CVEs from 2025
Total
8,951
critical
critical 1,361
high
high 2,043
medium
medium 2,040
low
low 203
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15620 | high | 8.6 | 8.6 | 2mo ago | HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected de… | |||
| CVE-2025-69347 | high | 8.6 | 8.6 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP… | |||
| CVE-2025-69063 | high | 8.6 | 8.6 | 4mo ago | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n… | |||
| CVE-2025-7631 | high | 8.6 | 8.6 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. … | |||
| CVE-2025-7799 | high | 8.6 | 8.6 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. E-Taxpayer Accounting Website allows Reflected XSS. T… | |||
| CVE-2025-6397 | high | 8.6 | 8.6 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS. This issue affects W… | |||
| CVE-2025-8587 | high | 8.6 | 8.6 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection. This issue aff… | |||
| CVE-2025-4686 | high | 8.6 | 8.6 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Asses… | |||
| CVE-2025-69097 | high | 8.6 | 8.6 | 4mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9… | |||
| CVE-2025-63680 | high | 8.6 | 8.6 | 7mo ago | Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code… | |||
| CVE-2025-49916 | high | 8.6 | 8.6 | 8mo ago | Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a … | |||
| CVE-2025-11343 | high | 8.6 | 8.6 | 8mo ago | A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql inject… | |||
| CVE-2025-10449 | high | 8.6 | 8.6 | 8mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Say… | |||
| CVE-2025-10438 | high | 8.6 | 8.6 | 8mo ago | Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal. This issue a… | |||
| CVE-2025-5260 | high | 8.6 | 8.6 | 10mo ago | Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5. | |||
| CVE-2025-49448 | high | 8.6 | 8.6 | 11mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0… | |||
| CVE-2025-1026 | high | 8.6 | 8.6 | 1y ago | Browsershot Local File Inclusion | |||
| CVE-2025-69180 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra … | |||
| CVE-2025-49050 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect… | |||
| CVE-2025-49049 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Galle… | |||
| CVE-2025-31044 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a throu… | |||
| CVE-2025-30628 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL I… | |||
| CVE-2025-28949 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affect… | |||
| CVE-2025-49378 | high | 8.5 | 8.5 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from … | |||
| CVE-2025-48091 | high | 8.5 | 8.5 | 8mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a thro… | |||
| CVE-2025-49406 | high | 8.5 | 8.5 | 10mo ago | Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1. | |||
| CVE-2025-32574 | high | 8.5 | 8.5 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | |||
| CVE-2025-30562 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This … | |||
| CVE-2025-47651 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global:… | |||
| CVE-2025-47575 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a t… | |||
| CVE-2025-32573 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1… | |||
| CVE-2025-26976 | high | 8.5 | 8.5 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <=… | |||
| CVE-2025-11130 | high | 8.4 | 8.4 | 8mo ago | A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This … | |||
| CVE-2025-10906 | high | 8.4 | 8.4 | 8mo ago | A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/… | |||
| CVE-2025-48581 | high | 8.4 | 8.4 | 9mo ago | In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional exec… | |||
| CVE-2025-49697 | high | 8.4 | 8.4 | 11mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49696 | high | 8.4 | 8.4 | 11mo ago | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49695 | high | 8.4 | 8.4 | 11mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47953 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47167 | high | 8.4 | 8.4 | 1y ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47164 | high | 8.4 | 8.4 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47162 | high | 8.4 | 8.4 | 1y ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-5088 | high | 8.3 | 8.3 | 3h ago | An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on… | |||
| CVE-2025-40946 | high | 8.3 | 8.3 | 24d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version… | |||
| CVE-2025-67888 | high | 7.3 | 8.3 | 29d ago | An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized bef… | |||
| CVE-2025-14341 | high | 8.3 | 8.3 | 29d ago | Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDri… | |||
| CVE-2025-13779 | high | 8.3 | 8.3 | 3mo ago | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-13777 | high | 8.3 | 8.3 | 3mo ago | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | |||
| CVE-2025-10174 | high | 8.3 | 8.3 | 4mo ago | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding. This issue affects PanCafe Pro: from < 3.3.2 through 230920… | |||
| CVE-2025-10913 | high | 8.3 | 8.3 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XS… | |||
