CVEs from 2025
Total
8,944
critical
critical 1,359
high
high 2,043
medium
medium 2,031
low
low 202
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68121 | critical | 10.0 | 10.0 | 18d ago | Unexpected session resumption in crypto/tls | |||
| CVE-2025-15036 | critical | 10.0 | 10.0 | 2mo ago | MLFlow path traversal vulnerability | |||
| CVE-2025-4320 | critical | 10.0 | 10.0 | 4mo ago | Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass… | |||
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage… | |||
| CVE-2025-58963 | critical | 10.0 | 10.0 | 8mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | |||
| CVE-2025-9846 | critical | 10.0 | 10.0 | 9mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.… | |||
| CVE-2025-9588 | critical | 10.0 | 10.0 | 9mo ago | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection. This issue affect… | |||
| CVE-2025-10327 | critical | 9.8 | 10.0 | 9mo ago | A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulatio… | |||
| CVE-2025-54236 | critical | 9.1 | 10.0 | 9mo ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | |||
| CVE-2025-49410 | critical | 10.0 | 10.0 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through… | |||
| CVE-2025-49408 | critical | 10.0 | 10.0 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | |||
| CVE-2025-9090 | critical | 9.8 | 10.0 | 10mo ago | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injecti… | |||
| CVE-2025-8471 | critical | 9.8 | 10.0 | 10mo ago | A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulatio… | |||
| CVE-2025-5243 | critical | 10.0 | 10.0 | 11mo ago | Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Cod… | |||
| CVE-2025-4285 | critical | 10.0 | 10.0 | 11mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: befo… | |||
| CVE-2025-4378 | critical | 10.0 | 10.0 | 1y ago | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This… | |||
| CVE-2025-49447 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |||
| CVE-2025-6095 | critical | 9.8 | 10.0 | 1y ago | A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument use… | |||
| CVE-2025-49113 | critical | — | 10.0 | 1y ago | RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/… | |||
| CVE-2025-4524 | critical | 9.8 | 10.0 | 1y ago | The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. … | |||
| CVE-2025-26776 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | |||
| CVE-2025-14771 | critical | 9.9 | 9.9 | 2d ago | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |||
| CVE-2025-48595 | high | 8.4 | 9.9 | 4d ago | Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation. | |||
| CVE-2025-69691 | critical | 9.9 | 9.9 | 28d ago | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally all… | |||
| CVE-2025-62718 | critical | 9.9 | 9.9 | 2mo ago | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback… | |||
| CVE-2025-30996 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify… | |||
| CVE-2025-31048 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | |||
| CVE-2025-68562 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | |||
| CVE-2025-31100 | critical | 9.9 | 9.9 | 9mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02… | |||
| CVE-2025-8795 | critical | 9.9 | 9.9 | 10mo ago | A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads… | |||
| CVE-2025-47663 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.… | |||
| CVE-2025-26892 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2. | |||
| CVE-2025-26872 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | |||
| CVE-2025-1782 | critical | 9.9 | 9.9 | 1y ago | In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an a… | |||
| CVE-2025-30841 | critical | 9.9 | 9.9 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown… | |||
| CVE-2025-71318 | critical | 9.8 | 9.8 | 17 min ago | NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html… | |||
| CVE-2025-71317 | critical | 9.8 | 9.8 | 17 min ago | NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/log… | |||
| CVE-2025-71316 | critical | 9.8 | 9.8 | 23h ago | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi… | |||
| CVE-2025-67447 | critical | 9.8 | 9.8 | 1d ago | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address … | |||
| CVE-2025-67446 | critical | 9.8 | 9.8 | 1d ago | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie… | |||
| CVE-2025-53209 | critical | 9.8 | 9.8 | 3d ago | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |||
| CVE-2025-41277 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41276 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41275 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41274 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41273 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows… | |||
| CVE-2025-41272 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41270 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41269 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-12686 | critical | 9.8 | 9.8 | 9d ago | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via … | |||
| CVE-2025-13392 | critical | 9.8 | 9.8 | 9d ago | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta… | |||
