CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7756 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to… | |||
| CVE-2025-7625 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download… | |||
| CVE-2025-7579 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular… | |||
| CVE-2025-7567 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type le… | |||
| CVE-2025-7488 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the f… | |||
| CVE-2025-7078 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-29001 | medium | 4.3 | 4.3 | 11mo ago | Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: … | |||
| CVE-2025-6951 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default cred… | |||
| CVE-2025-6866 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forum_downloadfile.php. The manipulation of the argum… | |||
| CVE-2025-6865 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request f… | |||
| CVE-2025-6864 | medium | 4.3 | 4.3 | 11mo ago | A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to … | |||
| CVE-2025-6854 | medium | 4.3 | 4.3 | 11mo ago | Langchain-Chatchat vulnerable to path traversal | |||
| CVE-2025-6664 | medium | 4.3 | 4.3 | 1y ago | A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forger… | |||
| CVE-2025-6552 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of … | |||
| CVE-2025-6532 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint… | |||
| CVE-2025-6531 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The mani… | |||
| CVE-2025-6528 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP … | |||
| CVE-2025-6525 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handl… | |||
| CVE-2025-6478 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site requ… | |||
| CVE-2025-6476 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It… | |||
| CVE-2025-6453 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. Th… | |||
| CVE-2025-49982 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in aguilatechnologies WP Customer Area customer-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Customer Area: f… | |||
| CVE-2025-49977 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <… | |||
| CVE-2025-6341 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The… | |||
| CVE-2025-6284 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The … | |||
| CVE-2025-6268 | medium | 4.3 | 4.3 | 1y ago | A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads… | |||
| CVE-2025-6109 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/… | |||
| CVE-2025-6106 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to c… | |||
| CVE-2025-6092 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the comp… | |||
| CVE-2025-5885 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. Th… | |||
| CVE-2025-5880 | medium | 4.3 | 4.3 | 1y ago | A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument f… | |||
| CVE-2025-5766 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The … | |||
| CVE-2025-29005 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: … | |||
| CVE-2025-27359 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n… | |||
| CVE-2025-5714 | medium | 4.3 | 4.3 | 1y ago | A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Info… | |||
| CVE-2025-46257 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0. | |||
| CVE-2025-4476 | medium | 4.3 | 4.3 | 1y ago | A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a spe… | |||
| CVE-2025-31639 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7. | |||
| CVE-2025-31068 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4. | |||
| CVE-2025-47594 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5. | |||
| CVE-2025-30965 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a. | |||
| CVE-2025-32227 | medium | 4.3 | 4.3 | 1y ago | Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0. | |||
| CVE-2025-32276 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02. | |||
| CVE-2025-31808 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1. | |||
| CVE-2025-31602 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1. | |||
| CVE-2025-31544 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit Fo… | |||
| CVE-2025-26925 | medium | 4.3 | 4.3 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3. | |||
| CVE-2025-26948 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||
| CVE-2025-24744 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. | |||
| CVE-2025-24653 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhanc… | |||
| CVE-2025-24625 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access C… | |||
| CVE-2025-22319 | medium | 4.3 | 4.3 | 1y ago | Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | |||
| CVE-2025-62439 | medium | 4.2 | 4.2 | 4mo ago | An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, For… | |||
| CVE-2025-11644 | medium | 4.2 | 4.2 | 8mo ago | A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure s… | |||
| CVE-2025-0876 | medium | 4.1 | 4.1 | 8mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site … | |||
