CVEs from 2025
Total
8,864
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-21666 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() w… | |||
| CVE-2025-1272 | medium | — | 5.5 | 1y ago | The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensiti… | |||
| CVE-2025-21689 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb… | |||
| CVE-2025-4526 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing passw… | |||
| CVE-2025-32873 | medium | — | 5.5 | 1y ago | An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performan… | |||
| CVE-2025-2487 | medium | — | 5.5 | 1y ago | Moderate: 389-ds-base security update | |||
| CVE-2025-46734 | medium | — | 5.5 | 1y ago | league/commonmark contains a XSS vulnerability in Attributes extension | |||
| CVE-2025-37756 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unex… | |||
| CVE-2025-23160 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system com… | |||
| CVE-2025-23143 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observ… | |||
| CVE-2025-1736 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1861 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1217 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1219 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-1734 | medium | — | 5.5 | 1y ago | RHSA-2026:2470: php:7.4 security update (Moderate) | |||
| CVE-2025-30691 | medium | — | 5.5 | 1y ago | RHSA-2025:3855: java-21-openjdk security update (Moderate) | |||
| CVE-2025-3198 | medium | 5.5 | 5.5 | 1y ago | A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objd… | |||
| CVE-2025-3196 | medium | 5.5 | 5.5 | 1y ago | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/M… | |||
| CVE-2025-31115 | medium | — | 5.5 | 1y ago | XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at lea… | |||
| CVE-2025-2786 | medium | — | 5.5 | 1y ago | Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2025-2842 | medium | — | 5.5 | 1y ago | Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2025-2926 | medium | 5.5 | 5.5 | 1y ago | A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null point… | |||
| CVE-2025-2925 | medium | 5.5 | 5.5 | 1y ago | A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem le… | |||
| CVE-2025-2924 | medium | 5.5 | 5.5 | 1y ago | A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free… | |||
| CVE-2025-2915 | medium | 5.5 | 5.5 | 1y ago | A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_… | |||
| CVE-2025-21865 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_n… | |||
| CVE-2025-21862 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-exec… | |||
| CVE-2025-21859 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a r… | |||
| CVE-2025-21845 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_… | |||
| CVE-2025-21835 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming e… | |||
| CVE-2025-21814 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all … | |||
| CVE-2025-21776 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause u… | |||
| CVE-2025-21767 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a P… | |||
| CVE-2025-21766 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it… | |||
| CVE-2025-21758 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no lon… | |||
| CVE-2025-21744 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a p… | |||
| CVE-2025-21712 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into … | |||
| CVE-2025-21711 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsock… | |||
| CVE-2025-27220 | medium | — | 5.5 | 1y ago | RHSA-2025:4063: ruby:3.1 security update (Moderate) | |||
| CVE-2025-27221 | medium | — | 5.5 | 1y ago | RHSA-2025:4063: ruby:3.1 security update (Moderate) | |||
| CVE-2025-27219 | medium | — | 5.5 | 1y ago | RHSA-2025:4063: ruby:3.1 security update (Moderate) | |||
| CVE-2025-21490 | medium | — | 5.5 | 1y ago | RHSA-2026:6435: mariadb:10.11 security update (Moderate) | |||
| CVE-2025-25184 | medium | — | 5.5 | 1y ago | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline character… | |||
| CVE-2025-25186 | medium | — | 5.5 | 1y ago | RHSA-2025:10217: ruby:3.3 security update (Moderate) | |||
| CVE-2025-24898 | medium | — | 5.5 | 1y ago | Moderate: python3.12-cryptography security update | |||
| CVE-2025-21683 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLI… | |||
| CVE-2025-21678 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtp_newlink() links the device to a list in dev_net(dev) instead of … | |||
| CVE-2025-21502 | medium | — | 5.5 | 1y ago | RHSA-2025:2615: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2025-21664 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_r… | |||
| CVE-2025-21653 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shit… | |||
| CVE-2025-21640 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' str… | |||
| CVE-2025-21639 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structu… | |||
