CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11655 | medium | 4.7 | 4.7 | 8mo ago | A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipula… | |||
| CVE-2025-11628 | medium | 4.7 | 4.7 | 8mo ago | A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inv… | |||
| CVE-2025-0609 | medium | 4.7 | 4.7 | 8mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS). This issue affects Logo … | |||
| CVE-2025-11286 | medium | 4.7 | 4.7 | 8mo ago | A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of… | |||
| CVE-2025-11141 | medium | 4.7 | 4.7 | 8mo ago | A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of th… | |||
| CVE-2025-11073 | medium | 4.7 | 4.7 | 8mo ago | A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Req… | |||
| CVE-2025-10774 | medium | 4.7 | 4.7 | 9mo ago | A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os co… | |||
| CVE-2025-7702 | medium | 4.7 | 4.7 | 9mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd. Co. Manageable Email Sending System allows Exploiting Trust in C… | |||
| CVE-2025-0547 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting (XSS). This issue affects Bizmu: from … | |||
| CVE-2025-0879 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shopside Software Shopside App allows Cross-Site Scripting (XSS). This issue requires high… | |||
| CVE-2025-0546 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows … | |||
| CVE-2025-0420 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting (XSS). This issue affects Paraşüt: f… | |||
| CVE-2025-0419 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting (XSS). This is… | |||
| CVE-2025-39813 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading tra… | |||
| CVE-2025-10107 | medium | 4.7 | 4.7 | 9mo ago | A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command in… | |||
| CVE-2025-39825 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process als… | |||
| CVE-2025-39713 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full c… | |||
| CVE-2025-39673 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can… | |||
| CVE-2025-38687 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comed… | |||
| CVE-2025-38681 | medium | 4.7 | 4.7 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page tabl… | |||
| CVE-2025-0878 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS). This issue affects LimonDesk: from … | |||
| CVE-2025-0670 | medium | 4.7 | 4.7 | 9mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure. This issue affects ProKuafor: from s1.02.07 before v1.02.08. | |||
| CVE-2025-0640 | medium | 4.7 | 4.7 | 9mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure. This issue affects OctoCloud: from s1.09.02 before v1.11.01. | |||
| CVE-2025-8774 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. Th… | |||
| CVE-2025-8520 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Edito… | |||
| CVE-2025-38477 | medium | 4.7 | 4.7 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (call… | |||
| CVE-2025-8265 | medium | 4.7 | 4.7 | 10mo ago | A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to … | |||
| CVE-2025-8206 | medium | 4.7 | 4.7 | 11mo ago | A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to… | |||
| CVE-2025-4296 | medium | 4.7 | 4.7 | 11mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing. This issue affects B2B: before 04.06.2025. | |||
| CVE-2025-6870 | medium | 4.7 | 4.7 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service.… | |||
| CVE-2025-38083 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the… | |||
| CVE-2025-6299 | medium | 4.7 | 4.7 | 1y ago | A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to… | |||
| CVE-2025-5695 | medium | 4.7 | 4.7 | 1y ago | A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscripti… | |||
| CVE-2025-31257 | medium | 4.7 | 4.7 | 1y ago | This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously… | |||
| CVE-2025-30781 | medium | 4.7 | 4.7 | 1y ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This is… | |||
| CVE-2025-0877 | medium | 4.7 | 4.7 | 1y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting (XSS). This issue affe… | |||
| CVE-2025-0545 | medium | 4.7 | 4.7 | 1y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS). This issue affects… | |||
| CVE-2025-21701 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered whi… | |||
| CVE-2025-38393 | medium | 4.7 | 4.7 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page… | |||
| CVE-2025-15645 | medium | 4.6 | 4.6 | 19d ago | Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. A… | |||
| CVE-2025-40900 | medium | 4.6 | 4.6 | 19d ago | An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a mal… | |||
| CVE-2025-31983 | medium | 4.6 | 4.6 | 1mo ago | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-sit… | |||
| CVE-2025-31978 | medium | 4.6 | 4.6 | 1mo ago | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields whic… | |||
| CVE-2025-13453 | medium | 4.6 | 4.6 | 5mo ago | A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | |||
| CVE-2025-15083 | medium | 4.6 | 4.6 | 5mo ago | A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test int… | |||
| CVE-2025-11570 | medium | 4.6 | 4.6 | 8mo ago | drupal-pattern-lab/unified-twig-extensions is vulnerable to XXS | |||
| CVE-2025-8079 | medium | 4.6 | 4.6 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.… | |||
| CVE-2025-4295 | medium | 4.6 | 4.6 | 11mo ago | Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects B2B: before 04.06.2025. | |||
| CVE-2025-5874 | medium | 4.6 | 4.6 | 1y ago | A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handl… | |||
