US-CERT Vulnerability Summary for the Week of May 12, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| admintwentytwenty–UiPress lite | Effortless custom dashboards, admin themes and pages | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server. | 2025-05-15 | 8.8 | CVE-2025-3053 |
| Adobe–Adobe Connect | Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | 2025-05-13 | 9.3 | CVE-2025-43567 |
| Adobe–Animate | Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30328 |
| Adobe–Animate | Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43555 |
| Adobe–Animate | Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43556 |
| Adobe–Animate | Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43557 |
| Adobe–Bridge | Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43545 |
| Adobe–Bridge | Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43546 |
| Adobe–Bridge | Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43547 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | 2025-05-13 | 9.1 | CVE-2025-43559 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | 2025-05-13 | 9.1 | CVE-2025-43560 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | 2025-05-13 | 9.1 | CVE-2025-43561 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | 2025-05-13 | 9.1 | CVE-2025-43562 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | 2025-05-13 | 9.1 | CVE-2025-43563 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | 2025-05-13 | 9.1 | CVE-2025-43564 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed. | 2025-05-13 | 8.4 | CVE-2025-43565 |
| Adobe–Dimension | Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43548 |
| Adobe–Dimension | Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43572 |
| Adobe–Dreamweaver Desktop | Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30310 |
| Adobe–Illustrator | Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30330 |
| Adobe–InDesign Desktop | InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30318 |
| Adobe–Lightroom Desktop | Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-27197 |
| Adobe–Photoshop Desktop | Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30324 |
| Adobe–Photoshop Desktop | Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30325 |
| Adobe–Photoshop Desktop | Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30326 |
| Adobe–Substance3D – Modeler | Substance3D – Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43553 |
| Adobe–Substance3D – Modeler | Substance3D – Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43554 |
| Adobe–Substance3D – Painter | Substance3D – Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-30322 |
| Adobe–Substance3D – Stager | Substance3D – Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43549 |
| Adobe–Substance3D – Stager | Substance3D – Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43568 |
| Adobe–Substance3D – Stager | Substance3D – Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43569 |
| Adobe–Substance3D – Stager | Substance3D – Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43570 |
| Adobe–Substance3D – Stager | Substance3D – Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 7.8 | CVE-2025-43571 |
| AMD–AIM-T Manageability API | A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2025-05-13 | 7.3 | CVE-2023-31358 |
| AMD–AIM-T Manageability API | Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2025-05-13 | 7.3 | CVE-2023-31359 |
| AMD–AIM-T Manageability Service | Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. | 2025-05-13 | 7.3 | CVE-2024-36321 |
| AMD–AMD Cloud Manageability Service | Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. | 2025-05-13 | 7.3 | CVE-2025-0035 |
| AMD–AMD Optimizing CPU Libraries (AOCL) | Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2025-05-13 | 7.3 | CVE-2024-21960 |
| AMD–AMD Optimizing CPU Libraries (AOCL) | A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2025-05-13 | 7.3 | CVE-2024-36339 |
| AMI–AptioV | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | 2025-05-13 | 7.5 | CVE-2024-42446 |
| Auma Riester–AC1.2 | An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface. | 2025-05-12 | 7.5 | CVE-2025-3496 |
| auth0–auth0-PHP | Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using the Auth0-PHP SDK, or the Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress SDKs that rely on the Auth0-PHP SDK; and session storage configured with CookieStore. Upgrade Auth0/Auth0-PHP to v8.14.0 to receive a patch. As an additional precautionary measure, rotating cookie encryption keys is recommended. Note that once updated, any previous session cookies will be rejected. | 2025-05-15 | 9.1 | CVE-2025-47275 |
| Campcodes–Online Shopping Portal | A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4875 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transaction_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4707 |
| Campcodes–Sales and Inventory System | A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/sales_add.php. The manipulation of the argument discount leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4708 |
| Campcodes–Sales and Inventory System | A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/transaction_del.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4709 |
| Campcodes–Sales and Inventory System | A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /pages/transaction.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4710 |
| Campcodes–Sales and Inventory System | A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stockin_add.php. The manipulation of the argument prod_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4711 |
| Campcodes–Sales and Inventory System | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/account_summary.php. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4712 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. The manipulation of the argument sid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4713 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/reprint.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4714 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/view_application.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4715 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4716 |
| Campcodes–Sales and Inventory System | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/customer_add.php. The manipulation of the argument last leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-15 | 7.3 | CVE-2025-4718 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/cash_transaction.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4719 |
| Campcodes–Sales and Inventory System | A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4734 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/purchase_add.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4741 |
| Campcodes–Sales and Inventory System | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4746 |
| Campcodes–Sales and Inventory System | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4814 |
| Campcodes–Sales and Inventory System | A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4815 |
| CBEWIN–Anytxt Searcher | A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. | 2025-05-16 | 7 | CVE-2025-4769 |
| Centreon–web | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. | 2025-05-13 | 8.4 | CVE-2025-4647 |
| Centreon–web | Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. | 2025-05-13 | 8.4 | CVE-2025-4648 |
| Centreon–web | Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4. | 2025-05-13 | 7.2 | CVE-2025-4646 |
| ChewKeanHo–Actualizer | Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL’s “-passwd” function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer users building a full Debian Operating System are affected. Users should upgrade to version 1.2.0 of Actualizer. Existing OS deployment requires manual password changes against the alpha and root accounts. The change will deploy’s Debian’s yescript overriding the older SHA512 hash created by OpenSSL. As a workaround, users need to reset both `root` and “Alpha” users’ passwords. | 2025-05-13 | 7.5 | CVE-2025-47276 |
| cocotais–cocotais-bot | Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the `/echo <qqbot-at-everyone />` command to cause the bot to send a message that mentions all members in the chat, bypassing any permission controls. This can lead to spam, disruption, or abuse of notification systems. Version 1.6.2 contains a patch for the issue. | 2025-05-17 | 7.2 | CVE-2025-47948 |
| CodeAstro–Pharmacy Management System | A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4811 |
| CodeRevolution–Crawlomatic Multipage Scraper Post Generator | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-05-17 | 9.8 | CVE-2025-4389 |
| CodeRevolution–Echo RSS Feed Post Generator | The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-05-17 | 9.8 | CVE-2025-4391 |
| CodexThemes–TheGem | The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-05-13 | 8.8 | CVE-2025-4317 |
| Combodo–iTop | iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop’s portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1. | 2025-05-14 | 8.6 | CVE-2025-24022 |
| conda-forge–openssl-feedstock | conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected. | 2025-05-13 | 7.3 | CVE-2025-35471 |
| Cozy Vision Technologies Pvt. Ltd.–SMS Alert Order Notifications WooCommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.8.2. | 2025-05-12 | 9.3 | CVE-2025-47682 |
| Cure53–DOMPurify | In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the “Uncontrolled data used in path expression” occurs “in a development helper script which starts a local web server if needed and must be manually started.” | 2025-05-15 | 7.5 | CVE-2025-48050 |
| D-Link–DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-17 | 8.8 | CVE-2025-4841 |
| D-Link–DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-17 | 8.8 | CVE-2025-4842 |
| D-Link–DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-17 | 8.8 | CVE-2025-4843 |
| D-Link–DI-7003GV2 | A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.5 | CVE-2025-4749 |
| D-Link–DI-7003GV2 | A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been classified as critical. This affects the function sub_497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4755 |
| D-Link–DI-8100 | A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxz_asp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.2 | CVE-2025-4883 |
| Dell–PowerScale InsightIQ | Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges. | 2025-05-15 | 8.1 | CVE-2025-30475 |
| Dell–PowerScale OneFS | Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service. | 2025-05-15 | 7.5 | CVE-2025-26481 |
| donetick–donetick | Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate. The vulnerability is proven by existence of the issue in the live version as well. This issue can result in full account takeover of any user. Version 0.1.44 contains a patch. | 2025-05-17 | 9.1 | CVE-2025-47945 |
| dyland–WP Content Security Plugin | The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-15 | 7.2 | CVE-2025-4579 |
| emlog–emlog | Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | 2025-05-15 | 8.3 | CVE-2025-47785 |
| Ericsson–Packet Core Controller | Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation | 2025-05-16 | 7.5 | CVE-2024-53827 |
| Estatik–Mortgage Calculator Estatik | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12. | 2025-05-16 | 7.5 | CVE-2025-48136 |
| facturaone–TicketBAI Facturas para WooCommerce | The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the ‘delpdf’ action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-05-15 | 9.8 | CVE-2025-4564 |
| Fortinet–FortiVoice | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. | 2025-05-13 | 9.6 | CVE-2025-32756 |
| FreeFloat–FTP Server | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4788 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component LCD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4789 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component GLOB Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4790 |
| FreeFloat–FTP Server | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4791 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4792 |
| FreeFloat–FTP Server | A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4844 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4845 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4846 |
| FreeFloat–FTP Server | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4847 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4848 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4872 |
| Google–Web Designer | Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer’s preview feature | 2025-05-12 | 7.8 | CVE-2025-1079 |
| HashiCorp–Nomad Enterprise | Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13. | 2025-05-13 | 7.6 | CVE-2025-3744 |
| Hitachi–JP1/IT Desktop Management 2 – Smart Device Manager | XXE vulnerability in Hitachi JP1/IT Desktop Management 2 – Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 – Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06. | 2025-05-15 | 8.7 | CVE-2025-27523 |
| I-O DATA DEVICE, INC.–HDL-TC1 | Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in I-O DATA network attached hard disk ‘HDL-T Series’ firmware Ver.1.21 and earlier when ‘Remote Link3 function’ is enabled. If exploited, a remote unauthenticated attacker may execute an arbitrary OS command. | 2025-05-15 | 9.8 | CVE-2025-32002 |
| IBM–4769 Developers Toolkit | IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size. | 2025-05-12 | 7.5 | CVE-2025-3632 |
| IBM–i | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | 2025-05-17 | 8.5 | CVE-2025-33103 |
| IBM–Semeru Runtime | IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation. | 2025-05-14 | 7.5 | CVE-2025-2900 |
| imithemes–Eventer | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6. | 2025-05-16 | 9.3 | CVE-2025-39481 |
| infiniflow–RAGFlow | RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting. | 2025-05-17 | 9.1 | CVE-2025-48187 |
| invisioncommunity–Invision Power Board | Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings. | 2025-05-16 | 10 | CVE-2025-47916 |
| itsourcecode–Placement Management System | A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4721 |
| itsourcecode–Placement Management System | A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4722 |
| itsourcecode–Placement Management System | A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4723 |
| itsourcecode–Placement Management System | A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4724 |
| itsourcecode–Placement Management System | A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4725 |
| itsourcecode–Placement Management System | A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4726 |
| itsourcecode–Restaurant Management System | A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/finished.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4864 |
| itsourcecode–Restaurant Management System | A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-18 | 7.3 | CVE-2025-4865 |
| itsourcecode–Restaurant Management System | A vulnerability classified as critical has been found in itsourcecode Restaurant Management System 1.0. This affects an unknown part of the file /admin/member_update.php. The manipulation of the argument menu leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4869 |
| itsourcecode–Restaurant Management System | A vulnerability classified as critical was found in itsourcecode Restaurant Management System 1.0. This vulnerability affects unknown code of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4870 |
| itsourcecode–Restaurant Management System | A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user_save.php. The manipulation of the argument username/name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4881 |
| itsourcecode–Restaurant Management System | A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_update.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4882 |
| itsourcecode–Restaurant Management System | A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/assign_save.php. The manipulation of the argument team leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4884 |
| itsourcecode–Sales and Inventory System | A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-18 | 7.3 | CVE-2025-4885 |
| itsourcecode–Sales and Inventory System | A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-18 | 7.3 | CVE-2025-4886 |
| Ivanti–CSA (Cloud Services Appliance) | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. | 2025-05-13 | 7.8 | CVE-2025-22460 |
| Ivanti–Endpoint Manager Mobile | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | 2025-05-13 | 7.2 | CVE-2025-4428 |
| Ivanti–Neurons for ITSM (on-prem) | An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. | 2025-05-13 | 9.8 | CVE-2025-22462 |
| karimmughal–Dot html,php,xml etc pages | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0. | 2025-05-16 | 7.1 | CVE-2025-48112 |
| Kashipara Group–Billing Software | Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database. | 2025-05-12 | 9.8 | CVE-2023-49641 |
| kelerkgibo–SEO(//Bing/) | The 百度站长SEOåˆé›†(支æŒç™¾åº¦/神马/Bing/头æ¡æŽ¨é€) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-05-15 | 9.8 | CVE-2025-3917 |
| Kinfor–KFOX | The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | 2025-05-12 | 8.8 | CVE-2025-4561 |
| LambertGroup–Apollo | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Apollo allows SQL Injection. This issue affects Apollo: from n/a through 3.6.3. | 2025-05-16 | 8.5 | CVE-2025-32245 |
| LambertGroup–Chameleon HTML5 Audio Player With/Without Playlist | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist allows SQL Injection. This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through 3.5.6. | 2025-05-16 | 8.5 | CVE-2025-32307 |
| LambertGroup–CountDown Pro WP Plugin | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup CountDown Pro WP Plugin allows SQL Injection. This issue affects CountDown Pro WP Plugin: from n/a through 2.7. | 2025-05-16 | 8.5 | CVE-2025-32301 |
| LambertGroup–Magic Responsive Slider and Carousel WordPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through 1.4. | 2025-05-16 | 8.5 | CVE-2025-31640 |
| LambertGroup–Multimedia Responsive Carousel with Image Video Audio Support | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support allows SQL Injection. This issue affects Multimedia Responsive Carousel with Image Video Audio Support: from n/a through 2.6.0. | 2025-05-16 | 8.5 | CVE-2025-31928 |
| LambertGroup–Radio Player Shoutcast & Icecast WordPress Plugin | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin allows Blind SQL Injection. This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n/a through 4.4.6. | 2025-05-16 | 8.5 | CVE-2025-32306 |
| LambertGroup–Responsive HTML5 Audio Player PRO With Playlist | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.7. | 2025-05-16 | 8.5 | CVE-2025-32287 |
| LambertGroup–SHOUT | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3. | 2025-05-16 | 8.5 | CVE-2025-31637 |
| LambertGroup–Sticky HTML5 Music Player | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Sticky HTML5 Music Player allows SQL Injection. This issue affects Sticky HTML5 Music Player: from n/a through 3.1.6. | 2025-05-16 | 8.5 | CVE-2025-32290 |
| LambertGroup–Sticky Radio Player | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Sticky Radio Player allows SQL Injection. This issue affects Sticky Radio Player: from n/a through 3.4. | 2025-05-16 | 8.5 | CVE-2025-31926 |
| LambertGroup–UberSlider | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup UberSlider allows SQL Injection. This issue affects UberSlider: from n/a through 2.3. | 2025-05-16 | 8.5 | CVE-2025-31641 |
| LambertGroup–Video Player & FullScreen Video Background | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup Video Player & FullScreen Video Background allows Blind SQL Injection. This issue affects Video Player & FullScreen Video Background: from n/a through 2.4.1. | 2025-05-16 | 7.6 | CVE-2025-47567 |