| CVE-2025-26969 | high | 8.3 | 8.3 | 1y ago | Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | |||
| CVE-2025-69755 | high | 8.2 | 8.2 | 1d ago | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface | |||
| CVE-2025-3633 | high | 8.2 | 8.2 | 9d ago | IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to … | |||
| CVE-2025-26483 | high | 8.2 | 8.2 | 14d ago | Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application … | |||
| CVE-2025-52644 | high | 8.2 | 8.2 | 3mo ago | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could… | |||
| CVE-2025-13002 | high | 8.2 | 8.2 | 4mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (… | |||
| CVE-2025-9986 | high | 8.2 | 8.2 | 4mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: throu… | |||
| CVE-2025-67956 | high | 8.2 | 8.2 | 4mo ago | Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from… | |||
| CVE-2025-68696 | high | 8.2 | 8.2 | 6mo ago | httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to interna… | |||
| CVE-2025-11151 | high | 8.2 | 8.2 | 8mo ago | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and T… | |||
| CVE-2025-32988 | high | 8.2 | 8.2 | 9mo ago | RHSA-2025:17415: gnutls security, bug fix, and enhancement update (Moderate) | |||
| CVE-2025-8518 | high | 7.2 | 8.2 | 10mo ago | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. … | |||
| CVE-2025-8020 | high | 8.2 | 8.2 | 11mo ago | private-ip vulnerable to Server-Side Request Forgery | |||
| CVE-2025-39536 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through … | |||
| CVE-2025-39350 | high | 8.2 | 8.2 | 1y ago | Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | |||
| CVE-2025-32119 | high | 8.2 | 8.2 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects… | |||
| CVE-2025-3192 | high | 8.2 | 8.2 | 1y ago | Browsershot Server-Side Request Forgery (SSRF) via setURL() Function | |||
| CVE-2025-1022 | high | 8.2 | 8.2 | 1y ago | Browsershot Path Traversal | |||
| CVE-2025-59874 | high | 8.1 | 8.1 | 1d ago | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v… | |||
| CVE-2025-69369 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racqu… | |||
| CVE-2025-68886 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Coo… | |||
| CVE-2025-58897 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fer… | |||
| CVE-2025-58707 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: fr… | |||
| CVE-2025-58705 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti… | |||
| CVE-2025-53440 | high | 8.1 | 8.1 | 3d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Con… | |||
| CVE-2025-66467 | high | 8.1 | 8.1 | 28d ago | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th… | |||
| CVE-2025-66172 | high | 8.1 | 8.1 | 28d ago | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… | |||
| CVE-2025-67796 | high | 8.1 | 8.1 | 1mo ago | IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users | |||
| CVE-2025-40897 | high | 8.1 | 8.1 | 2mo ago | An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… | |||
| CVE-2025-12805 | high | 8.1 | 8.1 | 2mo ago | A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, … | |||
| CVE-2025-70614 | high | 8.1 | 8.1 | 3mo ago | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to… | |||
| CVE-2025-15582 | high | 8.1 | 8.1 | 4mo ago | A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the ar… | |||
| CVE-2025-69043 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rash… | |||
| CVE-2025-69042 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lind… | |||
| CVE-2025-69040 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfre… | |||
| CVE-2025-69039 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Ba… | |||
| CVE-2025-49994 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athe… | |||
| CVE-2025-10856 | high | 8.1 | 8.1 | 4mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection. This issue affects Teknoera: through 01102025. | |||
| CVE-2025-14359 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine allows PHP Local File Inclusion. This issue affects Osh… | |||
| CVE-2025-32304 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH:… | |||
| CVE-2025-15398 | high | 8.1 | 8.1 | 5mo ago | A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. S… | |||
| CVE-2025-69034 | high | 8.1 | 8.1 | 5mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects… | |||
| CVE-2025-15107 | high | 8.1 | 8.1 | 5mo ago | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle | |||
| CVE-2025-15085 | high | 8.1 | 8.1 | 5mo ago | A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/Membe… | |||
| CVE-2025-58052 | high | 8.1 | 8.1 | 6mo ago | Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictio… | |||
| CVE-2025-14909 | high | 8.1 | 8.1 | 6mo ago | A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jee… | |||
| CVE-2025-14908 | high | 8.1 | 8.1 | 6mo ago | A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/s… | |||
| CVE-2025-58950 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lio… | |||
| CVE-2025-58949 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spo… | |||
| CVE-2025-58948 | high | 8.1 | 8.1 | 6mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue aff… |