| CVE-2025-4877 | medium | 4.5 | 4.5 | 19d ago | Moderate: libssh security update | |||
| CVE-2025-11947 | medium | 4.5 | 4.5 | 8mo ago | A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-… | |||
| CVE-2025-10767 | medium | 4.5 | 4.5 | 9mo ago | A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handl… | |||
| CVE-2025-9474 | medium | 4.5 | 4.5 | 10mo ago | A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation resul… | |||
| CVE-2025-33221 | medium | 4.4 | 4.4 | 12d ago | NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of… | |||
| CVE-2025-11568 | medium | 4.4 | 4.4 | 19d ago | RHSA-2025:23086: luksmeta security update (Moderate) | |||
| CVE-2025-9989 | medium | 4.4 | 4.4 | 25d ago | The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output esc… | |||
| CVE-2025-36105 | medium | 4.4 | 4.4 | 3mo ago | IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | |||
| CVE-2025-14702 | medium | 4.4 | 4.4 | 6mo ago | A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path tr… | |||
| CVE-2025-14698 | medium | 4.4 | 4.4 | 6mo ago | A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation ca… | |||
| CVE-2025-8210 | medium | 4.4 | 4.4 | 11mo ago | A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.y… | |||
| CVE-2025-8207 | medium | 4.4 | 4.4 | 11mo ago | A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component… | |||
| CVE-2025-2301 | medium | 4.4 | 4.4 | 11mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers. This issue affects Online Exam Registration: bef… | |||
| CVE-2025-5278 | medium | 4.4 | 4.4 | 1y ago | A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafte… | |||
| CVE-2025-52611 | medium | 4.3 | 4.3 | 3d ago | HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Spec… | |||
| CVE-2025-52608 | medium | 4.3 | 4.3 | 3d ago | HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path… | |||
| CVE-2025-52606 | medium | 4.3 | 4.3 | 3d ago | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain… | |||
| CVE-2025-53346 | medium | 4.3 | 4.3 | 5d ago | Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3. | |||
| CVE-2025-14481 | medium | 4.3 | 4.3 | 11d ago | The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search R… | |||
| CVE-2025-70116 | medium | 4.3 | 4.3 | 11d ago | A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media… | |||
| CVE-2025-4202 | medium | 4.3 | 4.3 | 22d ago | The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu… | |||
| CVE-2025-62311 | medium | 4.3 | 4.3 | 24d ago | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized a… | |||
| CVE-2025-13874 | medium | 4.3 | 4.3 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest … | |||
| CVE-2025-9988 | medium | 4.3 | 4.3 | 25d ago | The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This mak… | |||
| CVE-2025-15634 | medium | 4.3 | 4.3 | 29d ago | A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized… | |||
| CVE-2025-59809 | medium | 4.3 | 4.3 | 2mo ago | A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4… | |||
| CVE-2025-59031 | medium | 4.3 | 4.3 | 2mo ago | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended file… | |||
| CVE-2025-67972 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zoho ZeptoMail: from n/a through 3.2.9. | |||
| CVE-2025-65717 | medium | 4.3 | 4.3 | 4mo ago | An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page. | |||
| CVE-2025-2418 | medium | 4.3 | 4.3 | 4mo ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before … | |||
| CVE-2025-69353 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN… | |||
| CVE-2025-69348 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2025-69346 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through <= 1.3.9.… | |||
| CVE-2025-69345 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post… | |||
| CVE-2025-69327 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manag… | |||
| CVE-2025-53344 | medium | 4.3 | 4.3 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3. | |||
| CVE-2025-31046 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a throu… | |||
| CVE-2025-49352 | medium | 4.3 | 4.3 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Acces… | |||
| CVE-2025-49340 | medium | 4.3 | 4.3 | 5mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Di… | |||
| CVE-2025-49339 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: fro… | |||
| CVE-2025-62080 | medium | 4.3 | 4.3 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects… | |||
| CVE-2025-15373 | medium | 4.3 | 4.3 | 5mo ago | A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It… | |||
| CVE-2025-69013 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1. | |||
| CVE-2025-69012 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from … | |||
| CVE-2025-15213 | medium | 4.3 | 4.3 | 5mo ago | A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The m… | |||
| CVE-2025-15156 | medium | 4.3 | 4.3 | 5mo ago | A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Sessi… | |||
| CVE-2025-15118 | medium | 4.3 | 4.3 | 5mo ago | A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulati… | |||
| CVE-2025-15106 | medium | 4.3 | 4.3 | 5mo ago | A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executin… | |||
| CVE-2025-15087 | medium | 4.3 | 4.3 | 5mo ago | A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controlle… | |||
| CVE-2025-15086 | medium | 4.3 | 4.3 | 5mo ago | A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Member… | |||
| CVE-2025-7047 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse. This issue affects SoliClub: before 5.3.7. |