CVEs from 2025
Total
8,855
critical
critical 1,302
high
high 1,904
medium
medium 1,927
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-57976 | medium | 5.3 | 5.3 | 8mo ago | Missing Authorization vulnerability in CardCom CardCom Payment Gateway woo-cardcom-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CardCom P… | |||
| CVE-2025-10722 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation result… | |||
| CVE-2025-10721 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper expor… | |||
| CVE-2025-10718 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of andr… | |||
| CVE-2025-10717 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.ca… | |||
| CVE-2025-10716 | medium | 5.3 | 5.3 | 9mo ago | A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Exe… | |||
| CVE-2025-10715 | medium | 5.3 | 5.3 | 9mo ago | A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edica… | |||
| CVE-2025-32989 | medium | 5.3 | 5.3 | 9mo ago | Moderate: gnutls security, bug fix, and enhancement update | |||
| CVE-2025-10273 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path trave… | |||
| CVE-2025-10195 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to impr… | |||
| CVE-2025-5500 | medium | 5.3 | 5.3 | 9mo ago | A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipula… | |||
| CVE-2025-53348 | medium | 5.3 | 5.3 | 9mo ago | Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3. | |||
| CVE-2025-9741 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /login_query12.php. This manipulation of the argument ID caus… | |||
| CVE-2025-9673 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kaka… | |||
| CVE-2025-9672 | medium | 5.3 | 5.3 | 9mo ago | A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulat… | |||
| CVE-2025-9671 | medium | 5.3 | 5.3 | 9mo ago | A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation c… | |||
| CVE-2025-58201 | medium | 5.3 | 5.3 | 9mo ago | Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking aftership-woocommerce-tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Afte… | |||
| CVE-2025-48081 | medium | 5.3 | 5.3 | 9mo ago | Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | |||
| CVE-2025-49896 | medium | 5.3 | 5.3 | 10mo ago | Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus – Supports Unlimited Channels allows Cross Site Request Forgery. This issue affects WP Discord Post Plus – Supports … | |||
| CVE-2025-9157 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing… | |||
| CVE-2025-9098 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to imprope… | |||
| CVE-2025-9097 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the c… | |||
| CVE-2025-8736 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads t… | |||
| CVE-2025-8585 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The… | |||
| CVE-2025-8524 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the componen… | |||
| CVE-2025-8523 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.… | |||
| CVE-2025-8513 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. … | |||
| CVE-2025-8512 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the compon… | |||
| CVE-2025-8275 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml o… | |||
| CVE-2025-8267 | medium | 5.3 | 5.3 | 10mo ago | ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid | |||
| CVE-2025-8258 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidMani… | |||
| CVE-2025-8257 | medium | 5.3 | 5.3 | 10mo ago | A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of t… | |||
| CVE-2025-7940 | medium | 5.3 | 5.3 | 11mo ago | A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest… | |||
| CVE-2025-40742 | medium | 5.3 | 5.3 | 11mo ago | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V11.0), SIPROTEC 5 6MD86 (CP2… | |||
| CVE-2025-53304 | medium | 5.3 | 5.3 | 11mo ago | Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message contact-form-7-hide-success-message allows Accessing Functionality Not Properly Constrained by ACLs.This issue aff… | |||
| CVE-2025-53211 | medium | 5.3 | 5.3 | 11mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Retrieve Embedded Sensitive Data.This… | |||
| CVE-2025-6702 | medium | 5.3 | 5.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComme… | |||
| CVE-2025-6526 | medium | 5.3 | 5.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to i… | |||
| CVE-2025-49991 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14. | |||
| CVE-2025-6270 | medium | 5.3 | 5.3 | 1y ago | A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads t… | |||
| CVE-2025-6269 | medium | 5.3 | 5.3 | 1y ago | A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to he… | |||
| CVE-2025-6120 | medium | 5.3 | 5.3 | 1y ago | A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/Ha… | |||
| CVE-2025-6119 | medium | 5.3 | 5.3 | 1y ago | A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib… | |||
| CVE-2025-49509 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio … | |||
| CVE-2025-5899 | medium | 5.3 | 5.3 | 1y ago | A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp… | |||
| CVE-2025-5898 | medium | 5.3 | 5.3 | 1y ago | A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The m… | |||
| CVE-2025-5891 | medium | 5.3 | 5.3 | 1y ago | pm2 Regular Expression Denial of Service vulnerability | |||
| CVE-2025-48337 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3. | |||
| CVE-2025-39498 | medium | 5.3 | 5.3 | 1y ago | Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Med… | |||
