CVEs from 2025
Total
8,845
critical
critical 1,327
high
high 1,995
medium
medium 1,981
low
low 202
% Critical
15.0%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8225 | low | 3.3 | 3.3 | 10mo ago | A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. T… | |||
| CVE-2025-6817 | low | 3.3 | 3.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource co… | |||
| CVE-2025-6816 | low | 3.3 | 3.3 | 11mo ago | A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffe… | |||
| CVE-2025-6750 | low | 3.3 | 3.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to… | |||
| CVE-2025-6536 | low | 3.3 | 3.3 | 1y ago | A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipu… | |||
| CVE-2025-6497 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reacha… | |||
| CVE-2025-6496 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads t… | |||
| CVE-2025-6494 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-… | |||
| CVE-2025-6490 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-par… | |||
| CVE-2025-6275 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-inte… | |||
| CVE-2025-6274 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulatio… | |||
| CVE-2025-6273 | low | 3.3 | 3.3 | 1y ago | A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to… | |||
| CVE-2025-6272 | low | 3.3 | 3.3 | 1y ago | A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-o… | |||
| CVE-2025-6271 | low | 3.3 | 3.3 | 1y ago | A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation… | |||
| CVE-2025-6141 | low | 3.3 | 3.3 | 1y ago | A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipu… | |||
| CVE-2025-6140 | low | 3.3 | 3.3 | 1y ago | A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation… | |||
| CVE-2025-3549 | low | 3.3 | 3.3 | 1y ago | A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/Ass… | |||
| CVE-2025-3548 | low | 3.3 | 3.3 | 1y ago | A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h … | |||
| CVE-2025-2923 | low | 3.3 | 3.3 | 1y ago | A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the… | |||
| CVE-2025-2914 | low | 3.3 | 3.3 | 1y ago | A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect… | |||
| CVE-2025-46394 | low | 3.2 | 3.2 | 1y ago | In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. | |||
| CVE-2025-8277 | low | 3.1 | 3.1 | 17d ago | Moderate: libssh security update | |||
| CVE-2025-15454 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The ma… | |||
| CVE-2025-15242 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be … | |||
| CVE-2025-15141 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to inf… | |||
| CVE-2025-15125 | low | 3.1 | 3.1 | 5mo ago | A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument depart… | |||
| CVE-2025-15124 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improp… | |||
| CVE-2025-15123 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It… | |||
| CVE-2025-15122 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId… | |||
| CVE-2025-15120 | low | 3.1 | 3.1 | 5mo ago | A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper aut… | |||
| CVE-2025-15119 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper a… | |||
| CVE-2025-15084 | low | 3.1 | 3.1 | 5mo ago | A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/contro… | |||
| CVE-2025-12623 | low | 3.1 | 3.1 | 7mo ago | A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/co… | |||
| CVE-2025-11731 | low | 3.1 | 3.1 | 8mo ago | A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML d… | |||
| CVE-2025-10320 | low | 3.1 | 3.1 | 9mo ago | A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password req… | |||
| CVE-2025-10287 | low | 3.1 | 3.1 | 9mo ago | A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the … | |||
| CVE-2025-10252 | low | 3.1 | 3.1 | 9mo ago | A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only… | |||
| CVE-2025-10080 | low | 3.1 | 3.1 | 9mo ago | A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil… | |||
| CVE-2025-10014 | low | 3.1 | 3.1 | 9mo ago | A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the … | |||
| CVE-2025-7882 | low | 3.1 | 3.1 | 11mo ago | A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads… | |||
| CVE-2025-6527 | low | 3.1 | 3.1 | 1y ago | A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access co… | |||
| CVE-2025-6524 | low | 3.1 | 3.1 | 1y ago | A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. A… | |||
| CVE-2025-6107 | low | 3.1 | 3.1 | 1y ago | A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically… | |||
| CVE-2025-5889 | low | 3.1 | 3.1 | 1y ago | A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The man… | |||
| CVE-2025-46653 | low | 3.1 | 3.1 | 1y ago | Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographic… | |||
| CVE-2025-62312 | low | 3.0 | 3.0 | 22d ago | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse,… | |||
| CVE-2025-66382 | low | 2.9 | 2.9 | 6mo ago | In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | |||
| CVE-2025-62345 | low | 2.7 | 2.7 | 1mo ago | HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the … | |||
| CVE-2025-14836 | low | 2.7 | 2.7 | 6mo ago | A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes clea… | |||
| CVE-2025-64254 | low | 2.7 | 2.7 | 6mo ago | Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through … | |||
| CVE-2025-8519 | low | 2.7 | 2.7 | 10mo ago | A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop… | |||
