CVEs from 2025
Total
8,956
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59001 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through … | |||
| CVE-2025-14531 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in… | |||
| CVE-2025-13125 | medium | 4.3 | 4.3 | 6mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Tr… | |||
| CVE-2025-62869 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access … | |||
| CVE-2025-49350 | medium | 4.3 | 4.3 | 6mo ago | Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actio… | |||
| CVE-2025-14220 | medium | 4.3 | 4.3 | 6mo ago | A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated… | |||
| CVE-2025-14183 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipul… | |||
| CVE-2025-14105 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation … | |||
| CVE-2025-13129 | medium | 4.3 | 4.3 | 6mo ago | Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse. This issue… | |||
| CVE-2025-13807 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/… | |||
| CVE-2025-13804 | medium | 4.3 | 4.3 | 6mo ago | NutzBoot vulnerable to information disclosure | |||
| CVE-2025-13802 | medium | 4.3 | 4.3 | 6mo ago | A vulnerability was determined in jairiidriss RestaurantWebsite up to e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. Impacted is an unknown function of the component Make a Reservation. This manipulation … | |||
| CVE-2025-13793 | medium | 4.3 | 4.3 | 6mo ago | A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_me… | |||
| CVE-2025-13118 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in… | |||
| CVE-2025-12917 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to… | |||
| CVE-2025-10966 | medium | 4.3 | 4.3 | 7mo ago | curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and… | |||
| CVE-2025-12626 | medium | 4.3 | 4.3 | 7mo ago | A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Perfo… | |||
| CVE-2025-58939 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5. | |||
| CVE-2025-12304 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the componen… | |||
| CVE-2025-12297 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be lau… | |||
| CVE-2025-12290 | medium | 4.3 | 4.3 | 7mo ago | A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359.… | |||
| CVE-2025-12289 | medium | 4.3 | 4.3 | 7mo ago | A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/ind… | |||
| CVE-2025-12267 | medium | 4.3 | 4.3 | 7mo ago | A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. Th… | |||
| CVE-2025-58918 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7. | |||
| CVE-2025-62958 | medium | 4.3 | 4.3 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Con… | |||
| CVE-2025-12202 | medium | 4.3 | 4.3 | 7mo ago | A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation resu… | |||
| CVE-2025-49937 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash… | |||
| CVE-2025-49922 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetche… | |||
| CVE-2025-49907 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/… | |||
| CVE-2025-49373 | medium | 4.3 | 4.3 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Po… | |||
| CVE-2025-43368 | medium | 4.3 | 4.3 | 8mo ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an… | |||
| CVE-2025-54196 | medium | 4.3 | 4.3 | 8mo ago | Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicio… | |||
| CVE-2025-11442 | medium | 4.3 | 4.3 | 8mo ago | A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. … | |||
| CVE-2025-11440 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be execut… | |||
| CVE-2025-11439 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote e… | |||
| CVE-2025-11406 | medium | 4.3 | 4.3 | 8mo ago | A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangq… | |||
| CVE-2025-0607 | medium | 4.3 | 4.3 | 8mo ago | Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing. This issue affects Logo Cloud: before 2.57. | |||
| CVE-2025-11321 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookCont… | |||
| CVE-2025-11291 | medium | 4.3 | 4.3 | 8mo ago | A security flaw has been discovered in ixmaps website2017 up to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0. This impacts an unknown function of the file /map.php of the component HTTP GET Request Handl… | |||
| CVE-2025-11278 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in AllStarLink Supermon up to 6.2. This vulnerability affects unknown code of the component AllMon2. The manipulation leads to cross site scripting. The att… | |||
| CVE-2025-11125 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.… | |||
| CVE-2025-11080 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/… | |||
| CVE-2025-11034 | medium | 4.3 | 4.3 | 8mo ago | A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of t… | |||
| CVE-2025-11016 | medium | 4.3 | 4.3 | 8mo ago | A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of th… | |||
| CVE-2025-60143 | medium | 4.3 | 4.3 | 8mo ago | Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69. | |||
| CVE-2025-9031 | medium | 4.3 | 4.3 | 9mo ago | Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2… | |||
| CVE-2025-58246 | medium | 4.3 | 4.3 | 9mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on … | |||
