CVEs from 2025
Total
8,818
critical
critical 1,314
high
high 1,959
medium
medium 1,968
low
low 200
% Critical
14.9%
% with KEV
2.1%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68121 | critical | 10.0 | 10.0 | 16d ago | RHSA-2026:22714: osbuild-composer security update (Important) | |||
| CVE-2025-15036 | critical | 10.0 | 10.0 | 2mo ago | MLFlow path traversal vulnerability | |||
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage… | |||
| CVE-2025-58963 | critical | 10.0 | 10.0 | 8mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | |||
| CVE-2025-10327 | critical | 9.8 | 10.0 | 9mo ago | A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulatio… | |||
| CVE-2025-54236 | critical | 9.1 | 10.0 | 9mo ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | |||
| CVE-2025-49410 | critical | 10.0 | 10.0 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through… | |||
| CVE-2025-49408 | critical | 10.0 | 10.0 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | |||
| CVE-2025-9090 | critical | 9.8 | 10.0 | 10mo ago | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injecti… | |||
| CVE-2025-8471 | critical | 9.8 | 10.0 | 10mo ago | A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulatio… | |||
| CVE-2025-49447 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |||
| CVE-2025-6095 | critical | 9.8 | 10.0 | 1y ago | A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument use… | |||
| CVE-2025-49113 | critical | — | 10.0 | 1y ago | RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/… | |||
| CVE-2025-4524 | critical | 9.8 | 10.0 | 1y ago | The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. … | |||
| CVE-2025-26776 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | |||
| CVE-2025-14771 | critical | 9.9 | 9.9 | 19h ago | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |||
| CVE-2025-48595 | high | 8.4 | 9.9 | 2d ago | Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation. | |||
| CVE-2025-69691 | critical | 9.9 | 9.9 | 27d ago | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally all… | |||
| CVE-2025-62718 | critical | 9.9 | 9.9 | 2mo ago | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback… | |||
| CVE-2025-30996 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify… | |||
| CVE-2025-31048 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | |||
| CVE-2025-68562 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | |||
| CVE-2025-31100 | critical | 9.9 | 9.9 | 9mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02… | |||
| CVE-2025-8795 | critical | 9.9 | 9.9 | 10mo ago | A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads… | |||
| CVE-2025-47663 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.… | |||
| CVE-2025-26892 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2. | |||
| CVE-2025-26872 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | |||
| CVE-2025-1782 | critical | 9.9 | 9.9 | 1y ago | In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an a… | |||
| CVE-2025-30841 | critical | 9.9 | 9.9 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown… | |||
| CVE-2025-53209 | critical | 9.8 | 9.8 | 2d ago | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |||
| CVE-2025-41277 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41276 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41275 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41274 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41273 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows… | |||
| CVE-2025-41272 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41270 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41269 | critical | 9.8 | 9.8 | 6d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-12686 | critical | 9.8 | 9.8 | 8d ago | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via … | |||
| CVE-2025-13392 | critical | 9.8 | 9.8 | 8d ago | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta… | |||
| CVE-2025-36220 | critical | 9.8 | 9.8 | 9d ago | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, … | |||
| CVE-2025-71211 | critical | 9.8 | 9.8 | 14d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in … | |||
| CVE-2025-71210 | critical | 9.8 | 9.8 | 14d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul… | |||
| CVE-2025-31973 | critical | 9.8 | 9.8 | 15d ago | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially i… | |||
| CVE-2025-33255 | critical | 9.8 | 9.8 | 15d ago | NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executio… | |||
| CVE-2025-11024 | critical | 9.8 | 9.8 | 21d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. Th… | |||
| CVE-2025-65719 | critical | 9.8 | 9.8 | 23d ago | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | |||
| CVE-2025-6577 | critical | 9.8 | 9.8 | 23d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss… | |||
| CVE-2025-14179 | critical | 9.8 | 9.8 | 25d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by… | |||
