CVEs from 2025
Total
8,956
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.3%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7756 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to… | |||
| CVE-2025-7625 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download… | |||
| CVE-2025-7579 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular… | |||
| CVE-2025-7567 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type le… | |||
| CVE-2025-7488 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the f… | |||
| CVE-2025-7078 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-29001 | medium | 4.3 | 4.3 | 11mo ago | Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: … | |||
| CVE-2025-6951 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default cred… | |||
| CVE-2025-6866 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argum… | |||
| CVE-2025-6865 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request f… | |||
| CVE-2025-6864 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to … | |||
| CVE-2025-6854 | medium | 4.3 | 4.3 | 11mo ago | Langchain-Chatchat vulnerable to path traversal | |||
| CVE-2025-6664 | medium | 4.3 | 4.3 | 1y ago | A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forger… | |||
| CVE-2025-6552 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of … | |||
| CVE-2025-6532 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint… | |||
| CVE-2025-6531 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The mani… | |||
| CVE-2025-6528 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP … | |||
| CVE-2025-6525 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handl… | |||
| CVE-2025-6478 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site requ… | |||
| CVE-2025-6476 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It… | |||
| CVE-2025-6453 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. Th… | |||
| CVE-2025-49982 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: f… | |||
| CVE-2025-49977 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <… | |||
| CVE-2025-6341 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-6284 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The … | |||
| CVE-2025-6268 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads… | |||
| CVE-2025-6109 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/… | |||
| CVE-2025-6106 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to c… | |||
| CVE-2025-6092 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the comp… | |||
| CVE-2025-5885 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. Th… | |||
| CVE-2025-5880 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument f… | |||
| CVE-2025-5766 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The … | |||
| CVE-2025-29005 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: … | |||
| CVE-2025-27359 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n… | |||
| CVE-2025-5714 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Info… | |||
| CVE-2025-46257 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0. | |||
| CVE-2025-4476 | medium | 4.3 | 4.3 | 1y ago | A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a spe… | |||
| CVE-2025-31639 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7. | |||
| CVE-2025-31068 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4. | |||
| CVE-2025-47594 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5. | |||
| CVE-2025-30965 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a. | |||
| CVE-2025-32227 | medium | 4.3 | 4.3 | 1y ago | Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0. | |||
| CVE-2025-32276 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02. | |||
| CVE-2025-31808 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1. | |||
| CVE-2025-31602 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. | |||
| CVE-2025-31544 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit Fo… | |||
| CVE-2025-26925 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3. | |||
| CVE-2025-26948 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||
| CVE-2025-24744 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. | |||
| CVE-2025-24653 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhanc… | |||
| CVE-2025-24625 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2025-22319 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | |||
| CVE-2025-62439 | medium | 4.2 | 4.2 | 4mo ago | An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, For… | |||
| CVE-2025-11644 | medium | 4.2 | 4.2 | 8mo ago | A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure s… | |||
| CVE-2025-0876 | medium | 4.1 | 4.1 | 8mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site … | |||
| CVE-2025-9796 | medium | 4.1 | 4.1 | 9mo ago | A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results i… | |||
| CVE-2025-6849 | medium | 4.1 | 4.1 | 11mo ago | A vulnerability, which was classified as problematic, was found in code-projects Simple Forum 1.0. Affected is an unknown function of the file /forum_edit1.php. The manipulation of the argument text … | |||
| CVE-2025-6699 | medium | 4.1 | 4.1 | 1y ago | A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro … | |||
| CVE-2025-6698 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of th… | |||
| CVE-2025-6697 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrad… | |||
| CVE-2025-6696 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cada… | |||
| CVE-2025-6695 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Ad… | |||
| CVE-2025-6694 | medium | 4.1 | 4.1 | 1y ago | A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Ad… | |||
| CVE-2025-5886 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post l… | |||
| CVE-2025-9820 | medium | 4.0 | 4.0 | 3mo ago | RHSA-2026:5585: gnutls security update (Moderate) | |||
| CVE-2025-69418 | medium | 4.0 | 4.0 | 4mo ago | Important: openssl security update | |||
| CVE-2025-11650 | medium | 4.0 | 4.0 | 8mo ago | A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can l… | |||
| CVE-2025-6139 | low | 3.9 | 3.9 | 1y ago | A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulatio… | |||
| CVE-2025-12656 | low | 3.8 | 3.8 | 2d ago | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si… | |||
| CVE-2025-69015 | low | 3.8 | 3.8 | 5mo ago | Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: fro… | |||
| CVE-2025-58009 | low | 3.8 | 3.8 | 9mo ago | Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Mu… | |||
| CVE-2025-15603 | low | 3.7 | 3.7 | 3mo ago | A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the… | |||
| CVE-2025-15244 | low | 3.7 | 3.7 | 5mo ago | A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated … | |||
| CVE-2025-15151 | low | 3.7 | 3.7 | 5mo ago | A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/pass… | |||
| CVE-2025-15108 | low | 3.7 | 3.7 | 5mo ago | A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipu… | |||
| CVE-2025-15005 | low | 3.7 | 3.7 | 6mo ago | A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_… | |||
| CVE-2025-14955 | low | 3.7 | 3.7 | 6mo ago | A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation r… | |||
| CVE-2025-14697 | low | 3.7 | 3.7 | 6mo ago | A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles… | |||
| CVE-2025-14651 | low | 3.7 | 3.7 | 6mo ago | A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use… | |||
| CVE-2025-14636 | low | 3.7 | 3.7 | 6mo ago | A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the … | |||
| CVE-2025-13805 | low | 3.7 | 3.7 | 6mo ago | NutzBoot vulnerable to deserialization | |||
| CVE-2025-12919 | low | 3.7 | 3.7 | 7mo ago | EverShop is vulnerable to Unauthorized Order Information Access (IDOR) | |||
| CVE-2025-12854 | low | 3.7 | 3.7 | 7mo ago | A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to… | |||
| CVE-2025-61748 | low | 3.7 | 3.7 | 8mo ago | RHSA-2025:18824: java-21-openjdk security update (Moderate) | |||
| CVE-2025-11441 | low | 3.7 | 3.7 | 8mo ago | A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads… | |||
| CVE-2025-11322 | low | 3.7 | 3.7 | 8mo ago | NovoSGA: Manipulation of User Creation Page can lead to weak password requirements | |||
| CVE-2025-11280 | low | 3.7 | 3.7 | 8mo ago | A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be… | |||
| CVE-2025-10776 | low | 3.7 | 3.7 | 9mo ago | A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sen… | |||
| CVE-2025-10761 | low | 3.7 | 3.7 | 9mo ago | A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive… | |||
| CVE-2025-10671 | low | 3.7 | 3.7 | 9mo ago | A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\… | |||
| CVE-2025-10423 | low | 3.7 | 3.7 | 9mo ago | A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely… | |||
| CVE-2025-7039 | low | 3.7 | 3.7 | 9mo ago | A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temp… | |||
| CVE-2025-9401 | low | 3.7 | 3.7 | 10mo ago | A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument … | |||
| CVE-2025-9109 | low | 3.7 | 3.7 | 10mo ago | A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpo… | |||
| CVE-2025-9005 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible … | |||
| CVE-2025-8927 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulati… | |||
| CVE-2025-8549 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.… | |||
| CVE-2025-8548 | low | 3.7 | 3.7 | 10mo ago | A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiCon… | |||
| CVE-2025-8515 | low | 3.7 | 3.7 | 10mo ago | A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to i… | |||
| CVE-2025-8283 | low | 3.7 | 3.7 | 10mo ago | Netavark Has Possible DNS Resolve Confusion |