CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9461 | high | 7.5 | 7.5 | 10mo ago | A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component F… | |||
| CVE-2025-9241 | high | 7.5 | 7.5 | 10mo ago | A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been ma… | |||
| CVE-2025-5261 | high | 7.5 | 7.5 | 10mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers. This issue affects Pik Online: before 3.1.5. | |||
| CVE-2025-49428 | high | 7.5 | 7.5 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3. | |||
| CVE-2025-48989 | high | 7.5 | 7.5 | 10mo ago | Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0… | |||
| CVE-2025-8708 | high | 7.5 | 7.5 | 10mo ago | A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the co… | |||
| CVE-2025-8348 | high | 7.5 | 7.5 | 10mo ago | A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper auth… | |||
| CVE-2025-8260 | high | 7.5 | 7.5 | 10mo ago | A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation o… | |||
| CVE-2025-8175 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the … | |||
| CVE-2025-4130 | high | 7.5 | 7.5 | 11mo ago | Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable. This issue affects PAVO Pay: before 13.05.2025. | |||
| CVE-2025-4129 | high | 7.5 | 7.5 | 11mo ago | Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: before 13.05.2025. | |||
| CVE-2025-1469 | high | 7.5 | 7.5 | 11mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers. This issue affects Eyotek: before 11.03.2025. | |||
| CVE-2025-7875 | high | 7.5 | 7.5 | 11mo ago | A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It … | |||
| CVE-2025-7754 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation… | |||
| CVE-2025-53816 | high | 7.5 | 7.5 | 11mo ago | 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Ve… | |||
| CVE-2025-52803 | high | 7.5 | 7.5 | 11mo ago | Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | |||
| CVE-2025-7626 | high | 7.5 | 7.5 | 11mo ago | A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerability is the function onlinePrevi… | |||
| CVE-2025-7616 | high | 7.5 | 7.5 | 11mo ago | A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the component Public API. The manipu… | |||
| CVE-2025-7424 | high | 7.5 | 7.5 | 11mo ago | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allow… | |||
| CVE-2025-6021 | high | 7.5 | 7.5 | 11mo ago | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a de… | |||
| CVE-2025-7114 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim… | |||
| CVE-2025-7103 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. … | |||
| CVE-2025-7074 | high | 7.5 | 7.5 | 11mo ago | A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulati… | |||
| CVE-2025-47627 | high | 7.5 | 7.5 | 11mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issu… | |||
| CVE-2025-6772 | high | 7.5 | 7.5 | 11mo ago | A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of … | |||
| CVE-2025-49451 | high | 7.5 | 7.5 | 1y ago | Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects A… | |||
| CVE-2025-47572 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects… | |||
| CVE-2025-32549 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from… | |||
| CVE-2025-49795 | high | 7.5 | 7.5 | 1y ago | A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of ser… | |||
| CVE-2025-5895 | high | 7.5 | 7.5 | 1y ago | A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inef… | |||
| CVE-2025-5892 | high | 7.5 | 7.5 | 1y ago | A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/pa… | |||
| CVE-2025-48261 | high | 7.5 | 7.5 | 1y ago | Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from … | |||
| CVE-2025-31635 | high | 7.5 | 7.5 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER… | |||
| CVE-2025-5780 | high | 7.5 | 7.5 | 1y ago | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The mani… | |||
| CVE-2025-5779 | high | 7.5 | 7.5 | 1y ago | A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. … | |||
| CVE-2025-5762 | high | 7.5 | 7.5 | 1y ago | A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation o… | |||
| CVE-2025-5729 | high | 7.5 | 7.5 | 1y ago | A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The… | |||
| CVE-2025-47541 | high | 7.5 | 7.5 | 1y ago | Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7. | |||
| CVE-2025-46454 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows P… | |||
| CVE-2025-39451 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n… | |||
| CVE-2025-39449 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2… | |||
| CVE-2025-39447 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: … | |||
| CVE-2025-26735 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9. | |||
| CVE-2025-39492 | high | 7.5 | 7.5 | 1y ago | Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||
| CVE-2025-0130 | high | 7.5 | 7.5 | 1y ago | A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the f… | |||
| CVE-2025-47653 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recal… | |||
| CVE-2025-39391 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce checkout-field-visibility-fo… | |||
| CVE-2025-26968 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a thr… | |||
| CVE-2025-27008 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in NotFound Unlimited Timeline unlimited-timeline allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Unlimited Timeline: from n/a t… | |||
| CVE-2025-26953 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9. | |||
| CVE-2025-26730 | high | 7.5 | 7.5 | 1y ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Ema… | |||