| lukevella–rallly | Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the authentication. A token that consists of 6 digits only presents weak entropy however and when coupled with no token brute force protection, makes it possible for an unauthenticated attacker with knowledge of a valid email address to successfully brute force the token within 15 minutes (token expiration time) and take over the account associated with the targeted email address. All users on the Rallly applications are impacted. As long as an attacker knows the user’s email address they used to register on the app, they can systematically take over any user account. For the authentication mechanism to be safe, the token would need to be assigned a complex high entropy value that cannot be bruteforced within reasonable time, and ideally rate limiting the /api/auth/callback/email endpoint to further make brute force attempts unreasonable within the 15 minutes time. As of time of publication, no patched versions are available. | 2025-05-14 | 9.8 | CVE-2025-47781 |
| ManageEngine–ADAudit Plus | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. | 2025-05-14 | 8.1 | CVE-2025-3834 |
| ManageEngine–ADSelfService Plus | Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports. | 2025-05-14 | 8.1 | CVE-2025-3833 |
| marcinlawrowski–Wise Chat | The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the ‘uploads’ directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3. | 2025-05-17 | 7.5 | CVE-2024-13613 |
| Michael Lups–SEO Flow by LupsOnline | Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0. | 2025-05-16 | 7.1 | CVE-2025-48146 |
| Microsoft–.NET 8.0 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | 2025-05-13 | 8 | CVE-2025-26646 |
| Microsoft–Azure AI Document Intelligence Studio | Improper limitation of a pathname to a restricted directory (‘path traversal’) in Azure allows an unauthorized attacker to elevate privileges over a network. | 2025-05-13 | 9.8 | CVE-2025-30387 |
| Microsoft–Azure File Sync | Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7 | CVE-2025-29973 |
| Microsoft–Microsoft 365 Apps for Enterprise | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-29978 |
| Microsoft–Microsoft 365 Apps for Enterprise | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30393 |
| Microsoft–Microsoft 365 Apps for Enterprise | Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-32705 |
| Microsoft–Microsoft Dataverse | Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 2025-05-13 | 7.3 | CVE-2025-29826 |
| Microsoft–Microsoft Defender for Endpoint for Linux | Microsoft Defender for Endpoint Elevation of Privilege Vulnerability | 2025-05-15 | 7.8 | CVE-2025-47161 |
| Microsoft–Microsoft Office 2019 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-05-13 | 8.4 | CVE-2025-30377 |
| Microsoft–Microsoft Office 2019 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-05-13 | 8.4 | CVE-2025-30386 |
| Microsoft–Microsoft Office 2019 | Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 8.4 | CVE-2025-32704 |
| Microsoft–Microsoft Office LTSC for Mac 2021 | Heap-based buffer overflow in Windows Win32K – GRFX allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30388 |
| Microsoft–Microsoft PC Manager | Improper link resolution before file access (‘link following’) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-29975 |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 | Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-29976 |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7 | CVE-2025-30378 |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30382 |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.4 | CVE-2025-30384 |
| Microsoft–Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-32702 |
| Microsoft–Office Online Server | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-29977 |
| Microsoft–Office Online Server | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-29979 |
| Microsoft–Office Online Server | Access of resource using incompatible type (‘type confusion’) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30375 |
| Microsoft–Office Online Server | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30376 |
| Microsoft–Office Online Server | Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30379 |
| Microsoft–Office Online Server | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30381 |
| Microsoft–Office Online Server | Access of resource using incompatible type (‘type confusion’) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.8 | CVE-2025-30383 |
| Microsoft–Visual Studio Code | Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | 2025-05-13 | 7.1 | CVE-2025-21264 |
| Microsoft–Windows 10 Version 1809 | Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 8.8 | CVE-2025-29840 |
| Microsoft–Windows 10 Version 1809 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 8.8 | CVE-2025-29962 |
| Microsoft–Windows 10 Version 1809 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 8.8 | CVE-2025-29963 |
| Microsoft–Windows 10 Version 1809 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 8.8 | CVE-2025-29964 |
| Microsoft–Windows 10 Version 1809 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-24063 |
| Microsoft–Windows 10 Version 1809 | Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7 | CVE-2025-27468 |
| Microsoft–Windows 10 Version 1809 | Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | 2025-05-13 | 7.7 | CVE-2025-29833 |
| Microsoft–Windows 10 Version 1809 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | 2025-05-13 | 7.5 | CVE-2025-29969 |
| Microsoft–Windows 10 Version 1809 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-30385 |
| Microsoft–Windows 10 Version 1809 | Access of resource using incompatible type (‘type confusion’) in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 7.5 | CVE-2025-30397 |
| Microsoft–Windows 10 Version 1809 | Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-30400 |
| Microsoft–Windows 10 Version 1809 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-32701 |
| Microsoft–Windows 10 Version 1809 | Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-32706 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-32707 |
| Microsoft–Windows 10 Version 1809 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-32709 |
| Microsoft–Windows 10 Version 22H2 | Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. | 2025-05-13 | 7.5 | CVE-2025-29842 |
| Microsoft–Windows 11 version 22H2 | Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. | 2025-05-13 | 7.5 | CVE-2025-29971 |
| Microsoft–Windows App Client for Windows Desktop | Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 8.8 | CVE-2025-29966 |
| Microsoft–Windows App Client for Windows Desktop | Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 8.8 | CVE-2025-29967 |
| Microsoft–Windows Server 2019 | Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | 2025-05-13 | 7.5 | CVE-2025-26677 |
| Microsoft–Windows Server 2019 | Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | 2025-05-13 | 7.5 | CVE-2025-29831 |
| Microsoft–Windows Server 2022 | Concurrent execution using shared resource with improper synchronization (‘race condition’) in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7 | CVE-2025-29841 |
| Microsoft–Windows Server 2025 (Server Core installation) | Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. | 2025-05-13 | 7.4 | CVE-2025-29838 |
| Microsoft–Windows Server 2025 (Server Core installation) | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 7.8 | CVE-2025-29970 |
| mojoomla–WPGYM | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla WPGYM allows Blind SQL Injection. This issue affects WPGYM: from n/a through 65.0. | 2025-05-16 | 9.3 | CVE-2025-32643 |
| n/a–Administrative Tools for some Intel(R) Network Adapters package | Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.3 | CVE-2025-20104 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.8 | CVE-2025-22843 |
| n/a–Intel(R) Data Center GPU Flex Series for Windows driver | Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 7.3 | CVE-2024-36292 |
| n/a–Intel(R) Data Center GPU Flex Series for Windows driver | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 7.3 | CVE-2024-45333 |
| n/a–Intel(R) Gaudi(R) software installers | Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-14 | 8.2 | CVE-2024-45067 |
| n/a–Intel(R) Graphics Driver software installers | Improper link resolution before file access (‘Link Following’) for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 8.2 | CVE-2025-20003 |
| n/a–Intel(R) Graphics Drivers | Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 8.4 | CVE-2025-20018 |
| n/a–Intel(R) Graphics Drivers | Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | 2025-05-13 | 8.4 | CVE-2025-20101 |
| n/a–Intel(R) Graphics software | Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 7.3 | CVE-2025-20052 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 8 | CVE-2025-20046 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 7.4 | CVE-2025-20006 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | 2025-05-13 | 7.9 | CVE-2025-20032 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | 2025-05-13 | 7.9 | CVE-2025-20618 |
| n/a–Intel(R) Server D50DNP and M50FCP | Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.5 | CVE-2025-24308 |
| n/a–Intel(R) Server D50DNP and M50FCP boards | Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via local access. | 2025-05-13 | 7.5 | CVE-2025-20082 |
| n/a–Intel(R) Server D50DNP and M50FCP boards | Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.5 | CVE-2025-21094 |
| n/a–Intel(R) Simics(R) Package Manager software | Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.7 | CVE-2025-20008 |
| n/a–Intel(R) Slim Bootloader | Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.5 | CVE-2025-20083 |
| n/a–Intel(R) Xeon(R) 6 processor E-Cores firmware | Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.2 | CVE-2025-20004 |
| n/a–Intel(R) Xeon(R) 6 processor with E-cores | Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 7.5 | CVE-2025-20100 |
| n/a–lockfile-lint-api | Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one. | 2025-05-16 | 8.3 | CVE-2025-4759 |
| nanbingxyz–5ire | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue. | 2025-05-14 | 9.7 | CVE-2025-47777 |
| NasaTheme–Nasa Core | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. | 2025-05-16 | 7.5 | CVE-2025-39507 |
| NetAlertX–NetAlertX | NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. | 2025-05-13 | 10 | CVE-2024-46506 |
| NetAlertX–NetAlertX | NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php. | 2025-05-13 | 8.6 | CVE-2024-48766 |
| Netvision–ISOinsight | The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-05-12 | 9.8 | CVE-2025-4559 |
| NI–Circuit Design Suite | There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | 2025-05-15 | 7.8 | CVE-2025-30417 |
| NI–Circuit Design Suite | There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | 2025-05-15 | 7.8 | CVE-2025-30418 |
| NI–Circuit Design Suite | There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | 2025-05-15 | 7.8 | CVE-2025-30419 |
| NI–Circuit Design Suite | There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | 2025-05-15 | 7.8 | CVE-2025-30420 |
| NI–Circuit Design Suite | There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | 2025-05-15 | 7.8 | CVE-2025-30421 |
| nimiq–core-rs-albatross | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncontrolled memory allocation. Specifically, the implementation of the `Discovery` network message handling allocates a buffer based on a length value provided by the peer, without enforcing an upper bound. Since this length is a `u32`, a peer can trigger allocations of up to 4 GB, potentially leading to memory exhaustion and node crashes. As Discovery messages are regularly exchanged for peer discovery, this vulnerability can be exploited repeatedly. The patch for this vulnerability is formally released as part of v1.1.0. The patch implements a limit to the discovery message size of 1 MB and also resizes the message buffer size incrementally as the data is read. No known workarounds are available. | 2025-05-12 | 7.5 | CVE-2025-47270 |
| PCMan–FTP Server | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4871 |
| PHPGurukul–Apartment Visitors Management System | A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-12 | 7.3 | CVE-2025-4553 |
| PHPGurukul–Apartment Visitors Management System | A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-passreports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-12 | 7.3 | CVE-2025-4554 |
| PHPGurukul–Apartment Visitors Management System | A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4699 |
| PHPGurukul–Beauty Parlour Management System | A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4757 |
| PHPGurukul–Beauty Parlour Management System | A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-16 | 7.3 | CVE-2025-4758 |
| PHPGurukul–Beauty Parlour Management System | A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-18 | 7.3 | CVE-2025-4861 |
| PHPGurukul–Company Visitor Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /visitors-form.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4717 |
| PHPGurukul–Complaint Management System | A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4761 |
| PHPGurukul–Daily Expense Tracker | A vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4736 |
| PHPGurukul–Daily Expense Tracker System | A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user-profile.php. The manipulation of the argument fullname/contactnumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4785 |
| PHPGurukul–Directory Management System | A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4697 |
| PHPGurukul–Directory Management System | A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4698 |
| PHPGurukul–Human Metapneumovirus Testing Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4812 |
| PHPGurukul–Human Metapneumovirus Testing Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4813 |
| PHPGurukul–News Portal | A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4873 |
| PHPGurukul–News Portal | A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4880 |
| PHPGurukul–News Portal Project | A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 7.3 | CVE-2025-4874 |
| PHPGurukul–Online Course Registration | A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/course.php. The manipulation of the argument coursecode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4771 |
| PHPGurukul–Online Course Registration | A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/department.php. The manipulation of the argument department leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4772 |
| PHPGurukul–Online Course Registration | A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4773 |
| PHPGurukul–Online Course Registration | A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as critical. Affected is an unknown function of the file /edit-student-profile.php. The manipulation of the argument cgpa leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4793 |
| PHPGurukul–Online Course Registration | A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /news.php. The manipulation of the argument newstitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4794 |
| PHPGurukul–Vehicle Parking Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4702 |
| PHPGurukul–Vehicle Parking Management System | A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4703 |
| PHPGurukul–Vehicle Parking Management System | A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4704 |
| PHPGurukul–Vehicle Parking Management System | A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /admin/view-incomingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4705 |
| PHPGurukul–Zoo Management System | A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. Affected is an unknown function of the file /admin/contactus.php. The manipulation of the argument mobnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4765 |
| PHPGurukul–Zoo Management System | A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4766 |
| Progress Software–Telerik UI for ASP.NET AJAX | In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. | 2025-05-14 | 7.5 | CVE-2025-3600 |
| projectworlds–Hospital Database Management System | A vulnerability was found in projectworlds Hospital Database Management System 1.0. It has been classified as critical. This affects an unknown part of the file /medicines_info.php. The manipulation of the argument Med_ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 7.3 | CVE-2025-4739 |
| Projectworlds–Life Insurance Management System | A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4836 |
| projectworlds–Online Examination System | A vulnerability was found in projectworlds Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Procedure3b_yearwiseVisit.php. The manipulation of the argument Visit_year leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4706 |
| projectworlds–Student Project Allocation System | A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4837 |
| proxymis–Interview | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01. | 2025-05-16 | 8.5 | CVE-2025-48137 |
| QuanticaLabs–CSS3 Accordions for WordPress | Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0. | 2025-05-16 | 7.1 | CVE-2025-31922 |
| QuantumCloud–WPBot Pro WordPress Chatbot | The WPBot Pro WordPress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-05-17 | 8.1 | CVE-2025-3812 |
| Red Hat–Red Hat | A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo. | 2025-05-12 | 7.6 | CVE-2024-4981 |
| Red Hat–Red Hat | A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server. | 2025-05-12 | 7.6 | CVE-2024-4982 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children’s “worker” processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | 2025-05-14 | 7.8 | CVE-2025-3931 |
| Red Hat–Red Hat Enterprise Linux 8 | A flaw was found in the gnome-remote-desktop used by Anaconda’s remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system. | 2025-05-16 | 7.1 | CVE-2025-4478 |
| Relevanssi–Relevanssi A Better Search (Pro) | The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.4 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database. | 2025-05-13 | 7.5 | CVE-2025-4396 |
| roninwp–FAT Services Booking | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in roninwp FAT Services Booking allows PHP Local File Inclusion. This issue affects FAT Services Booking: from n/a through 5.5. | 2025-05-16 | 7.5 | CVE-2025-47693 |
| Samsung Electronics–MagicINFO 9 Server | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. | 2025-05-13 | 9.8 | CVE-2025-4632 |
| SAP_SE–SAP Business Objects Business Intelligence Platform (PMW) | Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application. | 2025-05-13 | 7.9 | CVE-2025-43000 |
| SAP_SE–SAP Landscape Transformation (PCL Basis) | Under certain conditions, SAP Landscape Transformation’s PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application. | 2025-05-13 | 7.7 | CVE-2025-43011 |
| SAP_SE–SAP NetWeaver (Visual Composer development server) | SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | 2025-05-13 | 9.1 | CVE-2025-42999 |
| SAP_SE–SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application. | 2025-05-13 | 8.3 | CVE-2025-43010 |
| SAP_SE–SAP Supplier Relationship Management (Live Auction Cockpit) | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application’s confidentiality, with no effect on integrity and availability of the application. | 2025-05-13 | 8.6 | CVE-2025-30018 |
| Schneider Electric–Modicon Controllers M241 / M251 | CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources. | 2025-05-14 | 7.5 | CVE-2025-2875 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An unauthenticated user could discover account credentials via a brute-force attack without rate limiting | 2025-05-12 | 8.1 | CVE-2025-46739 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated user without user administrative permissions could change the administrator Account Name. | 2025-05-12 | 7.5 | CVE-2025-46740 |
