CVEs from 2025
Total
9,418
critical
critical 1,301
high
high 1,907
medium
medium 1,905
low
low 193
% Critical
13.8%
% with KEV
1.9%
% with exploit
2.0%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- inventory_management_system 28
- gcp 24
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-49697 | high | 8.4 | 8.4 | 11mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-49696 | high | 8.4 | 8.4 | 11mo ago | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-49695 | high | 8.4 | 8.4 | 11mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-47953 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-47167 | high | 8.4 | 8.4 | 1y ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-47164 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-47162 | high | 8.4 | 8.4 | 1y ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2025-40946 | high | 8.3 | 8.3 | 16d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version… | |
| CVE-2025-14341 | high | 8.3 | 8.3 | 21d ago | Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDri… | |
| CVE-2025-13779 | high | 8.3 | 8.3 | 3mo ago | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |
| CVE-2025-13777 | high | 8.3 | 8.3 | 3mo ago | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |
| CVE-2025-26969 | high | 8.3 | 8.3 | 1y ago | Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | |
| CVE-2025-26483 | high | 8.2 | 8.2 | 6d ago | Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application … | |
| CVE-2025-52644 | high | 8.2 | 8.2 | 2mo ago | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could… | |
| CVE-2025-67956 | high | 8.2 | 8.2 | 4mo ago | Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from… | |
| CVE-2025-68696 | high | 8.2 | 8.2 | 5mo ago | httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to interna… | |
| CVE-2025-32988 | high | 8.2 | 8.2 | 8mo ago | Moderate: gnutls security, bug fix, and enhancement update | |
| CVE-2025-8020 | high | 8.2 | 8.2 | 10mo ago | private-ip vulnerable to Server-Side Request Forgery | |
| CVE-2025-39536 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through … | |
| CVE-2025-39350 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | |
| CVE-2025-32119 | high | 8.2 | 8.2 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects… | |
| CVE-2025-3192 | high | 8.2 | 8.2 | 1y ago | Browsershot Server-Side Request Forgery (SSRF) via setURL() Function | |
| CVE-2025-1022 | high | 8.2 | 8.2 | 1y ago | Browsershot Path Traversal | |
| CVE-2025-13392 | high | 8.1 | 8.1 | 1d ago | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta… | |
| CVE-2025-66467 | high | 8.1 | 8.1 | 20d ago | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th… | |
| CVE-2025-66172 | high | 8.1 | 8.1 | 20d ago | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… | |
| CVE-2025-67796 | high | 8.1 | 8.1 | 24d ago | IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users | |
| CVE-2025-40897 | high | 8.1 | 8.1 | 1mo ago | An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… | |
| CVE-2025-12805 | high | 8.1 | 8.1 | 2mo ago | A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, … | |
| CVE-2025-70614 | high | 8.1 | 8.1 | 3mo ago | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to… | |
| CVE-2025-15582 | high | 8.1 | 8.1 | 3mo ago | A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the ar… | |
| CVE-2025-69043 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rash… | |
| CVE-2025-69042 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lind… | |
| CVE-2025-69040 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfre… | |
| CVE-2025-69039 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Ba… | |
| CVE-2025-49994 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athe… | |
| CVE-2025-14359 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine allows PHP Local File Inclusion. This issue affects Osh… | |
| CVE-2025-32304 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH:… | |
| CVE-2025-15398 | high | 8.1 | 8.1 | 5mo ago | A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. S… | |
| CVE-2025-69034 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects… | |
| CVE-2025-15107 | high | 8.1 | 8.1 | 5mo ago | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle | |
| CVE-2025-15085 | high | 8.1 | 8.1 | 5mo ago | A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Membe… | |
| CVE-2025-58052 | high | 8.1 | 8.1 | 5mo ago | Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictio… | |
| CVE-2025-14909 | high | 8.1 | 8.1 | 5mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jee… | |
| CVE-2025-14908 | high | 8.1 | 8.1 | 5mo ago | A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/s… | |
| CVE-2025-58950 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lio… | |
| CVE-2025-58949 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spo… | |
| CVE-2025-58948 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue aff… | |
| CVE-2025-58947 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Ath… | |