| CVE-2025-39394 | medium | 5.3 | 5.3 | 1y ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a … | |||
| CVE-2025-39388 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0. | |||
| CVE-2025-39373 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16. | |||
| CVE-2025-26867 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11. | |||
| CVE-2025-48346 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed an… | |||
| CVE-2025-31630 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1. | |||
| CVE-2025-31071 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purp… | |||
| CVE-2025-31065 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4. | |||
| CVE-2025-32275 | medium | 5.3 | 5.3 | 1y ago | Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3. | |||
| CVE-2025-32257 | medium | 5.3 | 5.3 | 1y ago | Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This… | |||
| CVE-2025-31836 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a t… | |||
| CVE-2025-2913 | medium | 5.3 | 5.3 | 1y ago | A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_b… | |||
| CVE-2025-2912 | medium | 5.3 | 5.3 | 1y ago | A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the… | |||
| CVE-2025-26965 | medium | 5.3 | 5.3 | 1y ago | Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia:… | |||
| CVE-2025-22645 | medium | 5.3 | 5.3 | 1y ago | Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: f… | |||
| CVE-2025-24662 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnDash LMS: from n/a through 4.20.0.1. | |||
| CVE-2025-24628 | medium | 5.3 | 5.3 | 1y ago | Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through <= 1.78. | |||
| CVE-2025-22773 | medium | 5.3 | 5.3 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Exploiting Incorrectly Configured Access Con… | |||
| CVE-2025-68709 | medium | 5.2 | 5.2 | 7d ago | SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URI… | |||
| CVE-2025-27442 | medium | 5.2 | 5.2 | 1y ago | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | |||
| CVE-2025-27441 | medium | 5.2 | 5.2 | 1y ago | Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. | |||
| CVE-2025-62308 | medium | 5.1 | 5.1 | 18d ago | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details,… | |||
| CVE-2025-62305 | medium | 5.1 | 5.1 | 18d ago | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allo… | |||
| CVE-2025-10549 | medium | 5.1 | 5.1 | 1mo ago | EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in thi… | |||
| CVE-2025-36579 | medium | 5.1 | 5.1 | 2mo ago | Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leadi… | |||
| CVE-2025-27852 | medium | 5.0 | 5.0 | 19d ago | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary Jav… | |||
| CVE-2025-15222 | medium | 5.0 | 5.0 | 5mo ago | A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation l… | |||
| CVE-2025-14606 | medium | 5.0 | 5.0 | 6mo ago | A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding… | |||
| CVE-2025-14485 | medium | 5.0 | 5.0 | 6mo ago | A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handle… | |||
| CVE-2025-11281 | medium | 5.0 | 5.0 | 8mo ago | A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper… | |||
| CVE-2025-10250 | medium | 5.0 | 5.0 | 9mo ago | A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of h… | |||
| CVE-2025-9799 | medium | 5.0 | 5.0 | 9mo ago | A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter… | |||
| CVE-2025-9688 | medium | 5.0 | 5.0 | 9mo ago | A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer … | |||
| CVE-2025-4655 | medium | 5.0 | 5.0 | 10mo ago | Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery | |||
| CVE-2025-8522 | medium | 5.0 | 5.0 | 10mo ago | A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the arg… | |||
| CVE-2025-0974 | medium | 5.0 | 5.0 | 1y ago | A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument li_op/md can lead to deserializatio… | |||
| CVE-2025-69014 | medium | 4.9 | 4.9 | 5mo ago | Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.7. | |||
| CVE-2025-68463 | medium | 4.9 | 4.9 | 6mo ago | Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez | |||
| CVE-2025-61664 | medium | 4.9 | 4.9 | 7mo ago | A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when it… | |||
| CVE-2025-54771 | medium | 4.9 | 4.9 | 7mo ago | A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invali… | |||
| CVE-2025-54770 | medium | 4.9 | 4.9 | 7mo ago | A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan… | |||
| CVE-2025-12923 | medium | 4.9 | 4.9 | 7mo ago | A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argumen… | |||
| CVE-2025-12203 | medium | 4.9 | 4.9 | 7mo ago | A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation … | |||
| CVE-2025-59575 | medium | 4.9 | 4.9 | 7mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data… | |||
| CVE-2025-35112 | medium | 4.9 | 4.9 | 9mo ago | Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal … | |||
| CVE-2025-9414 | medium | 4.9 | 4.9 | 9mo ago | A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler… | |||
| CVE-2025-2559 | medium | 4.9 | 4.9 | 1y ago | Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache | |||
| CVE-2025-1686 | medium | 4.9 | 4.9 | 1y ago | Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro | |||
| CVE-2025-40903 | medium | 4.8 | 4.8 | 13d ago | A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileg… | |||
| CVE-2025-40902 | medium | 4.8 | 4.8 | 13d ago | A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a mal… | |||
| CVE-2025-40901 | medium | 4.8 | 4.8 | 13d ago | A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges ca… |