| Schweitzer Engineering Laboratories–SEL-5037 Grid Configurator | SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources. | 2025-05-12 | 7.4 | CVE-2025-46737 |
| ShapedPlugin LLC–WP Tabs | Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11. | 2025-05-16 | 7.2 | CVE-2025-48134 |
| Shayan Farhang Pazhooh–ShayanWeb Admin FontChanger | Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1. | 2025-05-16 | 7.1 | CVE-2025-48114 |
| sidngr–Import Export For WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2. | 2025-05-16 | 7.1 | CVE-2025-48144 |
| Siemens–Desigo CC | A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp) | 2025-05-13 | 7.5 | CVE-2024-23815 |
| Siemens–IEC 1Ph 7.4kW Child socket | A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions < V2.135), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions < V2.135), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions < V2.135), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions < V2.135), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions < V2.135), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions < V2.135), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions < V2.135), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions < V2.135), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions < V2.135), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions < V2.135), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions < V2.135), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions < V2.135), VersiCharge Blueâ„¢ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions < V2.135). Affected devices contain Modbus service enabled by default. This could allow an attacker connected to the same network to remotely control the EV charger. | 2025-05-13 | 8.8 | CVE-2025-31930 |
| Siemens–OZW672 | A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. | 2025-05-13 | 10 | CVE-2025-26389 |
| Siemens–OZW672 | A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user. | 2025-05-13 | 9.8 | CVE-2025-26390 |
| Siemens–RUGGEDCOM ROX MX5000 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The ‘ping’ tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | 2025-05-13 | 9.9 | CVE-2025-32469 |
| Siemens–RUGGEDCOM ROX MX5000 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The ‘tcpdump’ tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | 2025-05-13 | 9.9 | CVE-2025-33024 |
| Siemens–RUGGEDCOM ROX MX5000 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The ‘traceroute’ tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges. | 2025-05-13 | 9.9 | CVE-2025-33025 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service. | 2025-05-13 | 7.8 | CVE-2025-40574 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. | 2025-05-13 | 7.1 | CVE-2025-40581 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device. | 2025-05-13 | 7.8 | CVE-2025-40582 |
| Siemens–SIMATIC PCS neo V4.1 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user’s session even after logout. | 2025-05-13 | 8.8 | CVE-2025-40566 |
| Siemens–SIMATIC PCS neo V4.1 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | 2025-05-13 | 7.5 | CVE-2025-30174 |
| Siemens–SIMATIC PCS neo V4.1 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | 2025-05-13 | 7.5 | CVE-2025-30175 |
| Siemens–SIMATIC PCS neo V4.1 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition. | 2025-05-13 | 7.5 | CVE-2025-30176 |
| Siemens–SIRIUS 3RK3 Modular Safety System (MSS) | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors. | 2025-05-13 | 7.5 | CVE-2025-24007 |
| Siemens–Teamcenter Visualization V14.3 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All versions < V2412.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2025-05-13 | 7.8 | CVE-2025-32454 |
| SMA–www.sunnyportal.com | An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake. | 2025-05-13 | 8.6 | CVE-2025-41645 |
| SourceCodester–Best Online News Portal | A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 7.3 | CVE-2025-4728 |
| SourceCodester–Doctor’s Appointment System | A vulnerability was found in SourceCodester Doctor’s Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4816 |
| SourceCodester–Doctor’s Appointment System | A vulnerability was found in SourceCodester Doctor’s Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4818 |
| Sourcecodester–Doctor’s Appointment System | A vulnerability was found in Sourcecodester Doctor’s Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 7.3 | CVE-2025-4817 |
| spotipy-dev–spotipy | Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate `GITHUB_TOKEN` and secrets `SPOTIPY_CLIENT_ID`, `SPOTIPY_CLIENT_SECRET`. In particular `GITHUB_TOKEN` which can be used to completely overtake the repo since the token has content write privileges. The `pull_request_target` in GitHub Actions is a major security concern-especially in public repositories-because it executes untrusted code from a PR, but with the context of the base repository, including access to its secrets. Commit 9dfb7177b8d7bb98a5a6014f8e6436812a47576f reverted the change that caused the issue. | 2025-05-15 | 9.1 | CVE-2025-47928 |
| SYNCPILOT–LIVE CONTRACT | A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server. | 2025-05-16 | 8.6 | CVE-2025-2305 |
| Tenda–AC7 | A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 8.8 | CVE-2025-4809 |
| Tenda–AC7 | A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 8.8 | CVE-2025-4810 |
| ThemeMove–QuickCal | Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal allows Privilege Escalation. This issue affects QuickCal: from n/a through 1.0.13. | 2025-05-16 | 8.8 | CVE-2025-32310 |
| Themewinter–Eventin | Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26. | 2025-05-14 | 7.5 | CVE-2025-47445 |
| Tobias–WP2LEADS | Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS allows Stored XSS.This issue affects WP2LEADS: from n/a through 3.5.0. | 2025-05-15 | 7.1 | CVE-2025-32922 |
| tornadoweb–tornado | Tornado is a Python web framework and asynchronous networking library. When Tornado’s “multipart/form-data“ parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | 2025-05-15 | 7.5 | CVE-2025-47287 |
| TOTOLINK–A3002R | A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 8.8 | CVE-2025-4730 |
| TOTOLINK–A3002R | A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type/ip_subnet leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 8.8 | CVE-2025-4731 |
| TOTOLINK–A3002R | A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 8.8 | CVE-2025-4732 |
| TOTOLINK–A3002R | A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 8.8 | CVE-2025-4733 |
| TOTOLINK–A702R | A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4823 |
| TOTOLINK–A702R | A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4824 |
| TOTOLINK–A702R | A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4825 |
| TOTOLINK–A702R | A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4826 |
| TOTOLINK–A702R | A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4827 |
| TOTOLINK–A702R | A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this vulnerability is the function sub_40BE30 of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4829 |
| TOTOLINK–A702R | A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this issue is some unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4830 |
| TOTOLINK–A702R | A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formSiteSurveyProfile of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4831 |
| TOTOLINK–A702R | A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4832 |
| TOTOLINK–A702R | A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some unknown processing of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4833 |
| TOTOLINK–A702R | A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been classified as critical. Affected is an unknown function of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4834 |
| TOTOLINK–A702R | A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 8.8 | CVE-2025-4835 |
| uncannyowl–Uncanny Automator Easy Automation, Integration, Webhooks & Workflow Builder Plugin | The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files. | 2025-05-14 | 8.1 | CVE-2025-3623 |
| vinoth06–Frontend Dashboard | The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover. | 2025-05-13 | 8.8 | CVE-2025-4473 |
| vinoth06–Frontend Dashboard | The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s ‘register’ role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator. | 2025-05-13 | 8.8 | CVE-2025-4474 |
| VMware–Vmware Aria Automation | VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | 2025-05-13 | 8.2 | CVE-2025-22249 |
| WHMPress–WHMpress | Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | 2025-05-16 | 8.1 | CVE-2025-39491 |
| WHMPress–WHMpress | Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | 2025-05-16 | 7.5 | CVE-2025-39492 |
| Wibu–CodeMeter | Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer. | 2025-05-16 | 8.2 | CVE-2025-47809 |
| WormHole Tech–GPM | The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user’s password and use the modified password to log into the system. | 2025-05-12 | 9.8 | CVE-2025-4558 |
| WP Experts–File Manager Advanced Shortcode | The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the ‘file_manager_advanced’ shortcode. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Sites currently using 2.5.4 (file-manager-advanced-shortcode) should be updated to 2.6.0 (advanced-file-manager-pro-premium). | 2025-05-15 | 7.2 | CVE-2024-13914 |
| ZONG YU–Okcat Parking Management Platform | The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions include opening gates, viewing license plates and parking records, and restarting the system. | 2025-05-12 | 9.8 | CVE-2025-4555 |
| ZONG YU–Okcat Parking Management Platform | The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | 2025-05-12 | 9.8 | CVE-2025-4556 |
| ZONG YU–Parking Management System | The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific APIs and operate system functions. These functions include opening gates and restarting the system. | 2025-05-12 | 9.1 | CVE-2025-4557 |
| Zoom Communications, Inc–Zoom Workplace Apps | Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. | 2025-05-14 | 8.8 | CVE-2025-30663 |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Adobe–Adobe Connect | Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2025-05-13 | 6.1 | CVE-2025-30314 |
| Adobe–Adobe Connect | Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2025-05-13 | 6.1 | CVE-2025-30315 |
| Adobe–Adobe Connect | Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2025-05-13 | 5.4 | CVE-2025-30316 |
| Adobe–Animate | Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 5.5 | CVE-2025-30329 |
| Adobe–ColdFusion | ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed. | 2025-05-13 | 6.8 | CVE-2025-43566 |
| Adobe–InDesign Desktop | InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 5.5 | CVE-2025-30319 |
| Adobe–InDesign Desktop | InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 5.5 | CVE-2025-30320 |
| Adobe–Substance3D – Stager | Substance3D – Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-05-13 | 5.5 | CVE-2025-43551 |
| Advaya Softech–GEMS ERP Portal | A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 6.3 | CVE-2025-4863 |
| alti5–AlT Monitoring | The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the ‘ALT_Monitoring_edit’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-05-17 | 6.1 | CVE-2025-4194 |
| AMD–AMD Prof | A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. | 2025-05-13 | 6.6 | CVE-2024-36340 |
| aomedia–libavif | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. | 2025-05-16 | 4.5 | CVE-2025-48174 |
| aomedia–libavif | In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. | 2025-05-16 | 4.5 | CVE-2025-48175 |
| App Cheap–Push notification for Mobile and Web app | Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3. | 2025-05-16 | 6.5 | CVE-2025-48127 |
| aptivadadev–Aptivada for WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0. | 2025-05-16 | 6.5 | CVE-2025-48135 |
| artbees–Jupiter X Core | The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file. | 2025-05-17 | 6.4 | CVE-2025-3888 |
| Ashan Perera–EventON | Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4. | 2025-05-16 | 5.3 | CVE-2025-48116 |
| ashanjay–EventON | Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9. | 2025-05-16 | 5.3 | CVE-2025-47564 |
| Automattic–Jetpack Debug Tools | Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1. | 2025-05-15 | 5.3 | CVE-2024-56006 |
| Automattic–Tours | Missing Authorization vulnerability in Automattic Tours.This issue affects Tours: from n/a through 1.0.0. | 2025-05-15 | 4.3 | CVE-2024-51666 |
| BeamCtrl–Airiana | A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4740 |
| berthaai–BERTHA AI | Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11. | 2025-05-16 | 4.3 | CVE-2025-48138 |
| BlueWave–Checkmate | In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint. | 2025-05-15 | 5 | CVE-2025-48024 |
| Bohua–NetDragon Firewall | A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4747 |
| boldthemes–Bold Page Builder | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-18 | 6.4 | CVE-2025-3715 |
| Bootstrap–Bootstrap | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. | 2025-05-15 | 5.6 | CVE-2025-1647 |
| Broadstreet–Broadstreet | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.8. | 2025-05-16 | 6.5 | CVE-2025-48113 |
| bullfrogsec–bullfrog | Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue. | 2025-05-14 | 6.2 | CVE-2025-47775 |
| Campcodes–Sales and Inventory System | A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/product.php. The manipulation of the argument Picture leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4735 |
| cbutlerjr–WP-Members Membership Plugin | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-17 | 6.4 | CVE-2025-4610 |
| Centreon–web | Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the “event logs” page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26. | 2025-05-13 | 4.9 | CVE-2025-4649 |
| Chimpstudio–WP JobHunt | Authorization Bypass Through User-Controlled Key vulnerability in Chimpstudio WP JobHunt allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP JobHunt: from n/a through 7.1. | 2025-05-16 | 5.3 | CVE-2025-39537 |
| code-projects–Employee Record System | A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4743 |
| code-projects–Pharmacy Management System | A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. This affects the function medicineType::take_order of the component Add Order Details. The manipulation leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 5.3 | CVE-2025-4888 |
| code-projects–Police Station Management System | A vulnerability was found in code-projects Police Station Management System 1.0. It has been classified as critical. Affected is the function criminal::display of the file source.cpp of the component Display Record. The manipulation of the argument N leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 5.3 | CVE-2025-4891 |
| code-projects–Police Station Management System | A vulnerability was found in code-projects Police Station Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function criminal::remove of the file source.cpp of the component Delete Record. The manipulation of the argument No leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 5.3 | CVE-2025-4892 |
| code-projects–Tourism Management System | A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 5.3 | CVE-2025-4889 |
| code-projects–Tourism Management System | A vulnerability was found in code-projects Tourism Management System 1.0 and classified as critical. This issue affects the function LoginUser of the component Login User. The manipulation of the argument username/password leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 5.3 | CVE-2025-4890 |
| CodexThemes–TheGem | The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options. | 2025-05-13 | 4.3 | CVE-2025-4339 |
| Combodo–iTop | iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they’re not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue. | 2025-05-14 | 6.5 | CVE-2024-52601 |
| Combodo–iTop | iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before importing it. | 2025-05-14 | 6.3 | CVE-2024-56157 |
| Combodo–iTop | iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they’re not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue. | 2025-05-14 | 5 | CVE-2025-24021 |
| Combodo–iTop | iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn’t use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS. | 2025-05-14 | 5.3 | CVE-2025-24026 |
| Combodo–iTop | iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue. | 2025-05-14 | 5 | CVE-2025-24969 |
| Combodo–iTop | iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the dashboard. | 2025-05-14 | 4.3 | CVE-2025-24785 |
| contrid–Newsletters | The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-05-13 | 6.5 | CVE-2025-3107 |
| D-Link–DI-7003GV2 | A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4750 |
| D-Link–DI-7003GV2 | A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4751 |
| D-Link–DI-7003GV2 | A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /install_base.data. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4752 |
| D-Link–DI-7003GV2 | A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this issue is some unknown functionality of the file /login.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4753 |
| D-Link–DI-7003GV2 | A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4756 |
| defog-ai–introspect | A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4767 |
| Dell–PowerScale InsightIQ | Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | 2025-05-15 | 5.3 | CVE-2025-30476 |
| dpgaspar–Flask-AppBuilder | Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the `FAB_SAFE_REDIRECT_HOSTS` configuration variable, which allows administrators to explicitly define which domains are considered safe for redirection. As a workaround, use a reverse proxy to enforce trusted host headers. | 2025-05-16 | 4.3 | CVE-2025-32962 |
| ecki–net-tools | net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. | 2025-05-14 | 6.6 | CVE-2025-46836 |
| Edward Caissie–BNS Twitter Follow Button | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through 0.3.8. | 2025-05-12 | 6.5 | CVE-2025-47578 |
| emmanuelg–EG-Series | The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode_title function. This makes it possible for authenticated attackers – with contributor-level access and above, on sites with the Classic Editor plugin activated – to inject arbitrary JavaScript code in the titletag attribute that will execute whenever a user access an injected page. | 2025-05-15 | 6.4 | CVE-2025-4126 |
| EventON–EventON (Pro) – WordPress Virtual Event Calendar Plugin | The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the ‘assets/lib/settings/settings.js’ file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.9.6. | 2025-05-17 | 6.4 | CVE-2025-3527 |
| feng_ha_ha–ssm-erp | A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | 2025-05-16 | 6.3 | CVE-2025-4768 |
| Fortinet–FortiClientEMS | A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. | 2025-05-13 | 5 | CVE-2025-22859 |
| gongfuxiang–schoolcms | A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 4.7 | CVE-2025-4795 |
| Hitachi–Hitachi Infrastructure Analytics Advisor | Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | 2025-05-16 | 6.5 | CVE-2025-1245 |
| Hitachi–Hitachi Ops Center Analyzer | Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00. | 2025-05-16 | 5.4 | CVE-2024-8201 |
| Hitachi–Hitachi Ops Center Analyzer | Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | 2025-05-16 | 4.3 | CVE-2025-3624 |
