CVEs from 2025
Total
8,875
critical
critical 1,302
high
high 1,911
medium
medium 1,940
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15250 | medium | 4.7 | 4.7 | 5mo ago | A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipula… | |||
| CVE-2025-15130 | medium | 4.7 | 4.7 | 5mo ago | A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.cl… | |||
| CVE-2025-14694 | medium | 4.7 | 4.7 | 6mo ago | A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in… | |||
| CVE-2025-14116 | medium | 4.7 | 4.7 | 6mo ago | A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument… | |||
| CVE-2025-4598 | medium | 4.7 | 4.7 | 6mo ago | Moderate: systemd security update | |||
| CVE-2025-13275 | medium | 4.7 | 4.7 | 7mo ago | A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulatio… | |||
| CVE-2025-39697 | medium | 4.7 | 4.7 | 7mo ago | RHSA-2025:21920: kernel-rt security update (Moderate) | |||
| CVE-2025-13198 | medium | 4.7 | 4.7 | 7mo ago | A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestr… | |||
| CVE-2025-12914 | medium | 4.7 | 4.7 | 7mo ago | A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the … | |||
| CVE-2025-12291 | medium | 4.7 | 4.7 | 7mo ago | A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Produ… | |||
| CVE-2025-12250 | medium | 4.7 | 4.7 | 7mo ago | A flaw has been found in OpenWGA 7.11.12 Build 737. This affects an unknown function of the file WGA.File of the component TMLScript API. Executing manipulation can lead to path traversal. It is poss… | |||
| CVE-2025-11655 | medium | 4.7 | 4.7 | 8mo ago | A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipula… | |||
| CVE-2025-11628 | medium | 4.7 | 4.7 | 8mo ago | A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inv… | |||
| CVE-2025-11286 | medium | 4.7 | 4.7 | 8mo ago | A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of… | |||
| CVE-2025-11141 | medium | 4.7 | 4.7 | 8mo ago | A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of th… | |||
| CVE-2025-11073 | medium | 4.7 | 4.7 | 8mo ago | A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Req… | |||
| CVE-2025-10774 | medium | 4.7 | 4.7 | 8mo ago | A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os co… | |||
| CVE-2025-39813 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading tra… | |||
| CVE-2025-10107 | medium | 4.7 | 4.7 | 9mo ago | A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command in… | |||
| CVE-2025-39825 | medium | 4.7 | 4.7 | 9mo ago | RHSA-2025:22388: kernel security update (Moderate) | |||
| CVE-2025-39713 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full c… | |||
| CVE-2025-39673 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can… | |||
| CVE-2025-38687 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comed… | |||
| CVE-2025-38681 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page tabl… | |||
| CVE-2025-8774 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. Th… | |||
| CVE-2025-8520 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Edito… | |||
| CVE-2025-38477 | medium | 4.7 | 4.7 | 10mo ago | RHSA-2025:15008: kernel security update (Moderate) | |||
| CVE-2025-8265 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to … | |||
| CVE-2025-8206 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to… | |||
| CVE-2025-6870 | medium | 4.7 | 4.7 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service.… | |||
| CVE-2025-38083 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the… | |||
| CVE-2025-6299 | medium | 4.7 | 4.7 | 1y ago | A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to… | |||
| CVE-2025-5695 | medium | 4.7 | 4.7 | 1y ago | A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscripti… | |||
| CVE-2025-31257 | medium | 4.7 | 4.7 | 1y ago | RHSA-2025:8046: webkit2gtk3 security update (Important) | |||
| CVE-2025-30781 | medium | 4.7 | 4.7 | 1y ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This is… | |||
| CVE-2025-21701 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered whi… | |||
| CVE-2025-38393 | medium | 4.7 | 4.7 | 3y ago | RHSA-2025:11850: kernel security update (Moderate) | |||
| CVE-2025-15645 | medium | 4.6 | 4.6 | 13d ago | Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. A… | |||
| CVE-2025-40900 | medium | 4.6 | 4.6 | 13d ago | An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal… | |||
| CVE-2025-31983 | medium | 4.6 | 4.6 | 26d ago | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-sit… | |||
| CVE-2025-31978 | medium | 4.6 | 4.6 | 26d ago | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields whic… | |||
| CVE-2025-13453 | medium | 4.6 | 4.6 | 5mo ago | A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | |||
| CVE-2025-15083 | medium | 4.6 | 4.6 | 5mo ago | A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test int… | |||
| CVE-2025-11570 | medium | 4.6 | 4.6 | 8mo ago | drupal-pattern-lab/unified-twig-extensions is vulnerable to XXS | |||
| CVE-2025-5874 | medium | 4.6 | 4.6 | 1y ago | A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handl… | |||
| CVE-2025-4877 | medium | 4.5 | 4.5 | 14d ago | Moderate: libssh security update | |||
| CVE-2025-11947 | medium | 4.5 | 4.5 | 8mo ago | A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-… | |||
| CVE-2025-10767 | medium | 4.5 | 4.5 | 8mo ago | A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handl… | |||
