CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14869 | high | 7.5 | 7.5 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause … | |||
| CVE-2025-27850 | high | 7.5 | 7.5 | 24d ago | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links… | |||
| CVE-2025-28344 | high | 7.5 | 7.5 | 24d ago | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. | |||
| CVE-2025-28343 | high | 7.5 | 7.5 | 24d ago | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. | |||
| CVE-2025-46311 | high | 7.5 | 7.5 | 25d ago | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitiv… | |||
| CVE-2025-40947 | high | 7.5 | 7.5 | 25d ago | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1… | |||
| CVE-2025-40833 | high | 7.5 | 7.5 | 25d ago | The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual res… | |||
| CVE-2025-65418 | high | 7.5 | 7.5 | 26d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url. | |||
| CVE-2025-8154 | high | 7.5 | 7.5 | 26d ago | In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses… | |||
| CVE-2025-65122 | high | 7.5 | 7.5 | 1mo ago | youtube-regex vulnerable to Regex Denial of Service | |||
| CVE-2025-31976 | high | 7.5 | 7.5 | 1mo ago | HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to… | |||
| CVE-2025-71256 | high | 7.5 | 7.5 | 1mo ago | In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71255 | high | 7.5 | 7.5 | 1mo ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71254 | high | 7.5 | 7.5 | 1mo ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71253 | high | 7.5 | 7.5 | 1mo ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71252 | high | 7.5 | 7.5 | 1mo ago | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-71251 | high | 7.5 | 7.5 | 1mo ago | In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | |||
| CVE-2025-66369 | high | 7.5 | 7.5 | 1mo ago | An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem… | |||
| CVE-2025-59032 | high | 7.5 | 7.5 | 1mo ago | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access t… | |||
| CVE-2025-47403 | high | 7.5 | 7.5 | 1mo ago | Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | |||
| CVE-2025-47401 | high | 7.5 | 7.5 | 1mo ago | Transient DOS when processing target power rate tables during channel configuration. | |||
| CVE-2025-70069 | high | 7.5 | 7.5 | 1mo ago | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method | |||
| CVE-2025-63548 | high | 7.5 | 7.5 | 1mo ago | An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field. | |||
| CVE-2025-63547 | high | 7.5 | 7.5 | 1mo ago | An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field | |||
| CVE-2025-36180 | high | 7.5 | 7.5 | 1mo ago | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | |||
| CVE-2025-56568 | high | 7.5 | 7.5 | 1mo ago | Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial … | |||
| CVE-2025-46115 | high | 7.5 | 7.5 | 1mo ago | An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request | |||
| CVE-2025-51846 | high | 7.5 | 7.5 | 1mo ago | CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2. | |||
| CVE-2025-67223 | high | 7.5 | 7.5 | 1mo ago | The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthen… | |||
| CVE-2025-48431 | high | 7.5 | 7.5 | 1mo ago | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, w… | |||
| CVE-2025-69428 | high | 7.5 | 7.5 | 1mo ago | An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. | |||
| CVE-2025-15624 | high | 7.5 | 7.5 | 2mo ago | Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, P… | |||
| CVE-2025-15623 | high | 7.5 | 7.5 | 2mo ago | Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud… | |||
| CVE-2025-67805 | high | 7.5 | 7.5 | 2mo ago | A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table … | |||
| CVE-2025-59028 | high | 7.5 | 7.5 | 2mo ago | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable serv… | |||
| CVE-2025-70030 | high | 7.5 | 7.5 | 3mo ago | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | |||
| CVE-2025-70034 | high | 7.5 | 7.5 | 3mo ago | An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. | |||
| CVE-2025-69654 | high | 7.5 | 7.5 | 3mo ago | A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory… | |||
| CVE-2025-70363 | high | 7.5 | 7.5 | 3mo ago | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs. | |||
| CVE-2025-69340 | high | 7.5 | 7.5 | 3mo ago | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2025-63912 | high | 7.5 | 7.5 | 3mo ago | Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose… | |||
| CVE-2025-69373 | high | 7.5 | 7.5 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects … | |||
| CVE-2025-69298 | high | 7.5 | 7.5 | 4mo ago | Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. | |||
| CVE-2025-68841 | high | 7.5 | 7.5 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder topper-pa… | |||
| CVE-2025-68834 | high | 7.5 | 7.5 | 4mo ago | Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Contro… | |||
| CVE-2025-8590 | high | 7.5 | 7.5 | 4mo ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows Directory Indexing. This issue affects SKSPro: through … | |||
| CVE-2025-7714 | high | 7.5 | 7.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line… | |||
| CVE-2025-7713 | high | 7.5 | 7.5 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS T… | |||
| CVE-2025-69420 | high | 7.5 | 7.5 | 4mo ago | Important: openssl security update | |||
| CVE-2025-69421 | high | 7.5 | 7.5 | 4mo ago | Important: openssl security update | |||
| CVE-2025-9086 | high | 7.5 | 7.5 | 4mo ago | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the … | |||