| Hitachi–Hitachi Ops Center Analyzer viewpoint | Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00. | 2025-05-16 | 6.5 | CVE-2025-1531 |
| Hitachi–JP1/IT Desktop Management 2 – Smart Device Manager | Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 – Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 – Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06. | 2025-05-15 | 5.3 | CVE-2025-27524 |
| horilla-opensource–horilla | Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue. | 2025-05-15 | 6.1 | CVE-2025-47789 |
| I-O DATA DEVICE, INC.–HDL-TC1 | Missing authentication for critical function issue exists in I-O DATA network attached hard disk ‘HDL-T Series’ firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings. | 2025-05-15 | 5.3 | CVE-2025-32738 |
| IBM–Content Navigator | IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. | 2025-05-16 | 5.4 | CVE-2024-51475 |
| IBM–InfoSphere Information Server | IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | 2025-05-15 | 4.3 | CVE-2025-1138 |
| IBM–Security Guardium | IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-05-15 | 5.5 | CVE-2025-3440 |
| IBM–WebSphere Application Server | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-05-14 | 4.4 | CVE-2025-33104 |
| imithemes–Eventer | Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6. | 2025-05-16 | 4.3 | CVE-2025-39482 |
| Ivanti–Endpoint Manager Mobile | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | 2025-05-13 | 5.3 | CVE-2025-4427 |
| jammy928–CoinExchange_CryptoExchange_Java | A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework/core/src/main/java/com/bizzan/bitrade/util/UploadFileUtil.java of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-05-18 | 6.3 | CVE-2025-4893 |
| Javier Revilla–ValidateCertify | Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2. | 2025-05-16 | 4.3 | CVE-2025-48115 |
| kamleshyadav–Pixel WordPress Form BuilderPlugin & Autoresponder | Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2. | 2025-05-16 | 5.4 | CVE-2025-31915 |
| kanwangzjm–Funiture | A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-05-17 | 4.3 | CVE-2025-4838 |
| kilbot–WooCommerce POS | Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8. | 2025-05-16 | 5.3 | CVE-2025-48117 |
| latepoint–LatePoint Calendar Booking Plugin for Appointments and Events | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the ‘view_booking_summary_in_lightbox’ due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to retrieve appointment details such as customer names and email addresses. | 2025-05-14 | 5.3 | CVE-2025-3769 |
| lf-edge–ekuiper | LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim’s browser. Version 2.1.0 fixes the issue. | 2025-05-14 | 6.3 | CVE-2024-52290 |
| Lichess–Lila | powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML. | 2025-05-15 | 4.7 | CVE-2025-48051 |
| loopus–WP Ultimate Tours Builder | Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder allows Cross Site Request Forgery. This issue affects WP Ultimate Tours Builder: from n/a through 1.055. | 2025-05-16 | 4.3 | CVE-2025-31921 |
| Mattermost–Mattermost | Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost. | 2025-05-15 | 5.8 | CVE-2025-31947 |
| Mattermost–Mattermost | Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user’s permissions when accessing groups, which allows an attacker to view group information via an API request. | 2025-05-15 | 4.3 | CVE-2025-2527 |
| Mattermost–Mattermost | Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team. | 2025-05-15 | 4.3 | CVE-2025-3446 |
| merikbest–ecommerce-spring-reactjs | A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/ of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-05-18 | 6.3 | CVE-2025-4868 |
| Metagauss–ProfileGrid | Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1. | 2025-05-16 | 4.3 | CVE-2025-48079 |
| Microsoft–Microsoft Defender for Endpoint for Linux | External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 6.7 | CVE-2025-26684 |
| Microsoft–Microsoft Defender for Identity | Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. | 2025-05-13 | 6.5 | CVE-2025-26685 |
| Microsoft–Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. | 2025-05-13 | 5.5 | CVE-2025-32703 |
| Microsoft–Windows 10 Version 1809 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29830 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29832 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29835 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29836 |
| Microsoft–Windows 10 Version 1809 | Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. | 2025-05-13 | 6.2 | CVE-2025-29957 |
| Microsoft–Windows 10 Version 1809 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29958 |
| Microsoft–Windows 10 Version 1809 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29959 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29960 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 2025-05-13 | 6.5 | CVE-2025-29961 |
| Microsoft–Windows 10 Version 1809 | Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | 2025-05-13 | 5.5 | CVE-2025-29829 |
| Microsoft–Windows 10 Version 1809 | Improper link resolution before file access (‘link following’) in Windows Installer allows an authorized attacker to disclose information locally. | 2025-05-13 | 5.5 | CVE-2025-29837 |
| Microsoft–Windows 10 Version 1809 | Uncontrolled resource consumption in Windows LDAP – Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | 2025-05-13 | 5.9 | CVE-2025-29954 |
| Microsoft–Windows 10 Version 1809 | Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. | 2025-05-13 | 5.4 | CVE-2025-29956 |
| Microsoft–Windows 10 Version 1809 | Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. | 2025-05-13 | 5.7 | CVE-2025-29974 |
| Microsoft–Windows 10 Version 1809 | Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. | 2025-05-13 | 4 | CVE-2025-29839 |
| Microsoft–Windows HLK for Windows Server 2025 | Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | 2025-05-13 | 6.7 | CVE-2025-27488 |
| Microsoft–Windows Server 2019 | Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | 2025-05-13 | 6.5 | CVE-2025-29968 |
| Microsoft–Windows Server 2019 | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | 2025-05-13 | 5.9 | CVE-2025-30394 |
| Microsoft–Windows Server 2025 (Server Core installation) | Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. | 2025-05-13 | 6.2 | CVE-2025-29955 |
| Mitsubishi Electric Corporation–GENESIS64 | Execution with Unnecessary Privileges vulnerability in the Pager agent of multi-agent notification feature in Mitsubishi Electric Iconics Digital Solutions GENESIS64 prior to 10.97.3, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC. | 2025-05-15 | 6.5 | CVE-2025-0921 |
| MutonUfoAI–pGina.Fork | The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver. | 2025-05-15 | 5.4 | CVE-2025-48027 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.5 | CVE-2025-20013 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access. | 2025-05-13 | 5.7 | CVE-2025-20022 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Improper access control for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2025-05-13 | 5 | CVE-2025-20076 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 2025-05-13 | 5.5 | CVE-2025-20612 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 2025-05-13 | 5.5 | CVE-2025-20616 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | 2025-05-13 | 5.7 | CVE-2025-20624 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.5 | CVE-2025-22895 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 4.7 | CVE-2025-20611 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 4.5 | CVE-2025-21081 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 2025-05-13 | 4.6 | CVE-2025-22446 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Improper access control for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2025-05-13 | 4.3 | CVE-2025-22844 |
| n/a–Endurance Gaming Mode software installers | Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-47550 |
| n/a–Intel Atom(R) processors | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.6 | CVE-2024-43420 |
| n/a–Intel(R) Advisor software | Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20079 |
| n/a–Intel(R) Arc & Iris(R) Xe graphics software | Improper access control for some Intel(R) Arcâ„¢ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.7 | CVE-2024-45371 |
| n/a–Intel(R) Arc & Iris(R) Xe graphics software | Uncontrolled search path for some Intel(R) Arcâ„¢ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-46895 |
| n/a–Intel(R) Arc & Iris(R) Xe graphics software | Improper access control for some Intel(R) Arcâ„¢ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 5.9 | CVE-2024-39758 |
| n/a–Intel(R) Arc GPU | Improper conditions check for some Intel(R) Arcâ„¢ GPU may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 5.6 | CVE-2024-28036 |
| n/a–Intel(R) Core processors (10th Generation) | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Coreâ„¢ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.6 | CVE-2025-20623 |
| n/a–Intel(R) Core Ultra Processors | Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Coreâ„¢ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 2025-05-13 | 5.7 | CVE-2025-20047 |
| n/a–Intel(R) Core Ultra Processors | Incorrect initialization of resource in the branch prediction unit for some Intel(R) Coreâ„¢ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.6 | CVE-2025-24495 |
| n/a–Intel(R) Core Ultra Processors | Incorrect behavior order for some Intel(R) Coreâ„¢ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2025-05-13 | 4.9 | CVE-2025-20012 |
| n/a–Intel(R) Data Center GPU Flex Series for Windows driver software | Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 5.3 | CVE-2024-43101 |
| n/a–Intel(R) Ethernet Connection software | Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20015 |
| n/a–Intel(R) Ethernet Network Adapter E810 Series | Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20629 |
| n/a–Intel(R) Graphics Driver installers | Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-28954 |
| n/a–Intel(R) Graphics Driver software | Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.1 | CVE-2024-29222 |
| n/a–Intel(R) Graphics Driver software | Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-47800 |
| n/a–Intel(R) Graphics Drivers | Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.5 | CVE-2025-20031 |
| n/a–Intel(R) Graphics Drivers | NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.5 | CVE-2025-20071 |
| n/a–Intel(R) Graphics software | Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-21099 |
| n/a–Intel(R) Graphics software for Intel(R) Arc graphics and Intel(R) Iris(R) Xe graphics | Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arcâ„¢ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20041 |
| n/a–Intel(R) Network Adapter Driver installers for Windows 11 | Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20108 |
| n/a–Intel(R) oneAPI DPC++/C++ Compiler software | Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-47795 |
| n/a–Intel(R) oneAPI Level Zero software | Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-31073 |
| n/a–Intel(R) Processors | Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.5 | CVE-2025-20054 |
| n/a–Intel(R) Processors | Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.5 | CVE-2025-20103 |
| n/a–Intel(R) Processors | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.6 | CVE-2024-28956 |
| n/a–Intel(R) Processors | Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 5.6 | CVE-2024-45332 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 6.1 | CVE-2025-20026 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 6.6 | CVE-2025-20039 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 6.1 | CVE-2025-20062 |
| n/a–Intel(R) QAT software | Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2024-39833 |
| n/a–Intel(R) RealSense SDK software | Uncontrolled search path for some Intel(R) RealSenseâ„¢ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20043 |
| n/a–Intel(R) RealSense SDK software | Incorrect Default Permissions for some Intel(R) RealSenseâ„¢ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.7 | CVE-2025-20095 |
| n/a–Intel(R) Server D50DNP and M50FCP boards | Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to potentially enable information disclosure via local access. | 2025-05-13 | 5.3 | CVE-2025-20034 |
| n/a–Intel(R) Server D50DNP and M50FCP boards | Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. | 2025-05-13 | 4.1 | CVE-2025-20009 |
| n/a–Intel(R) Server D50DNP and M50FCP boards | Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. | 2025-05-13 | 4.1 | CVE-2025-21100 |
| n/a–Intel(R) Simics(R) Package Manager software | Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. | 2025-05-13 | 6.1 | CVE-2025-22448 |
| n/a–Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) | Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-05-13 | 6.1 | CVE-2024-48869 |
| n/a–OpenVINO model server software maintained by Intel(R) | Uncontrolled resource consumption for some OpenVINOâ„¢ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 6.5 | CVE-2025-22892 |
| n/a–VMware Tools | VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. | 2025-05-12 | 6.1 | CVE-2025-22247 |
| nackle2k10–Bon Toolkit | The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bt-map’ shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-15 | 6.4 | CVE-2025-4589 |
| naicuoctavian–Audio Comments Plugin | The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the ‘audio-comments/audior-settings.php’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-05-17 | 6.1 | CVE-2025-4189 |
| Netvision–ISOinsight | The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. These functions include viewing the administrator list, viewing and editing IP settings, and uploading files. | 2025-05-12 | 6.5 | CVE-2025-4560 |
| nextcloud–security-advisories | Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor confirmation after a successful login with the username and password when the server was configured with `remember_login_cookie_lifetime` set to `0`, once the session expired on the page to select the second factor and the page is reloaded. Nextcloud Server 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server is upgraded to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9 and 31.0.3 contain a patch. As a workaround, set the `remember_login_cookie_lifetime` in config.php to a value other than `0`, e.g. `900`. Beware that this is only a workaround for new sessions created after the configuration change. System administration can delete affected sessions. | 2025-05-16 | 6.4 | CVE-2025-47790 |
| nextcloud–security-advisories | Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available. | 2025-05-16 | 5 | CVE-2025-47792 |
| nextcloud–security-advisories | Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not protected correctly, allowing to proxy requests to another server. The endpoint was removed in Nextcloud Server 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server 28.0.13, 29.0.10, and 30.0.3. No known workarounds are available. | 2025-05-16 | 4.3 | CVE-2025-47791 |
| nextcloud–security-advisories | Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud Groupfolders app prior to 18.0.3, 17.0.5, and 16.0.11, the absence of quota checking on attachments allowed logged-in users to upload files exceeding the group folder quota. Nextcloud Server versions 30.0.2 and 29.0.9, Nextcloud Enterprise Server versions 30.0.2, 29.0.9, or 28.0.12, and Nextcloud Groupfolders app 18.0.3, 17.0.5, and 16.0.11 fix the issue. No known workarounds are available. | 2025-05-16 | 4.3 | CVE-2025-47793 |
| Ninja Forms–Ninja Forms Webhooks | The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-05-14 | 5.5 | CVE-2024-13940 |
| PeepSo–PeepSo Core: File Uploads | The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download files uploaded by others users and expose potentially sensitive information. | 2025-05-14 | 5.3 | CVE-2024-8988 |
| pencilwp–X Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14. | 2025-05-16 | 6.5 | CVE-2025-48132 |
| PHPGurukul–Cyber Cafe Management System | A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 6.3 | CVE-2025-4695 |
| PHPGurukul–Cyber Cafe Management System | A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 6.3 | CVE-2025-4696 |
| PHPGurukul–Directory Management System | A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /searchdata.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 4.3 | CVE-2025-4862 |
| PHPGurukul–Park Ticketing Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4770 |
| PHPGurukul–Park Ticketing Management System | A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4777 |
| PHPGurukul–Park Ticketing Management System | A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4778 |
| PHPGurukul–Park Ticketing Management System | A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4780 |
| PHPGurukul–Park Ticketing Management System | A vulnerability classified as critical has been found in PHPGurukul Park Ticketing Management System 2.0. Affected is an unknown function of the file /forgot-password.php. The manipulation of the argument email/contactno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4781 |
| PHPGurukul–Park Ticketing Management System | A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical. This issue affects some unknown processing of the file /add-normal-ticket.php. The manipulation of the argument noadult/nochildren/aprice/cprice leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-05-16 | 6.3 | CVE-2025-4808 |
| QuanticaLabs–CSS3 Accordions for WordPress | Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0. | 2025-05-16 | 5.4 | CVE-2025-31923 |
| QuanticaLabs–CSS3 Compare Pricing Tables for WordPress | Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.5. | 2025-05-16 | 5.4 | CVE-2025-47556 |
| QuanticaLabs–CSS3 Tooltips for WordPress | Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Tooltips for WordPress: from n/a through 1.8. | 2025-05-16 | 4.3 | CVE-2025-32180 |
| quantumcloud–Simple Link Directory Pro | Missing Authorization vulnerability in quantumcloud Simple Link Directory Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Link Directory Pro: from n/a through 14.7.3. | 2025-05-16 | 5.3 | CVE-2025-32296 |
| Red Hat–Red Hat | In crossbeam-channel rust crate, the internal `Channel` type’s `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | 2025-05-13 | 6.5 | CVE-2025-4574 |
| Red Hat–Red Hat Enterprise Linux 6 | A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user’s application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user’s client application into connecting to the attacker’s malicious server. | 2025-05-16 | 4.3 | CVE-2025-4476 |
| redqteam–Wishlist | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0. | 2025-05-16 | 4.3 | CVE-2025-31062 |
| redqteam–Wishlist | Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0. | 2025-05-16 | 4.3 | CVE-2025-31063 |
| RomanCode–MapSVG | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RomanCode MapSVG allows Stored XSS. This issue affects MapSVG: from n/a through 8.5.31. | 2025-05-16 | 6.5 | CVE-2025-47557 |
| RomanCode–MapSVG | Missing Authorization vulnerability in RomanCode MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG: from n/a through 8.5.32. | 2025-05-16 | 5 | CVE-2025-47560 |
| RomanCode–MapSVG | Improper Control of Generation of Code (‘Code Injection’) vulnerability in RomanCode MapSVG allows Code Injection. This issue affects MapSVG: from n/a through 8.5.34. | 2025-05-16 | 5.3 | CVE-2025-47562 |
| RomanCode–MapSVG Lite | Improper Control of Generation of Code (‘Code Injection’) vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4. | 2025-05-16 | 5.3 | CVE-2025-48120 |
| RS WP THEMES–RS WP Book Showcase | Improper Control of Generation of Code (‘Code Injection’) vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41. | 2025-05-16 | 5.3 | CVE-2025-48119 |
| Rustaurius–Front End Users | Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32. | 2025-05-15 | 5.4 | CVE-2025-47580 |
