CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32491 | critical | 9.8 | 9.8 | 1y ago | Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO… | |||
| CVE-2025-25373 | critical | 9.8 | 9.8 | 1y ago | The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | |||
| CVE-2025-2655 | critical | 9.8 | 9.8 | 1y ago | A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function save_users/delete_users of the file /classes/Users.php. Performing manipulation … | |||
| CVE-2025-26966 | critical | 9.8 | 9.8 | 1y ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5. | |||
| CVE-2025-24607 | critical | 9.8 | 9.8 | 1y ago | Missing Authorization vulnerability in Northern Beaches Websites IdeaPush ideapush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a throug… | |||
| CVE-2025-55754 | critical | 9.6 | 9.6 | 19d ago | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Win… | |||
| CVE-2025-11022 | critical | 9.6 | 9.6 | 6mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. Thi… | |||
| CVE-2025-60156 | critical | 9.6 | 9.6 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.3… | |||
| CVE-2025-7743 | critical | 9.6 | 9.6 | 9mo ago | Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025. | |||
| CVE-2025-30967 | critical | 9.6 | 9.6 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. | |||
| CVE-2025-20234 | critical | — | 9.5 | — | A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnera… | |||
| CVE-2025-20260 | critical | — | 9.5 | — | A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arb… | |||
| CVE-2025-14931 | critical | — | 9.5 | 6mo ago | Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE | |||
| CVE-2025-47151 | critical | — | 9.5 | 7mo ago | RHSA-2025:21628: lasso security update (Critical) | |||
| CVE-2025-55747 | critical | — | 9.5 | 9mo ago | XWiki configuration files can be accessed through the webjars API | |||
| CVE-2025-8077 | critical | — | 9.5 | 9mo ago | NeuVector admin account has insecure default password | |||
| CVE-2025-30405 | critical | — | 9.5 | 10mo ago | ExecuTorch integer overflow vulnerability | |||
| CVE-2025-54950 | critical | — | 9.5 | 10mo ago | ExecuTorch out-of-bounds access vulnerability | |||
| CVE-2025-54949 | critical | — | 9.5 | 10mo ago | ExecuTorch heap buffer overflow vulnerability | |||
| CVE-2025-30404 | critical | — | 9.5 | 10mo ago | ExecuTorch integer overflow vulnerability | |||
| CVE-2025-54951 | critical | — | 9.5 | 10mo ago | ExecuTorch vulnerable to Heap-based Buffer Overflow | |||
| CVE-2025-69614 | critical | 9.4 | 9.4 | 3mo ago | Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Accou… | |||
| CVE-2025-8668 | critical | 9.4 | 9.4 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd… | |||
| CVE-2025-4319 | critical | 9.4 | 9.4 | 5mo ago | Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute… | |||
| CVE-2025-8220 | critical | 9.4 | 9.4 | 11mo ago | A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of … | |||
| CVE-2025-27851 | critical | 9.3 | 9.3 | 24d ago | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including… | |||
| CVE-2025-49055 | critical | 9.3 | 9.3 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect… | |||
| CVE-2025-32303 | critical | 9.3 | 9.3 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0. | |||
| CVE-2025-39484 | critical | 9.3 | 9.3 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7. | |||
| CVE-2025-68865 | critical | 9.3 | 9.3 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global:… | |||
| CVE-2025-30633 | critical | 9.3 | 9.3 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Nat… | |||
| CVE-2025-58951 | critical | 9.3 | 9.3 | 6mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Inje… | |||
| CVE-2025-48089 | critical | 9.3 | 9.3 | 7mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affect… | |||
| CVE-2025-59557 | critical | 9.3 | 9.3 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from… | |||
| CVE-2025-49931 | critical | 9.3 | 9.3 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a… | |||
| CVE-2025-49915 | critical | 9.3 | 9.3 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS A… | |||
| CVE-2025-11849 | critical | 9.3 | 9.3 | 8mo ago | Mammoth is vulnerable to Directory Traversal | |||
| CVE-2025-39496 | critical | 9.3 | 9.3 | 9mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter P… | |||
| CVE-2025-52830 | critical | 9.3 | 9.3 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bSecure – Your Universal Checkout bSecure – Your Universal Checkout bsecure allows Blind SQL Inje… | |||
| CVE-2025-4383 | critical | 9.3 | 9.3 | 1y ago | Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication… | |||
| CVE-2025-47573 | critical | 9.3 | 9.3 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from… | |||
| CVE-2025-39479 | critical | 9.3 | 9.3 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification:… | |||
| CVE-2025-39389 | critical | 9.3 | 9.3 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2… | |||
| CVE-2025-32643 | critical | 9.3 | 9.3 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows Blind SQL Injection. This issue affects WPGYM: from n/a through 65.0. | |||
| CVE-2025-47657 | critical | 9.3 | 9.3 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce allows SQL Injection.This issue affects … | |||
| CVE-2025-30622 | critical | 9.3 | 9.3 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash postmash-custom allows SQL Injection.This issue affects PostMash: from n/a thr… | |||
| CVE-2025-41268 | critical | 9.1 | 9.1 | 9d ago | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated att… | |||
| CVE-2025-40949 | critical | 9.1 | 9.1 | 26d ago | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1… | |||