| CVE-2025-9474 | medium | 4.5 | 4.5 | 9mo ago | A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation resul… | |||
| CVE-2025-33221 | medium | 4.4 | 4.4 | 6d ago | NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of… | |||
| CVE-2025-11568 | medium | 4.4 | 4.4 | 14d ago | RHSA-2025:23086: luksmeta security update (Moderate) | |||
| CVE-2025-9989 | medium | 4.4 | 4.4 | 20d ago | The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output esc… | |||
| CVE-2025-36105 | medium | 4.4 | 4.4 | 3mo ago | IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | |||
| CVE-2025-14702 | medium | 4.4 | 4.4 | 6mo ago | A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path tr… | |||
| CVE-2025-14698 | medium | 4.4 | 4.4 | 6mo ago | A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation ca… | |||
| CVE-2025-8210 | medium | 4.4 | 4.4 | 10mo ago | A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.y… | |||
| CVE-2025-8207 | medium | 4.4 | 4.4 | 10mo ago | A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component… | |||
| CVE-2025-5278 | medium | 4.4 | 4.4 | 1y ago | A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafte… | |||
| CVE-2025-14481 | medium | 4.3 | 4.3 | 6d ago | The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search R… | |||
| CVE-2025-70116 | medium | 4.3 | 4.3 | 6d ago | A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media… | |||
| CVE-2025-36220 | medium | 4.3 | 4.3 | 6d ago | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, … | |||
| CVE-2025-4202 | medium | 4.3 | 4.3 | 16d ago | The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu… | |||
| CVE-2025-62311 | medium | 4.3 | 4.3 | 18d ago | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized a… | |||
| CVE-2025-13874 | medium | 4.3 | 4.3 | 18d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest … | |||
| CVE-2025-9988 | medium | 4.3 | 4.3 | 20d ago | The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This mak… | |||
| CVE-2025-15634 | medium | 4.3 | 4.3 | 23d ago | A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized… | |||
| CVE-2025-59809 | medium | 4.3 | 4.3 | 2mo ago | A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4… | |||
| CVE-2025-59031 | medium | 4.3 | 4.3 | 2mo ago | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended file… | |||
| CVE-2025-67972 | medium | 4.3 | 4.3 | 3mo ago | Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9. | |||
| CVE-2025-65717 | medium | 4.3 | 4.3 | 4mo ago | An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page. | |||
| CVE-2025-2418 | medium | 4.3 | 4.3 | 4mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before … | |||
| CVE-2025-69353 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN… | |||
| CVE-2025-69348 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2025-69346 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through <= 1.3.9.… | |||
| CVE-2025-69345 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post… | |||
| CVE-2025-69327 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manag… | |||
| CVE-2025-53344 | medium | 4.3 | 4.3 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3. | |||
| CVE-2025-31046 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a throu… | |||
| CVE-2025-49352 | medium | 4.3 | 4.3 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Acces… | |||
| CVE-2025-49340 | medium | 4.3 | 4.3 | 5mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Di… | |||
| CVE-2025-49339 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: fro… | |||
| CVE-2025-62080 | medium | 4.3 | 4.3 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects… | |||
| CVE-2025-15373 | medium | 4.3 | 4.3 | 5mo ago | A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It… | |||
| CVE-2025-69013 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1. | |||
| CVE-2025-69012 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from … | |||
| CVE-2025-15213 | medium | 4.3 | 4.3 | 5mo ago | A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The m… | |||
| CVE-2025-15156 | medium | 4.3 | 4.3 | 5mo ago | A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Sessi… | |||
| CVE-2025-15118 | medium | 4.3 | 4.3 | 5mo ago | A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulati… | |||
| CVE-2025-15106 | medium | 4.3 | 4.3 | 5mo ago | A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executin… | |||
| CVE-2025-15087 | medium | 4.3 | 4.3 | 5mo ago | A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controlle… | |||
| CVE-2025-15086 | medium | 4.3 | 4.3 | 5mo ago | A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Member… | |||
| CVE-2025-59001 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through … | |||
| CVE-2025-14531 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in… | |||
| CVE-2025-62869 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access … | |||
| CVE-2025-49350 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actio… | |||
| CVE-2025-14220 | medium | 4.3 | 4.3 | 6mo ago | A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated… | |||
| CVE-2025-14183 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipul… | |||
| CVE-2025-14105 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation … | |||
| CVE-2025-13807 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/… | |||
| CVE-2025-13804 | medium | 4.3 | 4.3 | 6mo ago | NutzBoot vulnerable to information disclosure |