| Saiful Islam–UltraAddons Elementor Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0. | 2025-05-16 | 6.5 | CVE-2025-48131 |
| SAP_SE–SAP Data Services Management Console | The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted. | 2025-05-13 | 4.4 | CVE-2025-26662 |
| SAP_SE–SAP Digital Manufacturing (Production Operator Dashboard) | Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability. | 2025-05-13 | 5.3 | CVE-2025-43004 |
| SAP_SE–SAP Gateway Client | Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability. | 2025-05-13 | 6.6 | CVE-2025-42997 |
| SAP_SE–SAP GUI for Windows | SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data. | 2025-05-13 | 4.3 | CVE-2025-43005 |
| SAP_SE–SAP NetWeaver Application Server ABAP and ABAP Platform | SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability. | 2025-05-13 | 6.2 | CVE-2025-31329 |
| SAP_SE–SAP S/4HANA (Private Cloud & On-Premise) | SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application. | 2025-05-13 | 6.4 | CVE-2025-43003 |
| SAP_SE–SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal | Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability. | 2025-05-13 | 5.8 | CVE-2025-43008 |
| SAP_SE–SAP S4/HANA (OData meta-data property) | SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted. | 2025-05-13 | 4.3 | CVE-2025-43002 |
| SAP_SE–SAP Service Parts Management (SPM) | SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application. | 2025-05-13 | 6.3 | CVE-2025-43007 |
| SAP_SE–SAP Service Parts Management (SPM) | SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application. | 2025-05-13 | 6.3 | CVE-2025-43009 |
| SAP_SE–SAP Supplier Relationship Management (Live Auction Cockpit) | he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application | 2025-05-13 | 6.1 | CVE-2025-30009 |
| SAP_SE–SAP Supplier Relationship Management (Live Auction Cockpit) | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application. | 2025-05-13 | 6.1 | CVE-2025-30010 |
| SAP_SE–SAP Supplier Relationship Management (Live Auction Cockpit) | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application. | 2025-05-13 | 5.3 | CVE-2025-30011 |
| SAP_SE–SAP Supplier Relationship Management (Master Data Management Catalog) | SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity. | 2025-05-13 | 6.1 | CVE-2025-43006 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated user’s token could be used by another source after the user had logged out prior to the token expiring. | 2025-05-12 | 6.3 | CVE-2025-46743 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated user without user-management permissions could view other users’ account information. | 2025-05-12 | 6.5 | CVE-2025-46745 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred. | 2025-05-12 | 5.7 | CVE-2025-46741 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An administrator could discover another account’s credentials. | 2025-05-12 | 5.8 | CVE-2025-46746 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated user without user-management permissions could identify other user accounts. | 2025-05-12 | 5.7 | CVE-2025-46747 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | Users who were required to change their password could still access system information before changing their password | 2025-05-12 | 4.3 | CVE-2025-46742 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution. | 2025-05-12 | 4.3 | CVE-2025-46749 |
| Schweitzer Engineering Laboratories–SEL-3350-1 | SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set. | 2025-05-12 | 4.4 | CVE-2025-46750 |
| Schweitzer Engineering Laboratories–SEL-5033 acSELerator RTAC Software | An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code. | 2025-05-12 | 6.6 | CVE-2025-46738 |
| scripteo–Ads Pro Plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in scripteo Ads Pro Plugin allows Stored XSS. This issue affects Ads Pro Plugin: from n/a through 4.88. | 2025-05-16 | 6.5 | CVE-2025-46464 |
| Sharespine–Sharespine Woocommerce Connector | Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55. | 2025-05-16 | 4.3 | CVE-2025-48128 |
| Siemens–APOGEE PXC+TALON TC Series (BACnet) | A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted device, and potentially reduce the availability of BACnet network. A power cycle is required to restore the device’s normal operation. | 2025-05-13 | 4.7 | CVE-2025-40555 |
| Siemens–BACnet ATEC 550-440 | A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device’s normal operation. | 2025-05-13 | 6.5 | CVE-2025-40556 |
| Siemens–IEC 1Ph 7.4kW Child socket | A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions), UL Resi High End 40A w/15118 Hw (8EM1312-4CF18-0FA3) (All versions), UL Resi High End 48A w/15118 Hw (8EM1312-5CF18-0FA3) (All versions), VersiCharge Blueâ„¢ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions). Affected devices do not contain an Immutable Root of Trust in M0 Hardware. An attacker with physical access to the device could use this to execute arbitrary code. | 2025-05-13 | 4.2 | CVE-2025-31929 |
| Siemens–MS/TP Point Pickup Module | A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device’s normal operation. | 2025-05-13 | 6.5 | CVE-2025-24510 |
| Siemens–Polarion V2310 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application’s database. | 2025-05-13 | 6.5 | CVE-2024-51444 |
| Siemens–Polarion V2310 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server. | 2025-05-13 | 6.5 | CVE-2024-51445 |
| Siemens–Polarion V2310 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application. | 2025-05-13 | 6.5 | CVE-2024-51446 |
| Siemens–Polarion V2310 | A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames. | 2025-05-13 | 5.3 | CVE-2024-51447 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. | 2025-05-13 | 6.7 | CVE-2025-40579 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition. | 2025-05-13 | 6.7 | CVE-2025-40580 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive information stored on the device. | 2025-05-13 | 5.5 | CVE-2025-40572 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. | 2025-05-13 | 4.4 | CVE-2025-40573 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. | 2025-05-13 | 4.3 | CVE-2025-40575 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. | 2025-05-13 | 4.3 | CVE-2025-40576 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. | 2025-05-13 | 4.3 | CVE-2025-40577 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process. | 2025-05-13 | 4.3 | CVE-2025-40578 |
| Siemens–SCALANCE LPE9403 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to retrieve this sensitive information. | 2025-05-13 | 4.4 | CVE-2025-40583 |
| Siemens–SIRIUS 3RK3 Modular Safety System (MSS) | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords. | 2025-05-13 | 6.5 | CVE-2025-24008 |
| Siemens–SIRIUS 3RK3 Modular Safety System (MSS) | A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with network access could retrieve sensitive information from certain data records, including obfuscated safety passwords. | 2025-05-13 | 5.9 | CVE-2025-24009 |
| SourceCodester–Online Student Clearance System | A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 5.3 | CVE-2025-4807 |
| SourceCodester–Online Student Clearance System | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 4.3 | CVE-2025-4887 |
| SourceCodester–Stock Management System | A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4782 |
| SourceCodester–Stock Management System | A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4786 |
| SourceCodester–Stock Management System | A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4787 |
| SourceCodester–Stock Management System | A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 6.3 | CVE-2025-4806 |
| SourceCodester–Student Result Management System | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 5.4 | CVE-2025-4720 |
| Steve Puddick–WP Notes Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a through 1.0.6. | 2025-05-16 | 6.5 | CVE-2025-48121 |
| SYNCPILOT–LIVE CONTRACT | An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4. | 2025-05-16 | 5.9 | CVE-2025-2306 |
| Synology–Active Backup for Microsoft 365 | A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors. | 2025-05-16 | 6.5 | CVE-2025-4679 |
| Tenda–A15 | A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 6.5 | CVE-2025-4867 |
| ThemeNcode–TNC FlipBook | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue affects TNC FlipBook: from n/a through 12.1.0. | 2025-05-16 | 6.5 | CVE-2025-39509 |
| themeton–Acerola | Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5. | 2025-05-16 | 5.3 | CVE-2025-31066 |
| themeton–HotStar Multi-Purpose Business Theme | Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4. | 2025-05-16 | 5.3 | CVE-2025-31071 |
| themeton–Rozario | Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4. | 2025-05-16 | 5.3 | CVE-2025-31065 |
| themeton–Seven Stars | Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4. | 2025-05-16 | 4.3 | CVE-2025-31068 |
| themeton–Spare | Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7. | 2025-05-16 | 4.3 | CVE-2025-31639 |
| themeton–The Business | Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1. | 2025-05-16 | 5.3 | CVE-2025-31630 |
| Themovation–QuickCal | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15. | 2025-05-16 | 4.3 | CVE-2025-32299 |
| TOTOLINK–A3002R | A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-15 | 6.3 | CVE-2025-4729 |
| TOTOLINK–N300RH | A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 6.3 | CVE-2025-4849 |
| TOTOLINK–N300RH | A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 6.3 | CVE-2025-4850 |
| TOTOLINK–N300RH | A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 6.3 | CVE-2025-4851 |
| Uncanny Owl–Uncanny Toolkit for LearnDash | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.2. | 2025-05-16 | 6.5 | CVE-2025-48080 |
| uncannyowl–Uncanny Automator Easy Automation, Integration, Webhooks & Workflow Builder Plugin | The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. | 2025-05-14 | 5.4 | CVE-2025-4520 |
| urkekg–Posts per Cat | The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ppc’ shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-16 | 6.4 | CVE-2025-4169 |
| ValvePress–Pinterest Automatic Pin | Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2. | 2025-05-16 | 4.3 | CVE-2025-39511 |
| ValvePress–Rankie | Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0. | 2025-05-16 | 4.3 | CVE-2025-39493 |
| ValvePress–Wordpress Auto Spinner | Missing Authorization vulnerability in ValvePress WordPress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Auto Spinner: from n/a through 3.25.0. | 2025-05-16 | 4.3 | CVE-2025-47534 |
| varnish-software–Varnish Cache | Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries. | 2025-05-13 | 5.4 | CVE-2025-47905 |
| villatheme–CURCY | Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7. | 2025-05-16 | 5.3 | CVE-2025-47563 |
| VITA-MLLM–Freeze-Omni | A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host. | 2025-05-15 | 5.3 | CVE-2025-4701 |
| wcmp–MultiVendorX WooCommerce Multivendor Marketplace Solutions | The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the ‘delete_fpm_product’ function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22. | 2025-05-17 | 4.3 | CVE-2025-4101 |
| weibocom–rill-flow | A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 6.3 | CVE-2025-4866 |
| welukame–Weluka Lite | The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘weluka-map’ shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-15 | 6.4 | CVE-2025-4591 |
| wordpresschef–Salon Booking Pro | Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon Booking Pro: from n/a through 10.10.2. | 2025-05-16 | 4.3 | CVE-2025-32295 |
| wpdevelop–WP Booking Calendar | The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-05-17 | 6.4 | CVE-2025-4669 |
| XU-YIJIE–grpo-flat | A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-05-16 | 5.3 | CVE-2025-4742 |
| Zoom Communications, Inc–Zoom Workplace Apps | Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. | 2025-05-14 | 6.6 | CVE-2025-30664 |
| Zoom Communications, Inc–Zoom Workplace Apps | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | 2025-05-14 | 6.5 | CVE-2025-30667 |
| Zoom Communications, Inc–Zoom Workplace Apps | Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. | 2025-05-14 | 6.5 | CVE-2025-30668 |
| Zoom Communications, Inc–Zoom Workplace Apps | Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | 2025-05-14 | 6.5 | CVE-2025-46785 |
| Zoom Communications, Inc–Zoom Workplace Apps | Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. | 2025-05-14 | 4.3 | CVE-2025-46786 |
| Zoom Communications, Inc–Zoom Workplace Apps for Windows | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | 2025-05-14 | 6.5 | CVE-2025-30665 |
| Zoom Communications, Inc–Zoom Workplace Apps for Windows | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | 2025-05-14 | 6.5 | CVE-2025-30666 |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| calmkart–Django-sso-server | A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encryption strength. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-05-18 | 3.7 | CVE-2025-4894 |
| Cloud Foundry–UAA | Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. | 2025-05-13 | 3 | CVE-2025-22246 |
| code-projects–Employee Record System | A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 3.5 | CVE-2025-4744 |
| code-projects–Employee Record System | A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-05-16 | 3.5 | CVE-2025-4745 |
| D-Link–DAP-2695 | A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-18 | 2.4 | CVE-2025-4858 |
| D-Link–DAP-2695 | A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-18 | 2.4 | CVE-2025-4859 |
| D-Link–DAP-2695 | A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-05-18 | 2.4 | CVE-2025-4860 |
| Fortinet–FortiClientMac | An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables. | 2025-05-13 | 2.3 | CVE-2024-35281 |
| GNU–PSPP | libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read. | 2025-05-16 | 2.9 | CVE-2025-48188 |
| Hitachi–JP1/IT Desktop Management 2 – Smart Device Manager | Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 – Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 – Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06. | 2025-05-15 | 3.9 | CVE-2025-27525 |
| itwanger–paicoding | A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 3.1 | CVE-2025-4839 |
| Mattermost–Mattermost | Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn’t have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console. | 2025-05-15 | 2.7 | CVE-2025-2570 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 3.5 | CVE-2025-20057 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 3.5 | CVE-2025-20084 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Improper conditions check for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-05-13 | 3.5 | CVE-2025-22848 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 2025-05-13 | 3.5 | CVE-2025-23233 |
| n/a–Edge Orchestrator software for Intel(R) Tiber Edge Platform | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | 2025-05-13 | 2.6 | CVE-2025-20030 |
| n/a–Intel(R) Graphics Driver software | Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access. | 2025-05-13 | 3.8 | CVE-2024-31150 |
| n/a–Meteor | A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.2 is able to address this issue. The identifier of the patch is f7ea6817b90952baaea9baace2a3b4366fee6a63. It is recommended to upgrade the affected component. | 2025-05-15 | 3.7 | CVE-2025-4727 |
| nextcloud–security-advisories | Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available. | 2025-05-16 | 2.6 | CVE-2025-47794 |
| nodejs–undici | Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails. | 2025-05-15 | 3.1 | CVE-2025-47279 |
| O2 UK–O2 | O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229. | 2025-05-18 | 3.5 | CVE-2025-48219 |
| Phoenix–SecureCore Technology 4 | Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67. | 2025-05-13 | 3.3 | CVE-2024-12533 |
| SAP_SE–SAP Supplier Relationship Management (Live Auction Cockpit) | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application. | 2025-05-13 | 3.9 | CVE-2025-30012 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated administrator could modify the Created By username for a user account | 2025-05-12 | 2.7 | CVE-2025-46744 |
| Schweitzer Engineering Laboratories–SEL Blueframe OS | An authenticated user attempting to change their password could do so without using the current password. | 2025-05-12 | 2.7 | CVE-2025-46748 |
| Siemens–Mendix OIDC SSO (Mendix 10 compatible) | A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.0.0), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. | 2025-05-13 | 2.2 | CVE-2025-40571 |
| Spring–Spring Framework | CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 – 6.2.6 * 6.1.0 – 6.1.19 * 6.0.0 – 6.0.27 * 5.3.0 – 5.3.42 * Older, unsupported versions are also affected Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix Version Availability 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Commercial https://enterprise.spring.io/ 5.3.x 5.3.43 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation. For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields. Credit This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation. | 2025-05-16 | 3.1 | CVE-2025-22233 |
| TOTOLINK–A3002R | A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-05-18 | 2.4 | CVE-2025-4852 |
| trifectatechfoundation–sudo-rs | sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo –list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability. | 2025-05-12 | 3.3 | CVE-2025-46717 |
| trifectatechfoundation–sudo-rs | sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users’ permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability. | 2025-05-12 | 3.3 | CVE-2025-46718 |
| vercel–next.js | Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel’s platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers. | 2025-05-14 | 3.7 | CVE-2025-32421 |
| y_project–RuoYi | A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2025-05-17 | 3.1 | CVE-2025-4819 |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| AbanteCart–AbanteCart | Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim’s browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through “/about_us?[XSS_PAYLOAD]”. | 2025-05-12 | not yet calculated | CVE-2025-40626 |
| AbanteCart–AbanteCart | Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim’s browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through “/eyes? [XSS_PAYLOAD]”. | 2025-05-12 | not yet calculated | CVE-2025-40627 |
| Absolute Security–Absolute Persistence | A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below. | 2025-05-13 | not yet calculated | CVE-2024-6364 |
| alchemyplatform–modular-account | Alchemy’s Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys (scoped external keys) to external parties and would use the allowlist module to restrict which external contracts can be accessed by the session key. There is a bug in the allowlist module in that we don’t check for the `executeUserOp` -> `execute` or `executeBatch` path, effectively allowing any session key to bypass any access control restrictions set on the session key. Session keys are able to access ERC20 and ERC721 token contracts amongst others, transferring all tokens from the account out andonfigure the permissions on external modules on session keys. They would be able to remove all restrictions set on themselves this way, or rotate the keys of other keys with higher privileges into keys that they control. Commit 5e6f540d249afcaeaf76ab95517d0359fde883b0 fixes this issue. | 2025-05-15 | not yet calculated | CVE-2025-46834 |
| Apache Software Foundation–Apache IoTDB | Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. | 2025-05-14 | not yet calculated | CVE-2024-24780 |
| Apache Software Foundation–Apache IoTDB | Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. | 2025-05-14 | not yet calculated | CVE-2025-26864 |
