CVEs from 2025
Total
8,872
critical
critical 1,302
high
high 1,912
medium
medium 1,939
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13802 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was determined in jairiidriss RestaurantWebsite up to e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. Impacted is an unknown function of the component Make a Reservation. This manipulation … | |||
| CVE-2025-13793 | medium | 4.3 | 4.3 | 6mo ago | A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_me… | |||
| CVE-2025-13118 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in… | |||
| CVE-2025-12917 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to… | |||
| CVE-2025-12626 | medium | 4.3 | 4.3 | 7mo ago | A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Perfo… | |||
| CVE-2025-58939 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5. | |||
| CVE-2025-12304 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the componen… | |||
| CVE-2025-12297 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be lau… | |||
| CVE-2025-12290 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359.… | |||
| CVE-2025-12289 | medium | 4.3 | 4.3 | 7mo ago | A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/ind… | |||
| CVE-2025-12267 | medium | 4.3 | 4.3 | 7mo ago | A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. Th… | |||
| CVE-2025-58918 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7. | |||
| CVE-2025-62958 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Con… | |||
| CVE-2025-12202 | medium | 4.3 | 4.3 | 7mo ago | A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation resu… | |||
| CVE-2025-49937 | medium | 4.3 | 4.3 | 7mo ago | Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash… | |||
| CVE-2025-49922 | medium | 4.3 | 4.3 | 7mo ago | Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetche… | |||
| CVE-2025-49907 | medium | 4.3 | 4.3 | 7mo ago | Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/… | |||
| CVE-2025-49373 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Po… | |||
| CVE-2025-43368 | medium | 4.3 | 4.3 | 8mo ago | RHSA-2025:17802: webkit2gtk3 security update (Important) | |||
| CVE-2025-54196 | medium | 4.3 | 4.3 | 8mo ago | Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicio… | |||
| CVE-2025-11442 | medium | 4.3 | 4.3 | 8mo ago | A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. … | |||
| CVE-2025-11440 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be execut… | |||
| CVE-2025-11439 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote e… | |||
| CVE-2025-11406 | medium | 4.3 | 4.3 | 8mo ago | A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangq… | |||
| CVE-2025-11321 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookCont… | |||
| CVE-2025-11291 | medium | 4.3 | 4.3 | 8mo ago | A security flaw has been discovered in ixmaps website2017 up to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0. This impacts an unknown function of the file /map.php of the component HTTP GET Request Handl… | |||
| CVE-2025-11278 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in AllStarLink Supermon up to 6.2. This vulnerability affects unknown code of the component AllMon2. The manipulation leads to cross site scripting. The att… | |||
| CVE-2025-11125 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.… | |||
| CVE-2025-11080 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/… | |||
| CVE-2025-11034 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of t… | |||
| CVE-2025-11016 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of th… | |||
| CVE-2025-60143 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69. | |||
| CVE-2025-58246 | medium | 4.3 | 4.3 | 8mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on … | |||
| CVE-2025-10822 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authori… | |||
| CVE-2025-10821 | medium | 4.3 | 4.3 | 8mo ago | A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorizati… | |||
| CVE-2025-10820 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can… | |||
| CVE-2025-10819 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper … | |||
| CVE-2025-58016 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from … | |||
| CVE-2025-57978 | medium | 4.3 | 4.3 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects A… | |||
| CVE-2025-57924 | medium | 4.3 | 4.3 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. | |||
| CVE-2025-53452 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3. | |||
| CVE-2025-10766 | medium | 4.3 | 4.3 | 8mo ago | A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path… | |||
| CVE-2025-10711 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Na… | |||
| CVE-2025-10710 | medium | 4.3 | 4.3 | 9mo ago | A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The … | |||
| CVE-2025-10676 | medium | 4.3 | 4.3 | 9mo ago | A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The a… | |||
| CVE-2025-10675 | medium | 4.3 | 4.3 | 9mo ago | A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper author… | |||
| CVE-2025-10674 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper aut… | |||
| CVE-2025-10485 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function ppt_log of the file /login of the component HTTP Header Handler.… | |||
| CVE-2025-10422 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler.… | |||
| CVE-2025-10386 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the a… | |||
| CVE-2025-10245 | medium | 4.3 | 4.3 | 9mo ago | A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulati… | |||
| CVE-2025-10233 | medium | 4.3 | 4.3 | 9mo ago | A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument … | |||
| CVE-2025-10229 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect… | |||
| CVE-2025-10084 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to im… | |||
| CVE-2025-10073 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possi… | |||
| CVE-2025-58800 | medium | 4.3 | 4.3 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through <= 2.8.5. | |||
| CVE-2025-58794 | medium | 4.3 | 4.3 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from … | |||
| CVE-2025-9936 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack … | |||
| CVE-2025-9836 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authori… | |||
| CVE-2025-9835 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorizatio… | |||
| CVE-2025-49405 | medium | 4.3 | 4.3 | 9mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: f… | |||
| CVE-2025-48350 | medium | 4.3 | 4.3 | 9mo ago | Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from … | |||
| CVE-2025-9263 | medium | 4.3 | 4.3 | 10mo ago | xxl-job Vulnerable to Resource Injection and Authorization Bypass Through User-Controlled Key | |||
| CVE-2025-9240 | medium | 4.3 | 4.3 | 10mo ago | A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The a… | |||
| CVE-2025-9108 | medium | 4.3 | 4.3 | 10mo ago | Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely. | |||
| CVE-2025-9094 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements us… | |||
| CVE-2025-8991 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler… | |||
| CVE-2025-8852 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to informat… | |||
| CVE-2025-8814 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipul… | |||
| CVE-2025-8808 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component… | |||
| CVE-2025-8793 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to… | |||
| CVE-2025-8792 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security… | |||
| CVE-2025-8790 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. T… | |||
| CVE-2025-8789 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The man… | |||
| CVE-2025-8772 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of… | |||
| CVE-2025-8739 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument ta… | |||
| CVE-2025-8505 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cr… | |||
| CVE-2025-8335 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possi… | |||
| CVE-2025-8223 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTy… | |||
| CVE-2025-7938 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads t… | |||
| CVE-2025-7907 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml o… | |||
| CVE-2025-7834 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. I… | |||
| CVE-2025-7785 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.j… | |||
| CVE-2025-7763 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.… | |||
| CVE-2025-7756 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to… | |||
| CVE-2025-7625 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download… | |||
| CVE-2025-7579 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular… | |||
| CVE-2025-7567 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type le… | |||
| CVE-2025-7488 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the f… | |||
| CVE-2025-7078 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-29001 | medium | 4.3 | 4.3 | 11mo ago | Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: … | |||
| CVE-2025-6951 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default cred… | |||
| CVE-2025-6866 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argum… | |||
| CVE-2025-6865 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request f… | |||
| CVE-2025-6864 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to … | |||
| CVE-2025-6854 | medium | 4.3 | 4.3 | 11mo ago | Langchain-Chatchat vulnerable to path traversal | |||
| CVE-2025-6664 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forger… | |||
| CVE-2025-6552 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of … | |||
| CVE-2025-6532 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint… | |||
| CVE-2025-6531 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The mani… |