| CVE-2025-69690 | critical | 9.1 | 9.1 | 1mo ago | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes … | |||
| CVE-2025-59852 | critical | 9.1 | 9.1 | 1mo ago | HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise t… | |||
| CVE-2025-14543 | critical | 9.1 | 9.1 | 1mo ago | Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.… | |||
| CVE-2025-69615 | critical | 9.1 | 9.1 | 3mo ago | Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Acco… | |||
| CVE-2025-11158 | critical | 9.1 | 9.1 | 3mo ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of … | |||
| CVE-2025-1928 | critical | 9.1 | 9.1 | 6mo ago | Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation. This issue affect… | |||
| CVE-2025-14520 | critical | 9.1 | 9.1 | 6mo ago | A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the a… | |||
| CVE-2025-11631 | critical | 9.1 | 9.1 | 8mo ago | A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path … | |||
| CVE-2025-9004 | critical | 9.1 | 9.1 | 10mo ago | A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentica… | |||
| CVE-2025-8729 | critical | 9.1 | 9.1 | 10mo ago | A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. T… | |||
| CVE-2025-22871 | critical | 9.1 | 9.1 | 10mo ago | Moderate: git-lfs security update | |||
| CVE-2025-49794 | critical | 9.1 | 9.1 | 11mo ago | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. … | |||
| CVE-2025-49796 | critical | 9.1 | 9.1 | 11mo ago | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input f… | |||
| CVE-2025-48267 | critical | 9.1 | 9.1 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2. | |||
| CVE-2025-2691 | critical | 9.1 | 9.1 | 1y ago | nossrf Server-Side Request Forgery (SSRF) | |||
| CVE-2025-62023 | critical | 9.0 | 9.0 | 8mo ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905. | |||
| CVE-2025-8535 | critical | 9.0 | 9.0 | 10mo ago | A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL H… | |||
| CVE-2025-8264 | critical | 9.0 | 9.0 | 10mo ago | z-push/z-push-dev SQL Injection Vulnerability | |||
| CVE-2025-31916 | critical | 9.0 | 9.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Resul… | |||
| CVE-2025-2311 | critical | 9.0 | 9.0 | 1y ago | Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication… | |||
| CVE-2025-6139 | low | 3.9 | 3.9 | 1y ago | A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulatio… | |||
| CVE-2025-12656 | low | 3.8 | 3.8 | 1d ago | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si… | |||
| CVE-2025-69015 | low | 3.8 | 3.8 | 5mo ago | Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: fro… | |||
| CVE-2025-58009 | low | 3.8 | 3.8 | 9mo ago | Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Mu… | |||
| CVE-2025-15603 | low | 3.7 | 3.7 | 3mo ago | A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the… | |||
| CVE-2025-15244 | low | 3.7 | 3.7 | 5mo ago | A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated … | |||
| CVE-2025-15151 | low | 3.7 | 3.7 | 5mo ago | A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/pass… | |||
| CVE-2025-15108 | low | 3.7 | 3.7 | 5mo ago | A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipu… | |||
| CVE-2025-15005 | low | 3.7 | 3.7 | 6mo ago | A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_… | |||
| CVE-2025-14955 | low | 3.7 | 3.7 | 6mo ago | A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation r… | |||
| CVE-2025-14697 | low | 3.7 | 3.7 | 6mo ago | A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles… | |||
| CVE-2025-14651 | low | 3.7 | 3.7 | 6mo ago | A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use… | |||
| CVE-2025-14636 | low | 3.7 | 3.7 | 6mo ago | A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the … | |||
| CVE-2025-13805 | low | 3.7 | 3.7 | 6mo ago | NutzBoot vulnerable to deserialization | |||
| CVE-2025-12919 | low | 3.7 | 3.7 | 7mo ago | EverShop is vulnerable to Unauthorized Order Information Access (IDOR) | |||
| CVE-2025-12854 | low | 3.7 | 3.7 | 7mo ago | A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to… | |||
| CVE-2025-61748 | low | 3.7 | 3.7 | 8mo ago | RHSA-2025:18824: java-21-openjdk security update (Moderate) | |||
| CVE-2025-11441 | low | 3.7 | 3.7 | 8mo ago | A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads… | |||
| CVE-2025-11322 | low | 3.7 | 3.7 | 8mo ago | NovoSGA: Manipulation of User Creation Page can lead to weak password requirements | |||
| CVE-2025-11280 | low | 3.7 | 3.7 | 8mo ago | A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be… | |||
| CVE-2025-10776 | low | 3.7 | 3.7 | 9mo ago | A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sen… | |||
| CVE-2025-10761 | low | 3.7 | 3.7 | 9mo ago | A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive… | |||
| CVE-2025-10671 | low | 3.7 | 3.7 | 9mo ago | A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\… | |||
| CVE-2025-10423 | low | 3.7 | 3.7 | 9mo ago | A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely… | |||
| CVE-2025-7039 | low | 3.7 | 3.7 | 9mo ago | A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temp… | |||
| CVE-2025-9401 | low | 3.7 | 3.7 | 10mo ago | A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument … | |||
| CVE-2025-9109 | low | 3.7 | 3.7 | 10mo ago | A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpo… | |||
| CVE-2025-9005 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible … | |||
| CVE-2025-8927 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulati… | |||
| CVE-2025-8549 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.… | |||
| CVE-2025-8548 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiCon… | |||
| CVE-2025-8515 | low | 3.7 | 3.7 | 10mo ago | A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to i… |