CVEs from 2025
Total
8,835
critical
critical 1,318
high
high 1,970
medium
medium 1,977
low
low 201
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58713 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during b… | |||
| CVE-2025-57854 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during buil… | |||
| CVE-2025-57853 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain … | |||
| CVE-2025-57847 | medium | 6.4 | 6.4 | 2mo ago | A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the bui… | |||
| CVE-2025-46256 | medium | 6.4 | 6.4 | 5mo ago | Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. | |||
| CVE-2025-12915 | medium | 6.4 | 6.4 | 7mo ago | A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack require… | |||
| CVE-2025-10370 | medium | 5.4 | 6.4 | 9mo ago | A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script le… | |||
| CVE-2025-9806 | medium | 6.4 | 6.4 | 9mo ago | A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with t… | |||
| CVE-2025-9382 | medium | 6.4 | 6.4 | 9mo ago | A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1_rf_test_config of the component Telnet Sevice. Executing manipulatio… | |||
| CVE-2025-8550 | medium | 5.4 | 6.4 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation o… | |||
| CVE-2025-8191 | medium | 5.4 | 6.4 | 10mo ago | A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The man… | |||
| CVE-2025-7213 | medium | 6.4 | 6.4 | 11mo ago | A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and t… | |||
| CVE-2025-5715 | medium | 6.4 | 6.4 | 1y ago | A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipula… | |||
| CVE-2025-0506 | medium | 6.4 | 6.4 | 1y ago | The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insuf… | |||
| CVE-2025-24606 | medium | 6.4 | 6.4 | 1y ago | Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client I… | |||
| CVE-2025-22346 | medium | 6.4 | 6.4 | 1y ago | Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 throu… | |||
| CVE-2025-67031 | medium | 6.3 | 6.3 | 20d ago | ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con… | |||
| CVE-2025-69443 | medium | 6.3 | 6.3 | 21d ago | Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all … | |||
| CVE-2025-65416 | medium | 6.3 | 6.3 | 24d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php. | |||
| CVE-2025-67886 | medium | 6.3 | 6.3 | 27d ago | Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file… | |||
| CVE-2025-15597 | medium | 6.3 | 6.3 | 3mo ago | A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads… | |||
| CVE-2025-13004 | medium | 6.3 | 6.3 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Com… | |||
| CVE-2025-68029 | medium | 6.3 | 6.3 | 5mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wal… | |||
| CVE-2025-15453 | medium | 6.3 | 6.3 | 5mo ago | A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation … | |||
| CVE-2025-15450 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Su… | |||
| CVE-2025-15439 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulati… | |||
| CVE-2025-15246 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argum… | |||
| CVE-2025-15135 | medium | 6.3 | 6.3 | 5mo ago | A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Coo… | |||
| CVE-2025-15129 | medium | 6.3 | 6.3 | 5mo ago | A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler.… | |||
| CVE-2025-15098 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing … | |||
| CVE-2025-15088 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation o… | |||
| CVE-2025-15081 | medium | 6.3 | 6.3 | 5mo ago | A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. Th… | |||
| CVE-2025-14546 | medium | 6.3 | 6.3 | 6mo ago | FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation | |||
| CVE-2025-14889 | medium | 6.3 | 6.3 | 6mo ago | A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handle… | |||
| CVE-2025-14347 | medium | 6.3 | 6.3 | 6mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. OBS (Student Affairs Information System)0 allows Reflected XSS. This… | |||
| CVE-2025-14780 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of th… | |||
| CVE-2025-14695 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component … | |||
| CVE-2025-14568 | medium | 6.3 | 6.3 | 6mo ago | A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipu… | |||
| CVE-2025-14259 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id r… | |||
| CVE-2025-14208 | medium | 6.3 | 6.3 | 6mo ago | A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results… | |||
| CVE-2025-14204 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAut… | |||
| CVE-2025-14185 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulati… | |||
| CVE-2025-14184 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This m… | |||
| CVE-2025-14089 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipula… | |||
| CVE-2025-14088 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes impr… | |||
| CVE-2025-13949 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to… | |||
| CVE-2025-13875 | medium | 6.3 | 6.3 | 6mo ago | A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the comp… | |||
| CVE-2025-13796 | medium | 6.3 | 6.3 | 6mo ago | A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the componen… | |||