| CVE-2025-7881 | low | 2.7 | 2.7 | 11mo ago | A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulati… | |||
| CVE-2025-7061 | low | 2.7 | 2.7 | 11mo ago | A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv… | |||
| CVE-2025-32205 | low | 2.7 | 2.7 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30. | |||
| CVE-2025-62317 | low | 2.6 | 2.6 | 22d ago | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary syst… | |||
| CVE-2025-62309 | low | 2.6 | 2.6 | 22d ago | HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to… | |||
| CVE-2025-10216 | low | 2.6 | 2.6 | 9mo ago | A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argume… | |||
| CVE-2025-48708 | low | — | 2.5 | — | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. | |||
| CVE-2025-4575 | low | — | 2.5 | — | Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certific… | |||
| CVE-2025-0620 | low | — | 2.5 | — | A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect … | |||
| CVE-2025-11143 | low | — | 2.5 | 3mo ago | org.eclipse.jetty:jetty-http has different parsing of invalid URIs | |||
| CVE-2025-40536 | unknown | — | 2.5 | 4mo ago | SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. | |||
| CVE-2025-22873 | low | — | 2.5 | 4mo ago | It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape o… | |||
| CVE-2025-40551 | unknown | — | 2.5 | 4mo ago | SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This c… | |||
| CVE-2025-64328 | unknown | — | 2.5 | 4mo ago | Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> c… | |||
| CVE-2025-52691 | unknown | — | 2.5 | 4mo ago | SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail s… | |||
| CVE-2025-37164 | unknown | — | 2.5 | 5mo ago | Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution. | |||
| CVE-2025-14847 | unknown | — | 2.5 | 5mo ago | MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by a… | |||
| CVE-2025-68613 | unknown | — | 2.5 | 6mo ago | n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. | |||
| CVE-2025-14611 | unknown | — | 2.5 | 6mo ago | Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoin… | |||
| CVE-2025-55182 | unknown | — | 2.5 | 6mo ago | Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Ser… | |||
| CVE-2025-58360 | unknown | — | 2.5 | 6mo ago | OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation… | |||
| CVE-2025-65111 | low | — | 2.5 | 7mo ago | SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results | |||
| CVE-2025-58034 | unknown | — | 2.5 | 7mo ago | Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI comman… | |||
| CVE-2025-64446 | unknown | — | 2.5 | 7mo ago | Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | |||
| CVE-2025-64529 | low | — | 2.5 | 7mo ago | SpiceDB WriteRelationships fails silently if payload is too big | |||
| CVE-2025-62215 | unknown | — | 2.5 | 7mo ago | Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could ena… | |||
| CVE-2025-64481 | low | — | 2.5 | 7mo ago | Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability… | |||
| CVE-2025-11371 | unknown | — | 2.5 | 7mo ago | Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files. | |||
| CVE-2025-59287 | unknown | — | 2.5 | 7mo ago | Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. | |||
| CVE-2025-33073 | unknown | — | 2.5 | 8mo ago | Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the … | |||
| CVE-2025-61882 | unknown | — | 2.5 | 8mo ago | Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise O… | |||
| CVE-2025-32463 | unknown | — | 2.5 | 8mo ago | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | |||
| CVE-2025-57819 | unknown | — | 2.5 | 9mo ago | Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database… | |||
| CVE-2025-9589 | low | 2.5 | 2.5 | 9mo ago | A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack … | |||
| CVE-2025-9383 | low | 2.5 | 2.5 | 10mo ago | A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The … | |||
| CVE-2025-9165 | low | 2.5 | 2.5 | 10mo ago | A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipul… | |||
| CVE-2025-8534 | low | 2.5 | 2.5 | 10mo ago | A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads … | |||
| CVE-2025-49704 | unknown | — | 2.5 | 11mo ago | Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-… | |||
| CVE-2025-49706 | unknown | — | 2.5 | 11mo ago | Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view… | |||
| CVE-2025-53770 | unknown | — | 2.5 | 11mo ago | Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could b… | |||
| CVE-2025-25257 | unknown | — | 2.5 | 11mo ago | Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | |||
| CVE-2025-47812 | unknown | — | 2.5 | 11mo ago | Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arb… | |||
| CVE-2025-5777 | unknown | — | 2.5 | 11mo ago | Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a… | |||
| CVE-2025-4563 | low | — | 2.5 | 1y ago | A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled,… | |||
| CVE-2025-3248 | unknown | — | 2.5 | 1y ago | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. | |||
| CVE-2025-6170 | low | 2.5 | 2.5 | 1y ago | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, … | |||
| CVE-2025-33053 | unknown | — | 2.5 | 1y ago | Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribut… | |||
| CVE-2025-32433 | unknown | — | 2.5 | 1y ago | Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially l… | |||
| CVE-2025-48432 | low | — | 2.5 | 1y ago | An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially… |