 | 6.1 | 7mo ago | A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to … | |||
| CVE-2025-56008 | medium | 6.1 | 6.1 | 7mo ago | Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permi… | |||
| CVE-2025-34512 | medium | 6.1 | 6.1 | 8mo ago | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in… | |||
| CVE-2025-11663 | medium | 6.1 | 6.1 | 8mo ago | A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the ar… | |||
| CVE-2025-52650 | medium | 6.1 | 6.1 | 8mo ago | Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 | |||
| CVE-2025-11512 | medium | 6.1 | 6.1 | 8mo ago | A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/voters_add.php. The manipulation of the argument Firstname/Lastna… | |||
| CVE-2025-11435 | medium | 6.1 | 6.1 | 8mo ago | A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross si… | |||
| CVE-2025-11433 | medium | 6.1 | 6.1 | 8mo ago | A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Par… | |||
| CVE-2025-11390 | medium | 6.1 | 6.1 | 8mo ago | A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handl… | |||
| CVE-2025-11332 | medium | 6.1 | 6.1 | 8mo ago | A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF… | |||
| CVE-2025-11306 | medium | 6.1 | 6.1 | 8mo ago | A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the argument keyword results in cro… | |||
| CVE-2025-11282 | medium | 6.1 | 6.1 | 8mo ago | A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scri… | |||
| CVE-2025-11119 | medium | 6.1 | 6.1 | 8mo ago | A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing man… | |||
| CVE-2025-11112 | medium | 6.1 | 6.1 | 8mo ago | A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First na… | |||
| CVE-2025-10827 | medium | 6.1 | 6.1 | 8mo ago | A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme ca… |