CVEs from 2025
Total
8,818
critical
critical 1,314
high
high 1,959
medium
medium 1,968
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11113 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection.… | |||
| CVE-2025-11104 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid result… | |||
| CVE-2025-11100 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to la… | |||
| CVE-2025-11099 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes comman… | |||
| CVE-2025-11098 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command i… | |||
| CVE-2025-11097 | high | 8.8 | 8.8 | 8mo ago | A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The att… | |||
| CVE-2025-11096 | high | 8.8 | 8.8 | 8mo ago | A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command… | |||
| CVE-2025-11095 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in … | |||
| CVE-2025-11092 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes comm… | |||
| CVE-2025-11090 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected is an unknown function of the file /admin/employee/index.php?view=edit. The manipulation of the argument ID leads t… | |||
| CVE-2025-11088 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes … | |||
| CVE-2025-11078 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipul… | |||
| CVE-2025-11054 | high | 8.8 | 8.8 | 8mo ago | A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of … | |||
| CVE-2025-11050 | high | 8.8 | 8.8 | 8mo ago | A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be exe… | |||
| CVE-2025-11049 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authori… | |||
| CVE-2025-11048 | high | 8.8 | 8.8 | 8mo ago | A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to im… | |||
| CVE-2025-11047 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorizati… | |||
| CVE-2025-11041 | high | 8.8 | 8.8 | 8mo ago | A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the ar… | |||
| CVE-2025-11038 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in itsourcecode Online Clinic Management System 1.0. Affected is an unknown function of the file /details.php?action=post. Executing manipulation of the argument ID can… | |||
| CVE-2025-11029 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remote… | |||
| CVE-2025-10989 | high | 8.8 | 8.8 | 8mo ago | A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument us… | |||
| CVE-2025-10988 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possibl… | |||
| CVE-2025-10987 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This … | |||
| CVE-2025-10964 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabl… | |||
| CVE-2025-10963 | high | 8.8 | 8.8 | 8mo ago | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in comma… | |||
| CVE-2025-10962 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument… | |||
| CVE-2025-10960 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation … | |||
| CVE-2025-10959 | high | 8.8 | 8.8 | 8mo ago | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to… | |||
| CVE-2025-10958 | high | 8.8 | 8.8 | 8mo ago | A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr c… | |||
| CVE-2025-10848 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in Campcodes Society Membership Information System 1.0. This issue affects some unknown processing of the file /check_student.php. Such manipulation of the argument stu… | |||
| CVE-2025-10846 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sq… | |||
| CVE-2025-10845 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. … | |||
| CVE-2025-10844 | high | 8.8 | 8.8 | 8mo ago | A vulnerability has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/Cadastro/aluno. The manipulation of the argument is leads to… | |||
| CVE-2025-10840 | high | 8.8 | 8.8 | 8mo ago | A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/print-payment.php. This manipulation of the argument sql111 … | |||
| CVE-2025-10839 | high | 8.8 | 8.8 | 8mo ago | A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argum… | |||
| CVE-2025-10835 | high | 8.8 | 8.8 | 8mo ago | A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/view_payorder.php. Performing manipulation of the argum… | |||
| CVE-2025-10828 | high | 8.8 | 8.8 | 8mo ago | A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads… | |||
| CVE-2025-10826 | high | 8.8 | 8.8 | 8mo ago | A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. Th… | |||
| CVE-2025-10825 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewi… | |||
| CVE-2025-10814 | high | 8.8 | 8.8 | 8mo ago | A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument por… | |||
| CVE-2025-10807 | high | 8.8 | 8.8 | 9mo ago | A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation… | |||
| CVE-2025-10806 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the… | |||
| CVE-2025-10805 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sernam… | |||
| CVE-2025-10804 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of… | |||
| CVE-2025-10790 | high | 8.8 | 8.8 | 9mo ago | A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument… | |||
| CVE-2025-10780 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Re… | |||
| CVE-2025-10764 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action Sys… | |||
| CVE-2025-10707 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. Th… | |||
| CVE-2025-10634 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. Th… | |||