| Apache Software Foundation–Apache IoTDB JDBC driver | Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue. | 2025-05-14 | not yet calculated | CVE-2025-26795 |
| Apache Software Foundation–Apache ORC | Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue. | 2025-05-14 | not yet calculated | CVE-2025-47436 |
| Apache Software Foundation–Apache Superset | Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue. | 2025-05-13 | not yet calculated | CVE-2025-27696 |
| Apple–iOS and iPadOS | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls. | 2025-05-12 | not yet calculated | CVE-2025-30436 |
| Apple–iOS and iPadOS | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user’s installed apps. | 2025-05-12 | not yet calculated | CVE-2025-31207 |
| Apple–iOS and iPadOS | This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic. | 2025-05-12 | not yet calculated | CVE-2025-31214 |
| Apple–iOS and iPadOS | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results. | 2025-05-12 | not yet calculated | CVE-2025-31225 |
| Apple–iOS and iPadOS | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording. | 2025-05-12 | not yet calculated | CVE-2025-31227 |
| Apple–iOS and iPadOS | This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced. | 2025-05-12 | not yet calculated | CVE-2025-31253 |
| Apple–iPadOS | A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.7, iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier. | 2025-05-12 | not yet calculated | CVE-2025-24220 |
| Apple–iPadOS | An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. | 2025-05-12 | not yet calculated | CVE-2025-24225 |
| Apple–iPadOS | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication. | 2025-05-12 | not yet calculated | CVE-2025-30448 |
| Apple–iPadOS | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. | 2025-05-12 | not yet calculated | CVE-2025-31196 |
| Apple–iPadOS | The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service. | 2025-05-12 | not yet calculated | CVE-2025-31210 |
| Apple–iPadOS | The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen. | 2025-05-12 | not yet calculated | CVE-2025-31228 |
| Apple–macOS | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-24142 |
| Apple–macOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory. | 2025-05-12 | not yet calculated | CVE-2025-24155 |
| Apple–macOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash. | 2025-05-12 | not yet calculated | CVE-2025-24222 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. | 2025-05-12 | not yet calculated | CVE-2025-24258 |
| Apple–macOS | An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. | 2025-05-12 | not yet calculated | CVE-2025-24274 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR. | 2025-05-12 | not yet calculated | CVE-2025-30440 |
| Apple–macOS | The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges. | 2025-05-12 | not yet calculated | CVE-2025-30442 |
| Apple–macOS | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. | 2025-05-12 | not yet calculated | CVE-2025-30453 |
| Apple–macOS | The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. | 2025-05-12 | not yet calculated | CVE-2025-31195 |
| Apple–macOS | A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user’s iCloud Keychain. | 2025-05-12 | not yet calculated | CVE-2025-31213 |
| Apple–macOS | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections. | 2025-05-12 | not yet calculated | CVE-2025-31218 |
| Apple–macOS | A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information. | 2025-05-12 | not yet calculated | CVE-2025-31220 |
| Apple–macOS | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences. | 2025-05-12 | not yet calculated | CVE-2025-31224 |
| Apple–macOS | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A sandboxed app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31232 |
| Apple–macOS | A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination. | 2025-05-12 | not yet calculated | CVE-2025-31235 |
| Apple–macOS | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31236 |
| Apple–macOS | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination. | 2025-05-12 | not yet calculated | CVE-2025-31237 |
| Apple–macOS | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination. | 2025-05-12 | not yet calculated | CVE-2025-31240 |
| Apple–macOS | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31242 |
| Apple–macOS | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | 2025-05-12 | not yet calculated | CVE-2025-31244 |
| Apple–macOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory. | 2025-05-12 | not yet calculated | CVE-2025-31246 |
| Apple–macOS | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system. | 2025-05-12 | not yet calculated | CVE-2025-31247 |
| Apple–macOS | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31249 |
| Apple–macOS | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31250 |
| Apple–macOS | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. | 2025-05-12 | not yet calculated | CVE-2025-31256 |
| Apple–macOS | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | 2025-05-12 | not yet calculated | CVE-2025-31258 |
| Apple–macOS | The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges. | 2025-05-12 | not yet calculated | CVE-2025-31259 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31260 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | 2025-05-12 | not yet calculated | CVE-2025-24223 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | 2025-05-12 | not yet calculated | CVE-2025-31204 |
| Apple–tvOS | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin. | 2025-05-12 | not yet calculated | CVE-2025-31205 |
| Apple–tvOS | A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | 2025-05-12 | not yet calculated | CVE-2025-31206 |
| Apple–tvOS | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. | 2025-05-12 | not yet calculated | CVE-2025-31208 |
| Apple–tvOS | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information. | 2025-05-12 | not yet calculated | CVE-2025-31209 |
| Apple–tvOS | This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data. | 2025-05-12 | not yet calculated | CVE-2025-31212 |
| Apple–tvOS | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash. | 2025-05-12 | not yet calculated | CVE-2025-31215 |
| Apple–tvOS | The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | 2025-05-12 | not yet calculated | CVE-2025-31217 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2025-05-12 | not yet calculated | CVE-2025-31219 |
| Apple–tvOS | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory. | 2025-05-12 | not yet calculated | CVE-2025-31221 |
| Apple–tvOS | A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges. | 2025-05-12 | not yet calculated | CVE-2025-31222 |
| Apple–tvOS | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | 2025-05-12 | not yet calculated | CVE-2025-31223 |
| Apple–tvOS | A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service. | 2025-05-12 | not yet calculated | CVE-2025-31226 |
| Apple–tvOS | The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. | 2025-05-12 | not yet calculated | CVE-2025-31233 |
| Apple–tvOS | The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2025-05-12 | not yet calculated | CVE-2025-31234 |
| Apple–tvOS | The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. | 2025-05-12 | not yet calculated | CVE-2025-31238 |
| Apple–tvOS | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. | 2025-05-12 | not yet calculated | CVE-2025-31239 |
| Apple–tvOS | A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. | 2025-05-12 | not yet calculated | CVE-2025-31241 |
| Apple–tvOS | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination. | 2025-05-12 | not yet calculated | CVE-2025-31245 |
| Apple–tvOS | The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | 2025-05-12 | not yet calculated | CVE-2025-31251 |
| Apple–tvOS | This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. | 2025-05-12 | not yet calculated | CVE-2025-31257 |
| Apple–visionOS | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. | 2025-05-12 | not yet calculated | CVE-2025-24111 |
| Apple–visionOS | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state. | 2025-05-12 | not yet calculated | CVE-2025-24144 |
| ASUS–Armoury Crate | A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the ‘Security Update for Armoury Crate App’ section on the ASUS Security Advisory for more information. | 2025-05-12 | not yet calculated | CVE-2025-1533 |
| Atheos–Atheos | Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for the issue. | 2025-05-15 | not yet calculated | CVE-2025-47788 |
| bonigarcia–webdrivermanager | Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2. | 2025-05-14 | not yet calculated | CVE-2025-4641 |
| bytecodealliance–wasm-micro-runtime | The WebAssembly Micro Runtime’s (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. If the symlink points to an existing host file, it’s also possible to open it and read its content. Version 2.3.0 fixes the issue. | 2025-05-15 | not yet calculated | CVE-2025-43853 |
| cap-collectif–cap-collectif | Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198. | 2025-05-14 | not yet calculated | CVE-2025-47292 |
| Checkmk GmbH–Checkmk | Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | 2025-05-13 | not yet calculated | CVE-2025-32917 |
| davisking–dlib | Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before <19.24.7. | 2025-05-14 | not yet calculated | CVE-2025-4637 |
| Digi International–Digi PortServer TS | Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS – prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA – prior to and including 82000774_Z, build date 10/19/2020 * Digi One IAP – prior to and including 82000770 Z, build date 10/19/2020 A specially crafted POST request to the device’s web interface may allow an unauthenticated attacker to modify configuration settings. | 2025-05-12 | not yet calculated | CVE-2025-3659 |
| DomainsPRO–DomainsPRO | SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint. | 2025-05-13 | not yet calculated | CVE-2025-40628 |
| Drupal–COOKiES Consent Management | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. | 2025-05-14 | not yet calculated | CVE-2025-47703 |
| Drupal–Enterprise MFA – TFA for Drupal | Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | 2025-05-14 | not yet calculated | CVE-2025-47706 |
| Drupal–Enterprise MFA – TFA for Drupal | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | 2025-05-14 | not yet calculated | CVE-2025-47707 |
| Drupal–Enterprise MFA – TFA for Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | 2025-05-14 | not yet calculated | CVE-2025-47708 |
| Drupal–Enterprise MFA – TFA for Drupal | Missing Authorization vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | 2025-05-14 | not yet calculated | CVE-2025-47709 |
| Drupal–Enterprise MFA – TFA for Drupal | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | 2025-05-14 | not yet calculated | CVE-2025-47710 |
| Drupal–IFrame Remove Filter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5. | 2025-05-14 | not yet calculated | CVE-2025-47705 |
| Drupal–Klaro Cookie & Consent Management | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. | 2025-05-14 | not yet calculated | CVE-2025-47704 |
| Drupal–oEmbed Providers | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. | 2025-05-14 | not yet calculated | CVE-2025-47702 |
| Drupal–Restrict route by IP | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0. | 2025-05-14 | not yet calculated | CVE-2025-47701 |
| DumbWareio–DumbDrop | DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload. Commit db27b25372eb9071e63583d8faed2111a2b79f1b fixes the vulnerability. | 2025-05-15 | not yet calculated | CVE-2025-47929 |
| emlog–emlog | Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deserialization to fail and return `false`. Commit 9643250802188b791419e3c2188577073256a8a2 fixes the issue. | 2025-05-15 | not yet calculated | CVE-2025-47784 |
| emlog–emlog | Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In `/admin/comment.php`, the parameter `perpage_num` is not validated and is directly stored in the `admin_commend_perpage_num` field of the `emlog_options` table in the database. Moreover, the output is not filtered, resulting in the direct output of malicious code. As of time of publication, it is unclear if a patch exists. | 2025-05-15 | not yet calculated | CVE-2025-47786 |
| emlog–emlog | Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue. | 2025-05-15 | not yet calculated | CVE-2025-47787 |
| espocrm–espocrm | EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and if they submit their credentials, they get captured in plain text. The vulnerability is allowed by overly permissive HTML editing being allowed on the KB articles. Any authenticated user with the privilege to read KB articles is impacted. In an enterprise with multiple applications, the malicious KB article could be edited to match the login pages of other applications, which would make it useful for credential harvesting against other applications as well. Version 9.0.8 contains a patch for the issue. | 2025-05-12 | not yet calculated | CVE-2025-32390 |
| ETHER–FCGI | FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | 2025-05-16 | not yet calculated | CVE-2025-40907 |
| Forescout–SecureConnector | A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | 2025-05-13 | not yet calculated | CVE-2025-4660 |
| getkirby–kirby | Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name that depends on request or user data). Sites that only use fixed calls to the `snippet()` helper/`$kirby->snippet()` method (i.e. calls with a simple string for the snippet name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as `snippet(‘tags-‘ . get(‘tags’))`. It generally also requires knowledge of the site structure and the server’s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, Kirby maintainers have added a check for the snippet path that ensures that the resulting path is contained within the configured snippets root. Snippet paths that point outside of the snippets root will not be loaded. | 2025-05-13 | not yet calculated | CVE-2025-30159 |
| getkirby–kirby | Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP’s built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby’s router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not. | 2025-05-13 | not yet calculated | CVE-2025-30207 |
| getkirby–kirby | Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection(‘tags-‘ . get(‘tags’))`. It generally also requires knowledge of the site structure and the server’s file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded. | 2025-05-13 | not yet calculated | CVE-2025-31493 |
| Google Cloud–Classic Application Load Balancer | A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable. | 2025-05-16 | not yet calculated | CVE-2025-4600 |
| Google–Chrome | Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | 2025-05-14 | not yet calculated | CVE-2025-4664 |
| HumanSignal–label-studio | Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks. The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. Version 1.18.0 contains a patch for the issue. | 2025-05-14 | not yet calculated | CVE-2025-47783 |
| Icewarp–Icewarp Mail Server | Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example ” https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox. | 2025-05-16 | not yet calculated | CVE-2025-40630 |
| Icewarp–Icewarp Mail Server | HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected. | 2025-05-16 | not yet calculated | CVE-2025-40631 |
| Icewarp–Icewarp Mail Server | Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered. | 2025-05-16 | not yet calculated | CVE-2025-40632 |
| Imagination Technologies–Graphics DDK | Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest’s virtualised GPU memory. | 2025-05-17 | not yet calculated | CVE-2024-47893 |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | 2025-05-17 | not yet calculated | CVE-2025-1706 |
| Jenkins Project–Jenkins Cadence vManager Plugin | A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 2025-05-14 | not yet calculated | CVE-2025-47886 |
| Jenkins Project–Jenkins Cadence vManager Plugin | Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | 2025-05-14 | not yet calculated | CVE-2025-47887 |
| Jenkins Project–Jenkins DingTalk Plugin | Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. | 2025-05-14 | not yet calculated | CVE-2025-47888 |
| Jenkins Project–Jenkins Health Advisor by CloudBees Plugin | Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses. | 2025-05-14 | not yet calculated | CVE-2025-47885 |
| Jenkins Project–Jenkins OpenID Connect Provider Plugin | In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services. | 2025-05-14 | not yet calculated | CVE-2025-47884 |
| Jenkins Project–Jenkins WSO2 Oauth Plugin | In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the “WSO2 Oauth” security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist. | 2025-05-14 | not yet calculated | CVE-2025-47889 |
| julmud–phpDVDProfiler | julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos’s DVDProfiler software. Starting in v_20230807 and prior to v_20250511, cross-site scripting in the search function. v_20250511 contains a patch for the issue. | 2025-05-12 | not yet calculated | CVE-2025-46729 |
| justinas–nosurf | nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass CSRF checks and issue requests on user’s behalf. Due to misuse of the Go `net/http` library, nosurf categorizes all incoming requests as plain-text HTTP requests, in which case the `Referer` header is not checked to have the same origin as the target webpage. If the attacker has control over HTML contents on either the target website (e.g. `example.com`), or on a website hosted on a subdomain of the target (e.g. `attacker.example.com`), they will also be able to manipulate cookies set for the target website. By acquiring the secret CSRF token from the cookie, or overriding the cookie with a new token known to the attacker, `attacker.example.com` is able to craft cross-site requests to `example.com`. A patch for the issue was released in nosurf 1.2.0. In lieu of upgrading to a patched version of nosurf, users may additionally use another HTTP middleware to ensure that a non-safe HTTP request is coming from the same origin (e.g. by requiring a `Sec-Fetch-Site: same-origin` header in the request). | 2025-05-13 | not yet calculated | CVE-2025-46721 |
| kanboard–kanboard | Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue. | 2025-05-12 | not yet calculated | CVE-2025-46825 |
| librenms–librenms | LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue. | 2025-05-17 | not yet calculated | CVE-2025-47931 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 950e252cb469 (“[media] dw2102: limit messages to buffer size”) | 2025-05-14 | not yet calculated | CVE-2023-53146 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard’s report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn’t inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won’t insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ | 2025-05-16 | not yet calculated | CVE-2025-37890 |
| Lleidanet PKI–eSigna | Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. | 2025-05-15 | not yet calculated | CVE-2025-4762 |
| MONGODB–BSON::XS | BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB’s BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported. | 2025-05-16 | not yet calculated | CVE-2025-40906 |
| motioneye-project–motioneye | motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually. | 2025-05-14 | not yet calculated | CVE-2025-47782 |
| Mozilla–Thunderbird | Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value “Spoofed Name “, Thunderbird treats [email protected] as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | 2025-05-14 | not yet calculated | CVE-2025-3875 |
| Mozilla–Thunderbird | A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user’s desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | 2025-05-14 | not yet calculated | CVE-2025-3877 |