| CVE-2025-13588 | medium | 6.3 | 6.3 | 6mo ago | A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-s… | |||
| CVE-2025-13268 | medium | 6.3 | 6.3 | 7mo ago | A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java… | |||
| CVE-2025-13249 | medium | 6.3 | 6.3 | 7mo ago | A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface.… | |||
| CVE-2025-13246 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suis… | |||
| CVE-2025-13209 | medium | 6.3 | 6.3 | 7mo ago | A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPre… | |||
| CVE-2025-13208 | medium | 6.3 | 6.3 | 7mo ago | A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php.… | |||
| CVE-2025-13174 | medium | 6.3 | 6.3 | 7mo ago | A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component We… | |||
| CVE-2025-24848 | medium | 6.3 | 6.3 | 7mo ago | Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary w… | |||
| CVE-2025-12344 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such mani… | |||
| CVE-2025-12266 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Perfo… | |||
| CVE-2025-12249 | medium | 6.3 | 6.3 | 7mo ago | A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Tit… | |||
| CVE-2025-58970 | medium | 6.3 | 6.3 | 8mo ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through <= 1.6.… | |||
| CVE-2025-49377 | medium | 6.3 | 6.3 | 8mo ago | Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through … | |||
| CVE-2025-11649 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded … | |||
| CVE-2025-11606 | medium | 6.3 | 6.3 | 8mo ago | A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing ma… | |||
| CVE-2025-11445 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation r… | |||
| CVE-2025-11438 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing au… | |||
| CVE-2025-11320 | medium | 6.3 | 6.3 | 8mo ago | A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadControll… | |||
| CVE-2025-11319 | medium | 6.3 | 6.3 | 8mo ago | A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.p… | |||
| CVE-2025-11304 | medium | 6.3 | 6.3 | 8mo ago | A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross… | |||
| CVE-2025-11273 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument … | |||
| CVE-2025-10975 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server o… | |||
| CVE-2025-10974 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such … | |||
| CVE-2025-10965 | medium | 6.3 | 6.3 | 8mo ago | A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation… | |||
| CVE-2025-10950 | medium | 6.3 | 6.3 | 8mo ago | A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. … | |||
| CVE-2025-10787 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL… | |||
| CVE-2025-10777 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path travers… | |||
| CVE-2025-10763 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component… | |||
| CVE-2025-10762 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the… | |||
| CVE-2025-10760 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side… | |||
| CVE-2025-10755 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in u… | |||
| CVE-2025-10741 | medium | 6.3 | 6.3 | 9mo ago | A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument … | |||
| CVE-2025-10669 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted uploa… | |||
| CVE-2025-10619 | medium | 6.3 | 6.3 | 9mo ago | @sequa-ai/sequa-mcp has Command Injection vulnerability | |||
| CVE-2025-10441 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. T… | |||
| CVE-2025-10440 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the … | |||
| CVE-2025-10433 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the arg… | |||
| CVE-2025-10399 | medium | 6.3 | 6.3 | 9mo ago | A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipul… | |||
| CVE-2025-10393 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes serve… | |||
| CVE-2025-10247 | medium | 6.3 | 6.3 | 9mo ago | A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access contro… | |||
| CVE-2025-10211 | medium | 6.3 | 6.3 | 9mo ago | A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument … | |||
| CVE-2025-10197 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservi… | |||
| CVE-2025-10121 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the… | |||
| CVE-2025-10086 | medium | 6.3 | 6.3 | 9mo ago | A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation c… | |||
| CVE-2025-10072 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper acce… | |||
| CVE-2025-10071 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access control… | |||
| CVE-2025-10070 | medium | 6.3 | 6.3 | 9mo ago | A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be… | |||
| CVE-2025-10013 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The a… | |||
| CVE-2025-9651 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results… | |||
| CVE-2025-9395 | medium | 6.3 | 6.3 | 9mo ago | A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery… | |||
| CVE-2025-9151 | medium | 6.3 | 6.3 | 10mo ago | A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /web_config/json/name/web. Performing man… | |||
| CVE-2025-9148 | medium | 6.3 | 6.3 | 10mo ago | A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component … |