CVEs from 2025
Total
8,864
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-21663 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SI… | |||
| CVE-2025-0677 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |||
| CVE-2025-23419 | medium | — | 5.5 | 1y ago | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. Thi… | |||
| CVE-2025-4526 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing passw… | |||
| CVE-2025-32873 | medium | — | 5.5 | 1y ago | An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performan… | |||
| CVE-2025-2487 | medium | — | 5.5 | 1y ago | Moderate: 389-ds-base security update | |||
| CVE-2025-46734 | medium | — | 5.5 | 1y ago | league/commonmark contains a XSS vulnerability in Attributes extension | |||
| CVE-2025-37756 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unex… | |||
| CVE-2025-23160 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system com… | |||
| CVE-2025-23143 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observ… | |||
| CVE-2025-1734 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1219 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1736 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1217 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1861 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-30691 | medium | — | 5.5 | 1y ago | RHSA-2025:3855: java-21-openjdk security update (Moderate) | |||
| CVE-2025-3198 | medium | 5.5 | 5.5 | 1y ago | A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objd… | |||
| CVE-2025-3196 | medium | 5.5 | 5.5 | 1y ago | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/M… | |||
| CVE-2025-31115 | medium | — | 5.5 | 1y ago | XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at lea… | |||
| CVE-2025-2786 | medium | — | 5.5 | 1y ago | Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2025-2842 | medium | — | 5.5 | 1y ago | Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2025-2926 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null point… | |||
| CVE-2025-2925 | medium | 5.5 | 5.5 | 1y ago | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem le… | |||
| CVE-2025-2924 | medium | 5.5 | 5.5 | 1y ago | A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free… | |||
| CVE-2025-2915 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_… | |||
| CVE-2025-21865 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_n… | |||
| CVE-2025-21862 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-exec… | |||
| CVE-2025-21859 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a r… | |||
| CVE-2025-21845 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_… | |||
| CVE-2025-21835 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming e… | |||
| CVE-2025-21814 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all … | |||
| CVE-2025-21776 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause u… | |||
| CVE-2025-21767 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a P… | |||
| CVE-2025-21766 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it… | |||
| CVE-2025-21758 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no lon… | |||
| CVE-2025-21744 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a p… | |||
| CVE-2025-21712 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into … | |||
| CVE-2025-21711 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsock… | |||
| CVE-2025-27219 | medium | — | 5.5 | 1y ago | RHSA-2025:4063: ruby:3.1 security update (Moderate) | |||
| CVE-2025-27221 | medium | — | 5.5 | 1y ago | RHSA-2025:4063: ruby:3.1 security update (Moderate) | |||
| CVE-2025-27220 | medium | — | 5.5 | 1y ago | RHSA-2025:4063: ruby:3.1 security update (Moderate) | |||
| CVE-2025-21490 | medium | — | 5.5 | 1y ago | RHSA-2026:6435: mariadb:10.11 security update (Moderate) | |||
| CVE-2025-25184 | medium | — | 5.5 | 1y ago | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline character… | |||
| CVE-2025-25186 | medium | — | 5.5 | 1y ago | RHSA-2025:10217: ruby:3.3 security update (Moderate) | |||
| CVE-2025-24898 | medium | — | 5.5 | 1y ago | Moderate: python3.12-cryptography security update | |||
| CVE-2025-21683 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLI… | |||
| CVE-2025-21678 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtp_newlink() links the device to a list in dev_net(dev) instead of … | |||
| CVE-2025-21502 | medium | — | 5.5 | 1y ago | RHSA-2025:2615: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2025-21664 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_r… | |||
| CVE-2025-21653 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shit… | |||
| CVE-2025-21640 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' str… | |||
| CVE-2025-21639 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structu… | |||
| CVE-2025-21638 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structu… | |||
| CVE-2025-38053 | medium | — | 5.5 | 2y ago | RHSA-2025:9581: kernel-rt security update (Moderate) | |||
| CVE-2025-3633 | medium | 5.4 | 5.4 | 5d ago | IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … | |||
| CVE-2025-13167 | medium | 5.4 | 5.4 | 5d ago | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users … | |||
| CVE-2025-36145 | medium | 5.4 | 5.4 | 6d ago | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | |||
| CVE-2025-14290 | medium | 5.4 | 5.4 | 6d ago | IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th… | |||
| CVE-2025-36148 | medium | 5.4 | 5.4 | 6d ago | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo… | |||
| CVE-2025-40904 | medium | 5.4 | 5.4 | 13d ago | A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malici… | |||
| CVE-2025-62313 | medium | 5.4 | 5.4 | 18d ago | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized … | |||
| CVE-2025-62310 | medium | 5.4 | 5.4 | 18d ago | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized … | |||
| CVE-2025-12669 | medium | 5.4 | 5.4 | 18d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject … | |||
| CVE-2025-70842 | medium | 5.4 | 5.4 | 20d ago | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containin… | |||
| CVE-2025-65415 | medium | 5.4 | 5.4 | 21d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application. | |||
| CVE-2025-68604 | medium | 5.4 | 5.4 | 25d ago | Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3. | |||
| CVE-2025-31984 | medium | 5.4 | 5.4 | 26d ago | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, p… | |||
| CVE-2025-70365 | medium | 5.4 | 5.4 | 2mo ago | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user … | |||
| CVE-2025-13702 | medium | 5.4 | 5.4 | 3mo ago | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary J… | |||
| CVE-2025-70060 | medium | 5.4 | 5.4 | 3mo ago | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. | |||
| CVE-2025-15583 | medium | 5.4 | 5.4 | 3mo ago | A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. T… | |||
| CVE-2025-69300 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prem… | |||
| CVE-2025-49375 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.… | |||
| CVE-2025-69169 | medium | 5.4 | 5.4 | 5mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Me… | |||
| CVE-2025-69349 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n… | |||
| CVE-2025-69341 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2025-15437 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cro… | |||
| CVE-2025-15416 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Re… | |||
| CVE-2025-15415 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of t… | |||
| CVE-2025-15374 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of t… | |||
| CVE-2025-69032 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: … | |||
| CVE-2025-69030 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a… | |||
| CVE-2025-69029 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: … | |||
| CVE-2025-69022 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2025-69021 | medium | 5.4 | 5.4 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | |||
| CVE-2025-15221 | medium | 5.4 | 5.4 | 5mo ago | A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manip… | |||
| CVE-2025-15219 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/Mac… | |||
| CVE-2025-15201 | medium | 5.4 | 5.4 | 5mo ago | A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This m… | |||
| CVE-2025-15175 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppControlle… | |||
| CVE-2025-15174 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppM… | |||
| CVE-2025-15173 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipu… | |||
| CVE-2025-15172 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The… | |||
| CVE-2025-15171 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads … | |||
| CVE-2025-15052 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastn… | |||
| CVE-2025-14748 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulatio… | |||
| CVE-2025-14662 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php of the component Update User Page. Performing manipulati… | |||
| CVE-2025-14519 | medium | 5.4 | 5.4 | 6mo ago | A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component… | |||
| CVE-2025-14221 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cr… | |||
| CVE-2025-14205 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler… | |||
| CVE-2025-14194 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument pe… |