| CVE-2025-10822 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authori… | |||
| CVE-2025-10821 | medium | 4.3 | 4.3 | 9mo ago | A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorizati… | |||
| CVE-2025-10820 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can… | |||
| CVE-2025-10819 | medium | 4.3 | 4.3 | 9mo ago | A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper … | |||
| CVE-2025-58016 | medium | 4.3 | 4.3 | 9mo ago | Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from … | |||
| CVE-2025-57978 | medium | 4.3 | 4.3 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects A… | |||
| CVE-2025-57924 | medium | 4.3 | 4.3 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. | |||
| CVE-2025-53452 | medium | 4.3 | 4.3 | 9mo ago | Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3. | |||
| CVE-2025-10766 | medium | 4.3 | 4.3 | 9mo ago | A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path… | |||
| CVE-2025-10711 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Na… | |||
| CVE-2025-10710 | medium | 4.3 | 4.3 | 9mo ago | A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The … | |||
| CVE-2025-10676 | medium | 4.3 | 4.3 | 9mo ago | A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The a… | |||
| CVE-2025-10675 | medium | 4.3 | 4.3 | 9mo ago | A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper author… | |||
| CVE-2025-10674 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper aut… | |||
| CVE-2025-8276 | medium | 4.3 | 4.3 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a D… | |||
| CVE-2025-2404 | medium | 4.3 | 4.3 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS). This issue affects… | |||
| CVE-2025-10485 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function ppt_log of the file /login of the component HTTP Header Handler.… | |||
| CVE-2025-10422 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler.… | |||
| CVE-2025-10386 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the a… | |||
| CVE-2025-10245 | medium | 4.3 | 4.3 | 9mo ago | A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulati… | |||
| CVE-2025-10233 | medium | 4.3 | 4.3 | 9mo ago | A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument … | |||
| CVE-2025-10229 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect… | |||
| CVE-2025-10084 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to im… | |||
| CVE-2025-10073 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possi… | |||
| CVE-2025-58800 | medium | 4.3 | 4.3 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through <= 2.8.5. | |||
| CVE-2025-58794 | medium | 4.3 | 4.3 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from … | |||
| CVE-2025-9936 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack … | |||
| CVE-2025-9836 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authori… | |||
| CVE-2025-9835 | medium | 4.3 | 4.3 | 9mo ago | A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorizatio… | |||
| CVE-2025-49405 | medium | 4.3 | 4.3 | 9mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: f… | |||
| CVE-2025-48350 | medium | 4.3 | 4.3 | 9mo ago | Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from … | |||
| CVE-2025-9263 | medium | 4.3 | 4.3 | 10mo ago | xxl-job Vulnerable to Resource Injection and Authorization Bypass Through User-Controlled Key | |||
| CVE-2025-9240 | medium | 4.3 | 4.3 | 10mo ago | A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The a… | |||
| CVE-2025-9108 | medium | 4.3 | 4.3 | 10mo ago | Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely. | |||
| CVE-2025-9094 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements us… | |||
| CVE-2025-8991 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler… | |||
| CVE-2025-8852 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to informat… | |||
| CVE-2025-8814 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipul… | |||
| CVE-2025-8808 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component… | |||
| CVE-2025-8793 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to… | |||
| CVE-2025-8792 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security… | |||
| CVE-2025-8790 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. T… | |||
| CVE-2025-8789 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The man… | |||
| CVE-2025-8772 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of… | |||
| CVE-2025-8739 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument ta… | |||
| CVE-2025-8505 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cr… | |||
| CVE-2025-8335 | medium | 4.3 | 4.3 | 10mo ago | A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possi… | |||
| CVE-2025-8223 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTy… | |||
| CVE-2025-7938 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads t… | |||
| CVE-2025-7907 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml o… | |||
| CVE-2025-7834 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. I… | |||
| CVE-2025-7785 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.j… | |||
| CVE-2025-7763 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.… |