| CVE-2025-69599 | critical | 9.8 | 9.8 | 27d ago | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c… | |||
| CVE-2025-67887 | critical | 9.8 | 9.8 | 27d ago | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil… | |||
| CVE-2025-63704 | critical | 9.8 | 9.8 | 28d ago | query-parser-string is vulnerable to Prototype Pollution | |||
| CVE-2025-63703 | critical | 9.8 | 9.8 | 28d ago | parse-ini is vulnerable to Prototype Pollution in index.js() | |||
| CVE-2025-63706 | critical | 9.8 | 9.8 | 28d ago | next-npm-version is vulnerable to Command injection | |||
| CVE-2025-1978 | critical | 9.8 | 9.8 | 28d ago | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi… | |||
| CVE-2025-9661 | critical | 9.8 | 9.8 | 28d ago | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform On… | |||
| CVE-2025-59851 | critical | 9.8 | 9.8 | 29d ago | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and … | |||
| CVE-2025-13618 | critical | 9.8 | 9.8 | 1mo ago | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can regis… | |||
| CVE-2025-70067 | critical | 9.8 | 9.8 | 1mo ago | Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file… | |||
| CVE-2025-14320 | critical | 9.8 | 9.8 | 1mo ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo… | |||
| CVE-2025-71284 | critical | 9.8 | 9.8 | 1mo ago | Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in… | |||
| CVE-2025-13030 | critical | 9.8 | 9.8 | 1mo ago | django-mdeditor is Missing Authentication for Critical Function | |||
| CVE-2025-60889 | critical | 9.8 | 9.8 | 1mo ago | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. | |||
| CVE-2025-62373 | critical | 9.8 | 9.8 | 1mo ago | Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer | |||
| CVE-2025-15625 | critical | 9.8 | 9.8 | 2mo ago | Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | |||
| CVE-2025-65115 | critical | 9.8 | 9.8 | 2mo ago | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2… | |||
| CVE-2025-15379 | critical | 9.8 | 9.8 | 2mo ago | MLflow Command Injection vulnerability | |||
| CVE-2025-60237 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. | |||
| CVE-2025-60233 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | |||
| CVE-2025-70041 | critical | 9.8 | 9.8 | 3mo ago | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | |||
| CVE-2025-29165 | critical | 9.8 | 9.8 | 3mo ago | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | |||
| CVE-2025-62582 | critical | 9.8 | 9.8 | 5mo ago | Delta Electronics DIAView has multiple vulnerabilities. | |||
| CVE-2025-15503 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. … | |||
| CVE-2025-15502 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session.… | |||
| CVE-2025-15496 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack m… | |||
| CVE-2025-15493 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument… | |||
| CVE-2025-47552 | critical | 9.8 | 9.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | |||
| CVE-2025-39477 | critical | 9.8 | 9.8 | 5mo ago | Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8. | |||
| CVE-2025-15458 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to… | |||
| CVE-2025-15457 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a man… | |||
| CVE-2025-15436 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql inj… | |||
| CVE-2025-15435 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql inject… | |||
| CVE-2025-15434 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to lau… | |||
| CVE-2025-15425 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulatio… | |||
| CVE-2025-15424 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulat… | |||
| CVE-2025-15421 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the… | |||
| CVE-2025-15420 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. T… | |||
| CVE-2025-15410 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to… | |||
| CVE-2025-15409 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of … | |||
| CVE-2025-15408 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing a manipulation of the argument dre_title results … | |||
| CVE-2025-15407 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to… | |||
| CVE-2025-15391 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be … | |||
| CVE-2025-15357 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The a… | |||
| CVE-2025-15354 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can … | |||
| CVE-2025-15353 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument … | |||
| CVE-2025-15263 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Us… | |||
| CVE-2025-15257 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Inte… | |||
| CVE-2025-15256 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The mani… | |||
| CVE-2025-15247 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Su… | |||
| CVE-2025-15243 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injec… |