| CVE-2025-26958 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3. | |||
| CVE-2025-26942 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1. | |||
| CVE-2025-26687 | high | 7.5 | 7.5 | 1y ago | Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-31001 | high | 7.5 | 7.5 | 1y ago | Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through <= 2.4.0. | |||
| CVE-2025-25374 | high | 7.5 | 7.5 | 1y ago | In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | |||
| CVE-2025-25372 | high | 7.5 | 7.5 | 1y ago | NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. | |||
| CVE-2025-25371 | high | 7.5 | 7.5 | 1y ago | NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||
| CVE-2025-26905 | high | 7.5 | 7.5 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik estatik allows PHP Local File Inclusion.This issue affects Estatik: from n/a through <=… | |||
| CVE-2025-26760 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclus… | |||
| CVE-2025-26757 | high | 7.5 | 7.5 | 1y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This… | |||
| CVE-2025-24556 | high | 7.5 | 7.5 | 1y ago | Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle moowoodle allows Retrieve Embedded Sensitive Data.This issue affects MooWoodle: from n/a through <= 3.2.4. | |||
| CVE-2025-14774 | high | 7.4 | 7.4 | 3d ago | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |||
| CVE-2025-64390 | high | 7.4 | 7.4 | 4d ago | A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file. | |||
| CVE-2025-69419 | high | 7.4 | 7.4 | 4mo ago | RHSA-2026:3042: openssl security update (Moderate) | |||
| CVE-2025-61813 | high | 7.4 | 7.4 | 6mo ago | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. … | |||
| CVE-2025-11648 | high | 7.4 | 7.4 | 8mo ago | A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to se… | |||
| CVE-2025-8182 | high | 7.4 | 7.4 | 11mo ago | A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation l… | |||
| CVE-2025-6931 | high | 7.4 | 7.4 | 11mo ago | A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the c… | |||
| CVE-2025-5276 | high | 7.4 | 7.4 | 1y ago | Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function | |||
| CVE-2025-70103 | high | 7.3 | 7.3 | 11d ago | Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. | |||
| CVE-2025-70950 | high | 7.3 | 7.3 | 18d ago | gohttp is vulnerable to directory traversal via a crafted request | |||
| CVE-2025-51427 | high | 7.3 | 7.3 | 18d ago | ModelScope is vulnerable to arbitrary code injection via a crafted module | |||
| CVE-2025-27853 | high | 7.3 | 7.3 | 24d ago | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser… | |||
| CVE-2025-61314 | high | 7.3 | 7.3 | 26d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in… | |||
| CVE-2025-61313 | high | 7.3 | 7.3 | 26d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascrip… | |||
| CVE-2025-61312 | high | 7.3 | 7.3 | 26d ago | A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in … | |||
| CVE-2025-61311 | high | 7.3 | 7.3 | 26d ago | A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t… | |||
| CVE-2025-10908 | high | 7.3 | 7.3 | 26d ago | Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security … | |||
| CVE-2025-50328 | high | 7.3 | 7.3 | 1mo ago | A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and e… | |||
| CVE-2025-7024 | high | 7.3 | 7.3 | 2mo ago | Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a u… | |||
| CVE-2025-69720 | high | 7.3 | 7.3 | 3mo ago | The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | |||
| CVE-2025-9062 | high | 7.3 | 7.3 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. … | |||
| CVE-2025-10463 | high | 7.3 | 7.3 | 4mo ago | Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse. This issue affects Senseway: through 09022026. NOTE: Bec… | |||
| CVE-2025-15426 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted uplo… | |||
| CVE-2025-15264 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can… | |||
| CVE-2025-15142 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql i… | |||
| CVE-2025-15140 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation… | |||
| CVE-2025-15109 | high | 7.3 | 7.3 | 5mo ago | A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This mani… | |||
| CVE-2025-15097 | high | 7.3 | 7.3 | 5mo ago | A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The att… | |||
| CVE-2025-15076 | high | 7.3 | 7.3 | 5mo ago | A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T… | |||
| CVE-2025-15053 | high | 7.3 | 7.3 | 6mo ago | A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can … | |||
| CVE-2025-13183 | high | 7.3 | 7.3 | 6mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS. This issue affects Otello: from 2.4.0 befo… | |||
| CVE-2025-14207 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. … | |||
| CVE-2025-14192 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth_login.php. Performing manipulation… | |||
| CVE-2025-14190 | high | 7.3 | 7.3 | 6mo ago | A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UI… | |||
| CVE-2025-14189 | high | 7.3 | 7.3 | 6mo ago | A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql inject… | |||
| CVE-2025-14091 | high | 7.3 | 7.3 | 6mo ago | A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Produ… | |||
| CVE-2025-13792 | high | 7.3 | 7.3 | 6mo ago | A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a man… | |||
| CVE-2025-13395 | high | 7.3 | 7.3 | 7mo ago | A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results… |