| Mozilla–Thunderbird | Thunderbird’s handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | 2025-05-14 | not yet calculated | CVE-2025-3909 |
| Mozilla–Thunderbird | It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | 2025-05-14 | not yet calculated | CVE-2025-3932 |
| n/a–n/a | An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords. | 2025-05-12 | not yet calculated | CVE-2023-34732 |
| n/a–n/a | seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go. | 2025-05-16 | not yet calculated | CVE-2024-40120 |
| n/a–n/a | An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user’s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed <img> tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction. | 2025-05-14 | not yet calculated | CVE-2024-45516 |
| n/a–n/a | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read. | 2025-05-15 | not yet calculated | CVE-2024-52877 |
| n/a–n/a | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read. | 2025-05-15 | not yet calculated | CVE-2024-52878 |
| n/a–n/a | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read. | 2025-05-15 | not yet calculated | CVE-2024-52879 |
| n/a–n/a | An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted. | 2025-05-15 | not yet calculated | CVE-2024-52880 |
| n/a–n/a | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php. | 2025-05-14 | not yet calculated | CVE-2024-54779 |
| n/a–n/a | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter. | 2025-05-14 | not yet calculated | CVE-2024-54780 |
| n/a–n/a | An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-05-12 | not yet calculated | CVE-2024-55466 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes. | 2025-05-14 | not yet calculated | CVE-2024-55569 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target. | 2025-05-14 | not yet calculated | CVE-2024-56427 |
| n/a–n/a | Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method. | 2025-05-12 | not yet calculated | CVE-2024-56523 |
| n/a–n/a | Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request. | 2025-05-12 | not yet calculated | CVE-2024-56524 |
| n/a–n/a | An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. | 2025-05-13 | not yet calculated | CVE-2024-56526 |
| n/a–n/a | An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file. | 2025-05-14 | not yet calculated | CVE-2024-57096 |
| n/a–n/a | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized “reason” field and a derivable device key generated from the public SSH key. | 2025-05-14 | not yet calculated | CVE-2024-57273 |
| n/a–n/a | Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor. | 2025-05-14 | not yet calculated | CVE-2024-58101 |
| n/a–n/a | An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function. | 2025-05-14 | not yet calculated | CVE-2025-25370 |
| n/a–n/a | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400. Incorrect handling of undefined values leads to a Denial of Service. | 2025-05-14 | not yet calculated | CVE-2025-26783 |
| n/a–n/a | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes. | 2025-05-14 | not yet calculated | CVE-2025-26784 |
| n/a–n/a | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes. | 2025-05-14 | not yet calculated | CVE-2025-26785 |
| n/a–n/a | Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload. | 2025-05-12 | not yet calculated | CVE-2025-26841 |
| n/a–n/a | An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. | 2025-05-12 | not yet calculated | CVE-2025-26846 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets. | 2025-05-14 | not yet calculated | CVE-2025-27891 |
| n/a–n/a | upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit | 2025-05-13 | not yet calculated | CVE-2025-28055 |
| n/a–n/a | rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. | 2025-05-13 | not yet calculated | CVE-2025-28056 |
| n/a–n/a | owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order. | 2025-05-13 | not yet calculated | CVE-2025-28057 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java. | 2025-05-14 | not yet calculated | CVE-2025-29686 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java. | 2025-05-14 | not yet calculated | CVE-2025-29688 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java. | 2025-05-14 | not yet calculated | CVE-2025-29689 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java. | 2025-05-14 | not yet calculated | CVE-2025-29690 |
| n/a–n/a | A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java. | 2025-05-14 | not yet calculated | CVE-2025-29691 |
| n/a–n/a | mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. | 2025-05-14 | not yet calculated | CVE-2025-32363 |
| n/a–n/a | Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor. | 2025-05-16 | not yet calculated | CVE-2025-32407 |
| n/a–n/a | An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. | 2025-05-12 | not yet calculated | CVE-2025-44022 |
| n/a–n/a | Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process | 2025-05-14 | not yet calculated | CVE-2025-44024 |
| n/a–n/a | CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication. | 2025-05-13 | not yet calculated | CVE-2025-44039 |
| n/a–n/a | FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the Forum Description Field in admin_forums.php. | 2025-05-15 | not yet calculated | CVE-2025-44110 |
| n/a–n/a | Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. | 2025-05-12 | not yet calculated | CVE-2025-44175 |
| n/a–n/a | Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. | 2025-05-12 | not yet calculated | CVE-2025-44176 |
| n/a–n/a | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}. | 2025-05-15 | not yet calculated | CVE-2025-44180 |
| n/a–n/a | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter. | 2025-05-15 | not yet calculated | CVE-2025-44181 |
| n/a–n/a | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber’ in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code. | 2025-05-15 | not yet calculated | CVE-2025-44182 |
| n/a–n/a | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters. | 2025-05-15 | not yet calculated | CVE-2025-44183 |
| n/a–n/a | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters. | 2025-05-14 | not yet calculated | CVE-2025-44184 |
| n/a–n/a | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter. | 2025-05-15 | not yet calculated | CVE-2025-44185 |
| n/a–n/a | SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page. | 2025-05-14 | not yet calculated | CVE-2025-44186 |
| n/a–n/a | EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | 2025-05-12 | not yet calculated | CVE-2025-44830 |
| n/a–n/a | EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | 2025-05-13 | not yet calculated | CVE-2025-44831 |
| n/a–n/a | WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2025-05-14 | not yet calculated | CVE-2025-44879 |
| n/a–n/a | In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. | 2025-05-13 | not yet calculated | CVE-2025-45746 |
| n/a–n/a | Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. | 2025-05-12 | not yet calculated | CVE-2025-45779 |
| n/a–n/a | A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | 2025-05-12 | not yet calculated | CVE-2025-45835 |
| n/a–n/a | EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. | 2025-05-13 | not yet calculated | CVE-2025-45857 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. | 2025-05-13 | not yet calculated | CVE-2025-45858 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. | 2025-05-13 | not yet calculated | CVE-2025-45859 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. | 2025-05-13 | not yet calculated | CVE-2025-45861 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. | 2025-05-13 | not yet calculated | CVE-2025-45863 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. | 2025-05-13 | not yet calculated | CVE-2025-45864 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. | 2025-05-13 | not yet calculated | CVE-2025-45865 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. | 2025-05-13 | not yet calculated | CVE-2025-45866 |
| n/a–n/a | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. | 2025-05-13 | not yet calculated | CVE-2025-45867 |
| n/a–n/a | An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php | 2025-05-15 | not yet calculated | CVE-2025-46052 |
| n/a–n/a | A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php | 2025-05-15 | not yet calculated | CVE-2025-46053 |
| n/a–n/a | ARTEC EMA Mail 6.92 allows CSRF. | 2025-05-12 | not yet calculated | CVE-2025-46610 |
| n/a–n/a | Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script. | 2025-05-12 | not yet calculated | CVE-2025-46611 |
| n/a–n/a | An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | 2025-05-13 | not yet calculated | CVE-2025-47204 |
| Naukowa i Akademicka Sie Komputerowa – Pastwowy Instytut Badawczy–EZD RP | Unauthorized access to “/api/Token/gettoken” endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024). | 2025-05-14 | not yet calculated | CVE-2025-4430 |
| ollama–ollama/ollama | A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash. | 2025-05-16 | not yet calculated | CVE-2025-1975 |
| OpenText–Advance Authentication | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5 | 2025-05-14 | not yet calculated | CVE-2024-10864 |
| OpenText–Advance Authentication | Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5. | 2025-05-14 | not yet calculated | CVE-2024-10865 |
| OPKSSH–OPKSSH | Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. | 2025-05-13 | not yet calculated | CVE-2025-3757 |
| OPKSSH–OPKSSH | Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication. | 2025-05-13 | not yet calculated | CVE-2025-4658 |
| OPSWAT–MetaDefender Endpoint Security SDK | An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtectâ„¢ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit. | 2025-05-14 | not yet calculated | CVE-2025-0131 |
| OZI-Project–publish | The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2. | 2025-05-12 | not yet calculated | CVE-2025-47271 |
| pallets–flask | Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue. | 2025-05-13 | not yet calculated | CVE-2025-47278 |
| Palo Alto Networks–Cloud NGFW | A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access. | 2025-05-14 | not yet calculated | CVE-2025-0130 |
| Palo Alto Networks–Cloud NGFW | Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Cloud NGFWs, Prisma® Access instances, or PAN-OS VM-Series firewalls. NOTE: The AES-128-CCM encryption algorithm is not recommended for use. | 2025-05-14 | not yet calculated | CVE-2025-0136 |
| Palo Alto Networks–Cloud NGFW | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . | 2025-05-14 | not yet calculated | CVE-2025-0137 |
| Palo Alto Networks–Cortex XDR Broker VM | A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit this issue. | 2025-05-14 | not yet calculated | CVE-2025-0132 |
| Palo Alto Networks–Cortex XDR Broker VM | A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM. | 2025-05-14 | not yet calculated | CVE-2025-0134 |
| Palo Alto Networks–GlobalProtect App | An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtectâ„¢ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. | 2025-05-14 | not yet calculated | CVE-2025-0135 |
| Palo Alto Networks–PAN-OS | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtectâ„¢ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft-particularly if you enabled Clientless VPN. There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal. For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the informational bulletin PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 https://security.paloaltonetworks.com/PAN-SA-2025-0005 . There is no impact to confidentiality for GlobalProtect users if you did not enable (or you disable) Clientless VPN. | 2025-05-14 | not yet calculated | CVE-2025-0133 |
| Palo Alto Networks–Prisma Cloud Compute Edition | Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue. | 2025-05-14 | not yet calculated | CVE-2025-0138 |
| Peergos–Peergos | CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0. | 2025-05-14 | not yet calculated | CVE-2025-4639 |
| PNETLab–PNETLab | PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory. | 2025-05-16 | not yet calculated | CVE-2025-40629 |
| PointCloudLibrary–pcl | A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. | 2025-05-14 | not yet calculated | CVE-2025-4638 |
| PointCloudLibrary–pcl | Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. | 2025-05-14 | not yet calculated | CVE-2025-4640 |
| pypa–setuptools | setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. | 2025-05-17 | not yet calculated | CVE-2025-47273 |
| Python Software Foundation–CPython | There is an issue in CPython when using `bytes.decode(“unicode_escape”, error=”ignore|replace”)`. If you are not using the “unicode_escape” encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. | 2025-05-15 | not yet calculated | CVE-2025-4516 |
| Ricoh Company, Ltd.–The specific versions of laser printers and MFPs which implement Web Image Monitor | Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendor under [References]. | 2025-05-12 | not yet calculated | CVE-2025-41393 |
| Schneider Electric–EcoStruxure Power Build Rapsody software | CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. | 2025-05-13 | not yet calculated | CVE-2025-3916 |
| SonicWall–SMA1000 | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. | 2025-05-14 | not yet calculated | CVE-2025-40595 |
| stacklok–toolhive | ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time – other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux). | 2025-05-12 | not yet calculated | CVE-2025-47274 |
| sulu–sulu | Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually. | 2025-05-14 | not yet calculated | CVE-2025-47778 |
| TECNO–com.transsion.aivoiceassistant | Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage. | 2025-05-15 | not yet calculated | CVE-2025-4737 |
| The GNU C Library–glibc | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). | 2025-05-16 | not yet calculated | CVE-2025-4802 |
| The Qt Company–Qt | Improper Link Resolution Before File Access (‘Link Following’) vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt Framework is QDir::tempPath() and anything that uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and QTemporaryFile.This issue affects all version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, 6.9.0 | 2025-05-16 | not yet calculated | CVE-2025-4211 |
| umbraco–Umbraco.Forms.Issues | Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the ‘Send email’ workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability. | 2025-05-13 | not yet calculated | CVE-2025-47280 |
| Unknown–360 Product Rotation | The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | 2025-05-15 | not yet calculated | CVE-2024-13823 |
| Unknown–aBitGone CommentSafe | The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2023-7174 |
| Unknown–Add SVG Support for Media Uploader | inventivo | The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2025-05-15 | not yet calculated | CVE-2023-7088 |
| Unknown–Advance Post Prefix | The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12734 |
| Unknown–Advance Post Prefix | The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2024-12735 |
| Unknown–Advanced Cron Manager | The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-4004 |
| Unknown–Advanced Page Visit Counter | The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2023-5529 |
| Unknown–Advanced Schedule Posts | The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. | 2025-05-15 | not yet calculated | CVE-2024-0249 |
| Unknown–AffiliateImporterEb | The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12732 |
| Unknown–AffiliateImporterEb | The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12733 |
| Unknown–AHAthat Plugin | The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | 2025-05-15 | not yet calculated | CVE-2024-11269 |
| Unknown–AI ChatBot for WordPress | The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2025-0329 |
| Unknown–Ajax Search Lite | The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8619 |
| Unknown–Allow SVG | The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2025-05-15 | not yet calculated | CVE-2023-6541 |
| Unknown–ApplyOnline | The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain | 2025-05-15 | not yet calculated | CVE-2024-10098 |
| Unknown–Auto Affiliate Links | The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2024-9838 |
| Unknown–Auto Prune Posts | The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10639 |
| Unknown–AVIF Uploader | The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2025-05-15 | not yet calculated | CVE-2024-9238 |
| Unknown–AWeber | The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13313 |
| Unknown–BabelZ | The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2024-8095 |
| Unknown–Backup Database | The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8702 |
| Unknown–Badgearoo | The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-13828 |
| Unknown–Badgearoo | The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2025-1033 |
| Unknown–Better Follow Button for Jetpack | The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2023-7168 |
| Unknown–BTEV | The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-10677 |
| Unknown–buddyboss-platform | The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts | 2025-05-15 | not yet calculated | CVE-2024-12767 |
| Unknown–Calculated Fields Form | The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13382 |
| Unknown–Carousel, Slider, Gallery by WP Carousel | The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-4002 |
| Unknown–Clasify Classified Listing | The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12725 |
| Unknown–ClickSold IDX | The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-7769 |
| Unknown–ClipArt | The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12726 |
| Unknown–CM Tooltip Glossary | The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-5026 |
| Unknown–Competition Form | The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-12750 |
| Unknown–Connexion Logs | The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2024-11372 |
| Unknown–Connexion Logs | The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-11373 |
| Unknown–Contact Form builder with drag & drop for WordPress | The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks. | 2025-05-16 | not yet calculated | CVE-2025-3201 |
| Unknown–Contact Form, Survey, Quiz & Popup Form Builder | The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-10504 |
| Unknown–coreActivity: Activity Logging for WordPress | The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin | 2025-05-15 | not yet calculated | CVE-2024-0852 |
| Unknown–Countdown Timer for WordPress Block Editor | The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-10631 |
| Unknown–CSV Mass Importer | The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 2025-05-17 | not yet calculated | CVE-2025-4190 |
| Unknown–CTT Expresso para WooCommerce | The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-6478 |
| Unknown–Custom Author Base | The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-8050 |
| Unknown–Custom Field Manager | The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12873 |
| Unknown–CYAN Backup | The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-9662 |
| Unknown–CYAN Backup | The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-9663 |
| Unknown–Ditty | The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13357 |
| Unknown–DL Robots.txt | The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-6797 |
| Unknown–DL Verification | The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-6798 |
| Unknown–DL Yandex Metrika | The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-6462 |
| Unknown–Download HTML TinyMCE Button | The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2025-1286 |
| Unknown–Download Manager | The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2025-05-15 | not yet calculated | CVE-2024-8284 |
| Unknown–Easy Property Listings | The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-2869 |