| CVE-2025-10629 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgi_main of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executi… | |||
| CVE-2025-10628 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulatio… | |||
| CVE-2025-10627 | high | 8.8 | 8.8 | 9mo ago | A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/delete_user.php. Such manipulation of the argument ID leads to sql in… | |||
| CVE-2025-10626 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/update_s3.php. This manipulation of the argument credi… | |||
| CVE-2025-10625 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /user/dashboard.php?page=update_profile. The man… | |||
| CVE-2025-10620 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in itsourcecode Online Clinic Management System 1.0. This vulnerability affects unknown code of the file /editp2.php. Executing manipulation of the argument id/firstname/lastnam… | |||
| CVE-2025-10618 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the… | |||
| CVE-2025-10617 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argum… | |||
| CVE-2025-10616 | high | 8.8 | 8.8 | 9mo ago | A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack c… | |||
| CVE-2025-10615 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can … | |||
| CVE-2025-10613 | high | 8.8 | 8.8 | 9mo ago | A vulnerability has been found in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument level_id lead… | |||
| CVE-2025-10608 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access contro… | |||
| CVE-2025-10602 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of th… | |||
| CVE-2025-10595 | high | 8.8 | 8.8 | 9mo ago | A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation o… | |||
| CVE-2025-10594 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipula… | |||
| CVE-2025-10593 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipulation of the argumen… | |||
| CVE-2025-10592 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Su… | |||
| CVE-2025-10483 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/save_user.php. This manipulation of th… | |||
| CVE-2025-10481 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument… | |||
| CVE-2025-10471 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side … | |||
| CVE-2025-10442 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command… | |||
| CVE-2025-10431 | high | 8.8 | 8.8 | 9mo ago | A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/ajax_represent.php. Such manipulation of the argument ID leads t… | |||
| CVE-2025-10430 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/barcode.php. This manipulation of the argument ID… | |||
| CVE-2025-10429 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_product.php. The manipulation o… | |||
| CVE-2025-10428 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler.… | |||
| CVE-2025-10427 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument w… | |||
| CVE-2025-10421 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /update_account.php. Executing manipulation of the argument ID can lead to sql … | |||
| CVE-2025-10420 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. … | |||
| CVE-2025-10419 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the ar… | |||
| CVE-2025-10418 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argume… | |||
| CVE-2025-10409 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql… | |||
| CVE-2025-10408 | high | 8.8 | 8.8 | 9mo ago | A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argum… | |||
| CVE-2025-10407 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument I… | |||
| CVE-2025-10401 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in… | |||
| CVE-2025-10400 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the arg… | |||
| CVE-2025-10398 | high | 8.8 | 8.8 | 9mo ago | A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument F… | |||
| CVE-2025-10391 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument … | |||
| CVE-2025-10390 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID … | |||
| CVE-2025-10389 | high | 8.8 | 8.8 | 9mo ago | A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. … | |||
| CVE-2025-10387 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/comput… | |||
| CVE-2025-10325 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command … | |||
| CVE-2025-10318 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler… | |||
| CVE-2025-10291 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead… | |||
| CVE-2025-10278 | high | 8.8 | 8.8 | 9mo ago | A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper au… | |||
| CVE-2025-10277 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in imprope… | |||
| CVE-2025-10276 | high | 8.8 | 8.8 | 9mo ago | A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOw… | |||
| CVE-2025-10275 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead… | |||
| CVE-2025-10210 | high | 8.8 | 8.8 | 9mo ago | A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to … | |||
| CVE-2025-48101 | high | 8.8 | 8.8 | 9mo ago | Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1. | |||
| CVE-2025-10110 | high | 8.8 | 8.8 | 9mo ago | A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the file /search/. The manipulation with the input '%20or%201=1%20%23/words.html leads to sql injection. Remo… | |||
| CVE-2025-10106 | high | 8.8 | 8.8 | 9mo ago | A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The… |