| CVE-2025-36220 | critical | 9.8 | 9.8 | 10d ago | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, … | |||
| CVE-2025-71211 | critical | 9.8 | 9.8 | 15d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in … | |||
| CVE-2025-71210 | critical | 9.8 | 9.8 | 15d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul… | |||
| CVE-2025-31973 | critical | 9.8 | 9.8 | 16d ago | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially i… | |||
| CVE-2025-33255 | critical | 9.8 | 9.8 | 17d ago | NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executio… | |||
| CVE-2025-11024 | critical | 9.8 | 9.8 | 22d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. Th… | |||
| CVE-2025-65719 | critical | 9.8 | 9.8 | 24d ago | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | |||
| CVE-2025-6577 | critical | 9.8 | 9.8 | 24d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss… | |||
| CVE-2025-14179 | critical | 9.8 | 9.8 | 27d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by… | |||
| CVE-2025-69599 | critical | 9.8 | 9.8 | 28d ago | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c… | |||
| CVE-2025-67887 | critical | 9.8 | 9.8 | 28d ago | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil… | |||
| CVE-2025-63704 | critical | 9.8 | 9.8 | 29d ago | query-parser-string is vulnerable to Prototype Pollution | |||
| CVE-2025-63703 | critical | 9.8 | 9.8 | 29d ago | parse-ini is vulnerable to Prototype Pollution in index.js() | |||
| CVE-2025-63706 | critical | 9.8 | 9.8 | 29d ago | next-npm-version is vulnerable to Command injection | |||
| CVE-2025-1978 | critical | 9.8 | 9.8 | 29d ago | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi… | |||
| CVE-2025-9661 | critical | 9.8 | 9.8 | 29d ago | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform On… | |||
| CVE-2025-59851 | critical | 9.8 | 9.8 | 1mo ago | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and … | |||
| CVE-2025-13618 | critical | 9.8 | 9.8 | 1mo ago | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can regis… | |||
| CVE-2025-70067 | critical | 9.8 | 9.8 | 1mo ago | Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file… | |||
| CVE-2025-14320 | critical | 9.8 | 9.8 | 1mo ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo… | |||
| CVE-2025-71284 | critical | 9.8 | 9.8 | 1mo ago | Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in… | |||
| CVE-2025-13030 | critical | 9.8 | 9.8 | 1mo ago | django-mdeditor is Missing Authentication for Critical Function | |||
| CVE-2025-60889 | critical | 9.8 | 9.8 | 1mo ago | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. | |||
| CVE-2025-62373 | critical | 9.8 | 9.8 | 1mo ago | Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer | |||
| CVE-2025-15625 | critical | 9.8 | 9.8 | 2mo ago | Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | |||
| CVE-2025-65115 | critical | 9.8 | 9.8 | 2mo ago | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2… | |||
| CVE-2025-15379 | critical | 9.8 | 9.8 | 2mo ago | MLflow Command Injection vulnerability | |||
| CVE-2025-60237 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. | |||
| CVE-2025-60233 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | |||
| CVE-2025-70041 | critical | 9.8 | 9.8 | 3mo ago | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | |||
| CVE-2025-29165 | critical | 9.8 | 9.8 | 3mo ago | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | |||
| CVE-2025-11252 | critical | 9.8 | 9.8 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affect… | |||
| CVE-2025-11251 | critical | 9.8 | 9.8 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue af… | |||
| CVE-2025-10970 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through … | |||
| CVE-2025-9953 | critical | 9.8 | 9.8 | 4mo ago | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Data… | |||
| CVE-2025-8350 | critical | 9.8 | 9.8 | 4mo ago | Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splittin… | |||
| CVE-2025-14014 | critical | 9.8 | 9.8 | 4mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality … | |||
| CVE-2025-10969 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This is… | |||
| CVE-2025-12059 | critical | 9.8 | 9.8 | 4mo ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access … | |||
| CVE-2025-8025 | critical | 9.8 | 9.8 | 4mo ago | Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This … | |||
| CVE-2025-11242 | critical | 9.8 | 9.8 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery. This issue affects Okulistik:… | |||
| CVE-2025-6830 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection. This issue affec… | |||
| CVE-2025-5329 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection. This issue affects Delta Co… | |||
| CVE-2025-5319 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Man… | |||
| CVE-2025-62582 | critical | 9.8 | 9.8 | 5mo ago | Delta Electronics DIAView has multiple vulnerabilities. | |||
| CVE-2025-62581 | critical | 9.8 | 9.8 | 5mo ago | Delta Electronics DIAView has multiple vulnerabilities. | |||
| CVE-2025-15503 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. … | |||
| CVE-2025-15502 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session.… | |||
| CVE-2025-15496 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack m… |