| Unknown–edd-google-sheet-connector-pro | The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2023-2334 |
| Unknown–EKC Tournament Manager | The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-9709 |
| Unknown–EKC Tournament Manager | The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-9711 |
| Unknown–EKC Tournament Manager | The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory | 2025-05-15 | not yet calculated | CVE-2024-9765 |
| Unknown–Event Calendar | The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. | 2025-05-15 | not yet calculated | CVE-2024-8700 |
| Unknown–Event Tickets with Ticket Scanner | The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks | 2025-05-15 | not yet calculated | CVE-2024-6711 |
| Unknown–EventPrime | The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. | 2025-05-15 | not yet calculated | CVE-2024-4665 |
| Unknown–events-calendar | The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8701 |
| Unknown–Everest Forms | The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8542 |
| Unknown–Firelight Lightbox | The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well. | 2025-05-12 | not yet calculated | CVE-2025-3597 |
| Unknown–Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme | The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-2643 |
| Unknown–Form Maker by 10Web | The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13053 |
| Unknown–Free Booking Plugin for Hotels, Restaurants and Car Rentals | The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-9450 |
| Unknown–Full Screen (Page) Background Image Slideshow | The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11221 |
| Unknown–FunnelKit | The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2025-2203 |
| Unknown–GamiPress | The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-8245 |
| Unknown–Genesis Blocks | The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks. | 2025-05-15 | not yet calculated | CVE-2024-3901 |
| Unknown–Geocache Stat Bar Widget | The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11266 |
| Unknown–Giveaways and Contests by RafflePress | The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10107 |
| Unknown–Happyforms | The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10054 |
| Unknown–HD Quiz | The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13383 |
| Unknown–Hubbub Lite | The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10145 |
| Unknown–Hustle | The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2025-05-15 | not yet calculated | CVE-2024-8492 |
| Unknown–Icegram Engage | The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13482 |
| Unknown–Icegram Engage | The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13486 |
| Unknown–If-So Dynamic Content Personalization | The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-5440 |
| Unknown–illi Link Party! | The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2023-7228 |
| Unknown–illi Link Party! | The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2023-7229 |
| Unknown–illi Link Party! | The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2023-7230 |
| Unknown–illi Link Party! | The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. | 2025-05-15 | not yet calculated | CVE-2023-7231 |
| Unknown–ImageMagick Engine | The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the “cli_path” parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution. | 2025-05-15 | not yet calculated | CVE-2024-6486 |
| Unknown–IP Based Login | The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12800 |
| Unknown–JavaScript Logic | The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2024-8090 |
| Unknown–Jetpack | The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block. | 2025-05-15 | not yet calculated | CVE-2024-10075 |
| Unknown–Jetpack | The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks | 2025-05-15 | not yet calculated | CVE-2024-10076 |
| Unknown–Jetpack Boost | The ‘wp_ajax_boost_proxy_ig’ action allows administrators to make GET requests to arbitrary URLs. | 2025-05-15 | not yet calculated | CVE-2024-6584 |
| Unknown–Joy Of Text Lite | The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-7984 |
| Unknown–JSFiddle Shortcode | The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-10818 |
| Unknown–JSP Store Locator | The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | 2025-05-15 | not yet calculated | CVE-2024-11267 |
| Unknown–JSP Store Locator | The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | 2025-05-15 | not yet calculated | CVE-2024-12301 |
| Unknown–jwp-a11y | The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11190 |
| Unknown–KBucket: Your Curated Content in WordPress | The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-6665 |
| Unknown–KBucket: Your Curated Content in WordPress | The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin. | 2025-05-15 | not yet calculated | CVE-2024-6667 |
| Unknown–LearnPress | The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13127 |
| Unknown–LearnPress | The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13128 |
| Unknown–LifterLMS | The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-13619 |
| Unknown–LightPress Lightbox | The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks. | 2025-05-12 | not yet calculated | CVE-2025-3649 |
| Unknown–LogDash Activity Log | The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn’t escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker | 2025-05-15 | not yet calculated | CVE-2023-6030 |
| Unknown–Logo Slider | The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-9233 |
| Unknown–MailPoet | The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12743 |
| Unknown–MapFig Studio | The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-6712 |
| Unknown–MapPress Maps for WordPress | The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8620 |
| Unknown–Marketing Twitter Bot | The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2023-7197 |
| Unknown–Maspik | The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 2025-05-15 | not yet calculated | CVE-2024-9182 |
| Unknown–MB Custom Post Types & Custom Taxonomies | The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10143 |
| Unknown–Melapress File Monitor | The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2024-10009 |
| Unknown–Melapress File Monitor | The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2024-9879 |
| Unknown–MemberSpace | The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | 2025-05-15 | not yet calculated | CVE-2024-13727 |
| Unknown–Mobile Contact Bar | The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12739 |
| Unknown–Nested Pages | The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8759 |
| Unknown–Ninja Pages | The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2025-1454 |
| Unknown–Nokaut Offers Box | The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-10632 |
| Unknown–Nokaut Offers Box | The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-10634 |
| Unknown–Ntz Antispam | The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-8094 |
| Unknown–Offload Videos | The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-6719 |
| Unknown–Page Builder: Pagelayer | The Page Builder: Pagelayer WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2025-05-15 | not yet calculated | CVE-2024-8426 |
| Unknown–Page Builder: Pagelayer | The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8618 |
| Unknown–Panorama | The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11843 |
| Unknown–Payment Gateway for Telcell | The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue | 2025-05-15 | not yet calculated | CVE-2023-6786 |
| Unknown–PeoplePond | The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2024-8085 |
| Unknown–Photo Gallery by 10Web | The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8670 |
| Unknown–Photo Gallery, Images, Slider in Rbs Image Gallery | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10144 |
| Unknown–Photo Gallery, Images, Slider in Rbs Image Gallery | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13384 |
| Unknown–Planning Center Online Giving | The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-11502 |
| Unknown–Plugin Oficial | The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2025-1289 |
| Unknown–Plugin Oficial | The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | 2025-05-15 | not yet calculated | CVE-2025-1303 |
| Unknown–Podlove Podcast Publisher | The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13729 |
| Unknown–Podlove Podcast Publisher | The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13730 |
| Unknown–Polls CP | The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup). | 2025-05-15 | not yet calculated | CVE-2024-8851 |
| Unknown–Polls CP | The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup). | 2025-05-15 | not yet calculated | CVE-2024-8854 |
| Unknown–Popup Box | The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-9599 |
| Unknown–Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry | The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-9645 |
| Unknown–PowerPress Podcasting plugin by Blubrry | The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2025-05-15 | not yet calculated | CVE-2024-9227 |
| Unknown–Prisna GWT | The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12679 |
| Unknown–Prisna GWT | The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12680 |
| Unknown–ProfilePro | The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks | 2025-05-15 | not yet calculated | CVE-2024-6668 |
| Unknown–Push Notification for Post and BuddyPress | The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 2025-05-15 | not yet calculated | CVE-2024-6159 |
| Unknown–PVN Auth Popup | The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-6713 |
| Unknown–PVN Auth Popup | The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2025-05-15 | not yet calculated | CVE-2024-6718 |
| Unknown–PWA for WP | The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-7759 |
| Unknown–Quiz Maker | The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-8617 |
| Unknown–Real WP Shop Lite Ajax eCommerce Shopping Cart | The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11140 |
| Unknown–RegistrationMagic | The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-9390 |
| Unknown–Responsive Contact Form Builder & Lead Generation Plugin | The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10475 |
| Unknown–Responsive Gallery Grid | The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2025-05-15 | not yet calculated | CVE-2024-4091 |
| Unknown–Responsive Lightbox & Gallery | The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2025-3742 |
| Unknown–S3Player | The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | 2025-05-15 | not yet calculated | CVE-2024-13865 |
| Unknown–Sailthru Triggermail | The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11141 |
| Unknown–Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses | The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-9882 |
| Unknown–Save as Image Plugin by Pdfcrowd | The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-3062 |
| Unknown–Secure Downloads | The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php. | 2025-05-15 | not yet calculated | CVE-2024-8031 |
| Unknown–Sensei LMS | The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page | 2025-05-15 | not yet calculated | CVE-2024-8009 |
| Unknown–Simple Basic Contact Form | The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12716 |
| Unknown–Simple Job Board | In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | 2025-05-15 | not yet calculated | CVE-2024-7761 |
| Unknown–Simple Job Board | The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes | 2025-05-15 | not yet calculated | CVE-2024-7762 |
| Unknown–Simple Lightbox | The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-16 | not yet calculated | CVE-2025-3516 |
| Unknown–Simple Nav Archives | The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-8398 |
| Unknown–Simple Share | The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-7556 |
| Unknown–Simple Video Directory | The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 2025-05-15 | not yet calculated | CVE-2024-6809 |
| Unknown–Smart Post Show | The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-3996 |
| Unknown–Smart Post Show | The Smart Post Show WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8187 |
| Unknown–Smooth Gallery Replacement | The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2024-8032 |
| Unknown–Social Media Share Buttons & Social Sharing Icons | The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-10362 |
| Unknown–Social Share And Social Locker | The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11189 |
| Unknown–Social Slider Feed | The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-10149 |
| Unknown–Spiritual Gifts Survey (and optional S.H.A.P.E survey) | The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | 2025-05-15 | not yet calculated | CVE-2025-0687 |
| Unknown–Spiritual Gifts Survey (and optional S.H.A.P.E survey) | The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | 2025-05-15 | not yet calculated | CVE-2025-0688 |
| Unknown–Stylish Price List | The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-7758 |
| Unknown–SVG Uploads Support | The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2025-05-15 | not yet calculated | CVE-2023-7086 |
| Unknown–tarteaucitron-wp | The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-11718 |
| Unknown–tarteaucitron-wp | The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2024-11719 |
| Unknown–Taskbuilder | The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2024-9831 |
| Unknown–Team | The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-9236 |
| Unknown–The Events Calendar | The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-8493 |
| Unknown–The GDPR Framework By Data443 | The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13621 |
| Unknown–Top Comments | The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12874 |
| Unknown–Tracking Code Manager | The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-6335 |
| Unknown–Travelpayouts: All Travel Brands in One Place | The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-05-15 | not yet calculated | CVE-2023-5932 |
| Unknown–Travelpayouts: All Travel Brands in One Place | The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2023-5934 |
| Unknown–Twitter Bootstrap Collapse aka Accordian Shortcode | The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-12722 |
| Unknown–TwitterPosts | The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2023-7297 |
| Unknown–Ultimate Noindex Nofollow Tool | The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2023-7196 |
| Unknown–Ultimate Noindex Nofollow Tool II | The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-1663 |
| Unknown–User Activity Tracking and Log | This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. | 2025-05-15 | not yet calculated | CVE-2024-0970 |
| Unknown–User Profile Builder | The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks. | 2025-05-15 | not yet calculated | CVE-2024-6708 |
| Unknown–VikBooking Hotel Booking Engine & PMS | The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-13616 |
| Unknown–wccp-pro | The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites | 2025-05-15 | not yet calculated | CVE-2024-6690 |
| Unknown–wccp-pro | The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-6693 |
| Unknown–webtoffee-gdpr-cookie-consent | The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks | 2025-05-15 | not yet calculated | CVE-2024-8286 |
| Unknown–webtoffee-gdpr-cookie-consent | The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the ‘Consent report’ page and the malicious script is executed in the admin context. | 2025-05-15 | not yet calculated | CVE-2024-8397 |
| Unknown–Wholesale Market | The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack | 2025-05-16 | not yet calculated | CVE-2022-4363 |
| Unknown–Widgets Reset | The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2024-8082 |
| Unknown–WolfNet IDX for WordPress | The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2023-6783 |
| Unknown–WOOEXIM | The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2025-1288 |
| Unknown–WordPress | The WordPressè¿žæŽ¥å¾®åš WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2024-12282 |
| Unknown–WP Dashboard Notes | The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users. | 2025-05-15 | not yet calculated | CVE-2023-7239 |
| Unknown–WP DeskLite | The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-05-15 | not yet calculated | CVE-2024-12724 |
| Unknown–WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12808 |
| Unknown–WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees. | 2025-05-15 | not yet calculated | CVE-2024-12812 |
| Unknown–WP Google Review Slider | The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-11109 |
| Unknown–WP ULike | The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-05-15 | not yet calculated | CVE-2024-12770 |
| Unknown–WP-PManager | The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-05-15 | not yet calculated | CVE-2025-2247 |
| Unknown–WP-PManager | The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-05-15 | not yet calculated | CVE-2025-2248 |
| Unknown–WP-Reply Notify | The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 2025-05-15 | not yet calculated | CVE-2023-7195 |
| Unknown–Z-Downloads | The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. | 2025-05-15 | not yet calculated | CVE-2024-8673 |
| Unknown–Z-Downloads | The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 2025-05-15 | not yet calculated | CVE-2024-8699 |
| Unknown–Z-Downloads | The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs. | 2025-05-15 | not yet calculated | CVE-2024-8703 |
| VMware–Bitnami | The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an ‘repmgr’ user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart. | 2025-05-13 | not yet calculated | CVE-2025-22248 |
| vyperlang–vyper | Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero. In practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b””`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b”” if self.do_some_side_effect() else b””`. The fix is available in pull request 4644 and expected to be part of the 0.4.2 release. As a workaround, don’t have side effects in expressions which construct zero-length bytestrings. | 2025-05-15 | not yet calculated | CVE-2025-47285 |
| vyperlang–vyper | Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `<address>.code`). The reason is that for these source locations, the check that `length >= 1` is skipped. The result is that a 0-length bytestring constructed with slice can be passed to `make_byte_array_copier`, which elides evaluation of its source argument when the max length is 0. The impact is that side effects in the `start` argument may be elided when the `length` argument is 0, e.g. `slice(msg.data, self.do_side_effect(), 0)`. The fix in pull request 4645 disallows any invocation of `slice()` with length 0, including for the ad hoc locations discussed in this advisory. The fix is expected to be part of version 0.4.2. | 2025-05-15 | not yet calculated | CVE-2025-47774 |
| WatchGuard–Fireware OS | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. | 2025-05-16 | not yet calculated | CVE-2025-4804 |
| WatchGuard–Fireware OS | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through 12.11.1. | 2025-05-16 | not yet calculated | CVE-2025-4805 |
| zulip–zulip | Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the “Who can create public channels” access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the “private” radio button as disabled in such cases. Version 10.3 contains a patch. | 2025-05-15 | not yet calculated | CVE-2025-47930 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