| CVE-2025-21638 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structu… | |||
| CVE-2025-38053 | medium | — | 5.5 | 2y ago | RHSA-2025:9581: kernel-rt security update (Moderate) | |||
| CVE-2025-3633 | medium | 5.4 | 5.4 | 5d ago | IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … | |||
| CVE-2025-13167 | medium | 5.4 | 5.4 | 5d ago | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users … | |||
| CVE-2025-36145 | medium | 5.4 | 5.4 | 6d ago | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | |||
| CVE-2025-14290 | medium | 5.4 | 5.4 | 6d ago | IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th… | |||
| CVE-2025-36148 | medium | 5.4 | 5.4 | 6d ago | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo… | |||
| CVE-2025-40904 | medium | 5.4 | 5.4 | 13d ago | A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malici… | |||
| CVE-2025-62313 | medium | 5.4 | 5.4 | 18d ago | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized … | |||
| CVE-2025-62310 | medium | 5.4 | 5.4 | 18d ago | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized … | |||
| CVE-2025-12669 | medium | 5.4 | 5.4 | 18d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject … | |||
| CVE-2025-70842 | medium | 5.4 | 5.4 | 20d ago | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containin… | |||
| CVE-2025-65415 | medium | 5.4 | 5.4 | 21d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application. | |||
| CVE-2025-68604 | medium | 5.4 | 5.4 | 25d ago | Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3. | |||
| CVE-2025-31984 | medium | 5.4 | 5.4 | 26d ago | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, p… | |||
| CVE-2025-70365 | medium | 5.4 | 5.4 | 2mo ago | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user … | |||
| CVE-2025-13702 | medium | 5.4 | 5.4 | 3mo ago | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary J… | |||
| CVE-2025-70060 | medium | 5.4 | 5.4 | 3mo ago | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. | |||
| CVE-2025-15583 | medium | 5.4 | 5.4 | 3mo ago | A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. T… | |||
| CVE-2025-69300 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prem… | |||
| CVE-2025-49375 | medium | 5.4 | 5.4 | 4mo ago | Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.… | |||
| CVE-2025-69169 | medium | 5.4 | 5.4 | 5mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Me… | |||
| CVE-2025-69349 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n… | |||
| CVE-2025-69341 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2025-15437 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cro… | |||
| CVE-2025-15416 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Re… | |||
| CVE-2025-15415 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of t… | |||
| CVE-2025-15374 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of t… | |||
| CVE-2025-69032 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: … | |||
| CVE-2025-69030 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a… | |||
| CVE-2025-69029 | medium | 5.4 | 5.4 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: … | |||
| CVE-2025-69022 | medium | 5.4 | 5.4 | 5mo ago | Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2025-69021 | medium | 5.4 | 5.4 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | |||
| CVE-2025-15221 | medium | 5.4 | 5.4 | 5mo ago | A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manip… | |||
| CVE-2025-15219 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/Mac… | |||
| CVE-2025-15201 | medium | 5.4 | 5.4 | 5mo ago | A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This m… | |||
| CVE-2025-15175 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppControlle… | |||
| CVE-2025-15174 | medium | 5.4 | 5.4 | 5mo ago | A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppM… | |||
| CVE-2025-15173 | medium | 5.4 | 5.4 | 5mo ago | A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipu… | |||
| CVE-2025-15172 | medium | 5.4 | 5.4 | 5mo ago | A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The… | |||
| CVE-2025-15171 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads … | |||
| CVE-2025-15052 | medium | 5.4 | 5.4 | 5mo ago | A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastn… | |||
| CVE-2025-14748 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulatio… | |||
| CVE-2025-14662 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php of the component Update User Page. Performing manipulati… | |||
| CVE-2025-14519 | medium | 5.4 | 5.4 | 6mo ago | A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component… | |||
| CVE-2025-14221 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cr… | |||
| CVE-2025-14205 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler… | |||
| CVE-2025-14194 | medium | 5.4 | 5.4 | 6mo ago | A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument pe… |