| CVE-2025-9796 | medium | 4.1 | 4.1 | 9mo ago | A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results i… | |||
| CVE-2025-6849 | medium | 4.1 | 4.1 | 11mo ago | A vulnerability, which was classified as problematic, was found in code-projects Simple Forum 1.0. Affected is an unknown function of the file /forum_edit1.php. The manipulation of the argument text … | |||
| CVE-2025-6699 | medium | 4.1 | 4.1 | 1y ago | A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro … | |||
| CVE-2025-6698 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of th… | |||
| CVE-2025-6697 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrad… | |||
| CVE-2025-6696 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cada… | |||
| CVE-2025-6695 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Ad… | |||
| CVE-2025-6694 | medium | 4.1 | 4.1 | 1y ago | A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Ad… | |||
| CVE-2025-5886 | medium | 4.1 | 4.1 | 1y ago | A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post l… | |||
| CVE-2025-9820 | medium | 4.0 | 4.0 | 3mo ago | RHSA-2026:5585: gnutls security update (Moderate) | |||
| CVE-2025-69418 | medium | 4.0 | 4.0 | 4mo ago | Important: openssl security update | |||
| CVE-2025-11650 | medium | 4.0 | 4.0 | 8mo ago | A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can l… | |||
| CVE-2025-40536 | unknown | — | 2.5 | 4mo ago | SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. | |||
| CVE-2025-64328 | unknown | — | 2.5 | 4mo ago | Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> c… | |||
| CVE-2025-40551 | unknown | — | 2.5 | 4mo ago | SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This c… | |||
| CVE-2025-52691 | unknown | — | 2.5 | 4mo ago | SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail s… | |||
| CVE-2025-37164 | unknown | — | 2.5 | 5mo ago | Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution. | |||
| CVE-2025-14847 | unknown | — | 2.5 | 5mo ago | MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by a… | |||
| CVE-2025-68613 | unknown | — | 2.5 | 6mo ago | n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. | |||
| CVE-2025-14611 | unknown | — | 2.5 | 6mo ago | Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoin… | |||
| CVE-2025-55182 | unknown | — | 2.5 | 6mo ago | Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Ser… | |||
| CVE-2025-58360 | unknown | — | 2.5 | 6mo ago | OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation… | |||
| CVE-2025-58034 | unknown | — | 2.5 | 7mo ago | Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI comman… | |||
| CVE-2025-64446 | unknown | — | 2.5 | 7mo ago | Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | |||
| CVE-2025-62215 | unknown | — | 2.5 | 7mo ago | Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could ena… | |||
| CVE-2025-11371 | unknown | — | 2.5 | 7mo ago | Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files. | |||
| CVE-2025-59287 | unknown | — | 2.5 | 8mo ago | Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. | |||
| CVE-2025-33073 | unknown | — | 2.5 | 8mo ago | Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the … | |||
| CVE-2025-61882 | unknown | — | 2.5 | 8mo ago | Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise O… | |||
| CVE-2025-32463 | unknown | — | 2.5 | 8mo ago | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | |||
| CVE-2025-57819 | unknown | — | 2.5 | 9mo ago | Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database… | |||
| CVE-2025-49706 | unknown | — | 2.5 | 11mo ago | Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view… | |||
| CVE-2025-49704 | unknown | — | 2.5 | 11mo ago | Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-… | |||
| CVE-2025-53770 | unknown | — | 2.5 | 11mo ago | Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could b… | |||
| CVE-2025-25257 | unknown | — | 2.5 | 11mo ago | Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | |||
| CVE-2025-47812 | unknown | — | 2.5 | 11mo ago | Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arb… | |||
| CVE-2025-5777 | unknown | — | 2.5 | 11mo ago | Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a… | |||
| CVE-2025-3248 | unknown | — | 2.5 | 1y ago | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. | |||
| CVE-2025-33053 | unknown | — | 2.5 | 1y ago | Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribut… | |||
| CVE-2025-32433 | unknown | — | 2.5 | 1y ago | Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially l… | |||
| CVE-2025-4427 | unknown | — | 2.5 | 1y ago | Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted… | |||
| CVE-2025-4428 | unknown | — | 2.5 | 1y ago | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. T… | |||
| CVE-2025-30397 | unknown | — | 2.5 | 1y ago | Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. | |||
| CVE-2025-32432 | unknown | — | 2.5 | 1y ago | Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. | |||
| CVE-2025-24016 | unknown | — | 2.5 | 1y ago | Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers. |