| CVE-2025-13836 | high | 7.5 | 7.5 | 4mo ago | Moderate: python3.12 security update | |||
| CVE-2025-68907 | high | 7.5 | 7.5 | 5mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= … | |||
| CVE-2025-10855 | high | 7.5 | 7.5 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers. This issue affects Teknoera: through 01102… | |||
| CVE-2025-10024 | high | 7.5 | 7.5 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education M… | |||
| CVE-2025-71066 | high | 7.5 | 7.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: Th… | |||
| CVE-2025-46255 | high | 7.5 | 7.5 | 5mo ago | Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. | |||
| CVE-2025-68850 | high | 7.5 | 7.5 | 5mo ago | Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a thr… | |||
| CVE-2025-15456 | high | 7.5 | 7.5 | 5mo ago | A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation le… | |||
| CVE-2025-15126 | high | 7.5 | 7.5 | 5mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the arg… | |||
| CVE-2025-65857 | high | 7.5 | 7.5 | 6mo ago | An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct una… | |||
| CVE-2025-7358 | high | 7.5 | 7.5 | 6mo ago | Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse. This issue affects SoliClub: before 5.3.7. | |||
| CVE-2025-1031 | high | 7.5 | 7.5 | 6mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7. | |||
| CVE-2025-1030 | high | 7.5 | 7.5 | 6mo ago | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information. This issue affects SoliClub: from 5.… | |||
| CVE-2025-1029 | high | 7.5 | 7.5 | 6mo ago | Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable. This issue affects SoliClub: from 5.2.4 before 5.3.7. | |||
| CVE-2025-60078 | high | 7.5 | 7.5 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File… | |||
| CVE-2025-58938 | high | 7.5 | 7.5 | 6mo ago | Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2… | |||
| CVE-2025-13474 | high | 7.5 | 7.5 | 6mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers. This issue affects Mobile App: before 9.5.8. | |||
| CVE-2025-68065 | high | 7.5 | 7.5 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core allows PHP Local File Inclusion. This issue affects Hub… | |||
| CVE-2025-14521 | high | 7.5 | 7.5 | 6mo ago | A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. S… | |||
| CVE-2025-55752 | high | 7.5 | 7.5 | 6mo ago | Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the po… | |||
| CVE-2025-14206 | high | 7.5 | 7.5 | 6mo ago | A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler.… | |||
| CVE-2025-13295 | high | 7.5 | 7.5 | 6mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.9. | |||
| CVE-2025-59375 | high | 7.5 | 7.5 | 6mo ago | Important: python3.12 security update | |||
| CVE-2025-13239 | high | 7.5 | 7.5 | 7mo ago | A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkou… | |||
| CVE-2025-13033 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient addres… | |||
| CVE-2025-9230 | high | 7.5 | 7.5 | 7mo ago | Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigge… | |||
| CVE-2025-60189 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP … | |||
| CVE-2025-48330 | high | 7.5 | 7.5 | 7mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gra… | |||
| CVE-2025-12326 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. … | |||
| CVE-2025-12276 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation result… | |||
| CVE-2025-12270 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id… | |||
| CVE-2025-11145 | high | 7.5 | 7.5 | 8mo ago | Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Elect… | |||
| CVE-2025-53066 | high | 7.5 | 7.5 | 8mo ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2025-62022 | high | 7.5 | 7.5 | 8mo ago | Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4. | |||
| CVE-2025-49935 | high | 7.5 | 7.5 | 8mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects Wo… | |||
| CVE-2025-49925 | high | 7.5 | 7.5 | 8mo ago | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | |||
| CVE-2025-49921 | high | 7.5 | 7.5 | 8mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue a… | |||
| CVE-2025-48338 | high | 7.5 | 7.5 | 8mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local Fi… | |||
| CVE-2025-11914 | high | 7.5 | 7.5 | 8mo ago | A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulat… | |||
| CVE-2025-9902 | high | 7.5 | 7.5 | 8mo ago | Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse. This issue affects QRMenu: from 1.05… | |||
| CVE-2025-11026 | high | 7.5 | 7.5 | 8mo ago | A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes informat… | |||
| CVE-2025-40838 | high | 7.5 | 7.5 | 8mo ago | Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. | |||
| CVE-2025-10468 | high | 7.5 | 7.5 | 9mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal. This issue affects CityPlus: before 24.29375. | |||
| CVE-2025-10236 | high | 7.5 | 7.5 | 9mo ago | A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Ha… | |||
| CVE-2025-54376 | high | 7.5 | 7.5 | 9mo ago | WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly | |||
| CVE-2025-32689 | high | 7.5 | 7.5 | 9mo ago | Improper Validation of Specified Quantity in Input vulnerability in Convers Lab WP SmartPay smartpay.This issue affects WP SmartPay: from n/a through <= 2.8.2. | |||
| CVE-2025-9848 | high | 7.5 | 7.5 | 9mo ago | A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to… | |||
| CVE-2025-9805 | high | 7.5 | 7.5 | 9mo ago | A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipula… | |||
| CVE-2025-9742 | high | 7.5 | 7.5 | 9mo ago | A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass le… |