| CVE-2025-58946 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Voc… | |
| CVE-2025-58945 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects… | |
| CVE-2025-58944 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue… | |
| CVE-2025-58943 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Agricola agricola allows PHP Local File Inclusion.This issue affec… | |
| CVE-2025-58942 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwe… | |
| CVE-2025-58941 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects F… | |
| CVE-2025-58940 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Bas… | |
| CVE-2025-58937 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue aff… | |
| CVE-2025-58936 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue aff… | |
| CVE-2025-58934 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes The Gig thegig allows PHP Local File Inclusion.This issue affects … | |
| CVE-2025-58933 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects A… | |
| CVE-2025-58932 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects P… | |
| CVE-2025-58931 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects… | |
| CVE-2025-58930 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects… | |
| CVE-2025-58929 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects P… | |
| CVE-2025-49366 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue affects … | |
| CVE-2025-49365 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue af… | |
| CVE-2025-49364 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.Thi… | |
| CVE-2025-49363 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This … | |
| CVE-2025-49362 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioza allows PHP Local File Inclusion.This issue affe… | |
| CVE-2025-49361 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects … | |
| CVE-2025-49360 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This is… | |
| CVE-2025-49359 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issu… | |
| CVE-2025-14111 | high | 8.1 | 8.1 | 6mo ago | A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. … | |
| CVE-2025-14016 | high | 8.1 | 8.1 | 6mo ago | A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to… | |
| CVE-2025-13813 | high | 8.1 | 8.1 | 6mo ago | A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation le… | |
| CVE-2025-13468 | high | 8.1 | 8.1 | 6mo ago | A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/… | |
| CVE-2025-13435 | high | 8.1 | 8.1 | 6mo ago | Resty has a Path Traversal vulnerability | |
| CVE-2025-58995 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Leblix leblix allows PHP Local File Inclusion.This issue affe… | |
| CVE-2025-58994 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affe… | |
| CVE-2025-48290 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects K… | |
| CVE-2025-48090 | high | 8.1 | 8.1 | 7mo ago | Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a throu… | |
| CVE-2025-12615 | high | 8.1 | 8.1 | 7mo ago | A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads… | |
| CVE-2025-12547 | high | 8.1 | 8.1 | 7mo ago | A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads t… | |
| CVE-2025-12283 | high | 8.1 | 8.1 | 7mo ago | A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launch… | |
| CVE-2025-58967 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects… | |
| CVE-2025-58958 | high | 8.1 | 8.1 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affec… | |
| CVE-2025-11941 | high | 8.1 | 8.1 | 7mo ago | A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulati… | |
| CVE-2025-11938 | high | 8.1 | 8.1 | 7mo ago | A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DB_PASSWORD/ROOT_PATH/URL re… | |
| CVE-2025-11853 | high | 8.1 | 8.1 | 7mo ago | A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access … | |
| CVE-2025-49552 | high | 8.1 | 8.1 | 8mo ago | Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a vi… | |
| CVE-2025-11646 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The atta… | |
| CVE-2025-11609 | high | 8.1 | 8.1 | 8mo ago | A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secre… | |
| CVE-2025-11290 | high | 8.1 | 8.1 | 8mo ago | A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads t… | |
| CVE-2025-9566 | high | 8.1 | 8.1 | 9mo ago | Important: podman security update | |
| CVE-2025-54709 | high | 8.1 | 8.1 | 9mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. | |
| CVE-2025-9801 | high | 8.1 | 8.1 | 9mo ago | A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path tra… | |
| CVE-2025-53243 | high | 8.1 | 8.1 | 9mo ago | Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affect… | |
| CVE-2025-9262 | high | 8.1 | 8.1 | 9mo ago | wong2 mcp-cli Command Injection Vulnerability | |
| CVE-2025-49438 | high | 8.1 | 8.1 | 9mo ago | Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3. | |
| CVE-2025-47219 | high | 8.1 | 8.1 | 10mo ago | In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. |