Vulnerabilities

  

CVE-2025-48071 | AcademySoftwareFoundation openexr up to 3.3.2 EXR File Parser heap-based overflow

A vulnerability was found in AcademySoftwareFoundation openexr up to 3.3.2. It has been declared as critical. Affected by this vulnerability

  

CVE-2025-48073 | AcademySoftwareFoundation openexr up to 3.3.2 EXR File Parser null pointer dereference

A vulnerability was found in AcademySoftwareFoundation openexr up to 3.3.2. It has been classified as problematic. Affected is an unknown

  

CVE-2025-53009 | MaterialX MTLX XML Parser stack-based overflow

A vulnerability classified as critical was found in MaterialX. This vulnerability affects unknown code of the component MTLX XML Parser.

  

CVE-2025-23289 | NVIDIA Omniverse Launcher on Windows/Linux log file

A vulnerability classified as problematic has been found in NVIDIA Omniverse Launcher on Windows/Linux. This affects an unknown part. The

  

CVE-2025-53011 | MaterialX MaterialXCore Shader Generation implGraphOutput null pointer dereference

A vulnerability, which was classified as problematic, has been found in MaterialX. This issue affects the function implGraphOutput of the

  

CVE-2025-53010 | MaterialX Material.cpp getShaderNodes null pointer dereference

A vulnerability, which was classified as problematic, was found in MaterialX. Affected is the function getShaderNodes of the file src/MaterialXCore/Material.cpp.

  

CVE-2025-8442 | code-projects Online Medicine Guide 1.0 /cussignup.php uname sql injection

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is

  

CVE-2025-8441 | code-projects Online Medicine Guide 1.0 /pharsignup.php phuname sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function

  

CVE-2025-50572 | Archer RSA Archer 6.11.00204.10014 csv injection (EUVD-2025-23301)

A vulnerability was found in Archer RSA Archer 6.11.00204.10014. It has been classified as critical. This affects an unknown part.

  

CVE-2025-8443 | code-projects Online Medicine Guide 1.0 /login.php uname sql injection

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some

  

CVE-2025-45770 | golang-jwt 5.4.3 inadequate encryption (EUVD-2025-23299)

A vulnerability was found in golang-jwt jwt 5.4.3. It has been declared as problematic. This vulnerability affects unknown code. The

  

CVE-2025-37108 | HPE Telco Service Activator up to 10.3.1 cross site scripting (EUVD-2025-23302)

A vulnerability was found in HPE Telco Service Activator up to 10.3.1. It has been rated as problematic. This issue

  

CVE-2025-37109 | HPE Telco Service Activator up to 10.3.1 cross site scripting

A vulnerability classified as problematic has been found in HPE Telco Service Activator up to 10.3.1. Affected is an unknown

  

CVE-2025-54834 | OPEXUS FOIAXpress Public Access Link 11.1.0 /App/CreateRequest.aspx observable response discrepancy

A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0 and classified as problematic. Affected by this issue is

  

CVE-2025-54833 | OPEXUS FOIAXpress Public Access Link 11.1.0 CAPTCHA excessive authentication (EUVD-2025-23291)

A vulnerability has been found in OPEXUS FOIAXpress Public Access Link 11.1.0 and classified as problematic. Affected by this vulnerability

  

CVE-2025-8426 | Marvell QConvergeConsole 5.5.0.78 compressConfigFiles path traversal (ZDI-25-733 / EUVD-2025-23297)

A vulnerability, which was classified as critical, was found in Marvell QConvergeConsole 5.5.0.78. Affected is the function compressConfigFiles. The manipulation

  

CVE-2025-51385 | D-Link DI-8200 16.07.26A1 yyxz_dlink_asp ID buffer overflow (EUVD-2025-23290)

A vulnerability was found in D-Link DI-8200 16.07.26A1. It has been declared as critical. This vulnerability affects the function yyxz_dlink_asp.

  

CVE-2025-51384 | D-Link DI-8200 16.07.26A1 ipsec_net_asp remot_ip buffer overflow

A vulnerability was found in D-Link DI-8200 16.07.26A1. It has been classified as critical. This affects the function ipsec_net_asp. The

  

CVE-2025-51503 | Microweber CMS 2.0 User Profile cross site scripting

A vulnerability classified as problematic was found in Microweber CMS 2.0. Affected by this vulnerability is an unknown functionality of

  

CVE-2025-51383 | D-Link DI-8200 16.07.26A1 ipsec_road_asp host_ip buffer overflow (EUVD-2025-23296)

A vulnerability classified as critical has been found in D-Link DI-8200 16.07.26A1. Affected is the function ipsec_road_asp. The manipulation of

  

CVE-2025-54832 | OPEXUS FOIAXpress Public Access Link 11.1.0 external control of assumed-immutable web parameter (EUVD-2025-23293)

A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0. It has been rated as problematic. This issue affects

  

CVE-2025-8286 | Güralp FMUS Series Seismic Monitoring Device Telnet-based Command Line Interface missing authentication (icsa-25-212-01)

A vulnerability, which was classified as critical, was found in Güralp FMUS Series Seismic Monitoring Device. This affects an unknown

  

CVE-2025-7646 | Plus Addons for Elementor Plugin up to 6.3.10 on WordPress cross site scripting

A vulnerability, which was classified as problematic, has been found in Plus Addons for Elementor Plugin up to 6.3.10 on

  

CVE-2025-8434 | code-projects Online Movie Streaming 1.0 /admin.php ID authorization

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown

  

CVE-2025-8433 | code-projects Document Management System 1.0 /dell.php unlink ID path traversal

A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink

  

CVE-2025-8431 | PHPGurukul Boat Booking System 1.0 /admin/add-boat.php boatname sql injection

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code

  

CVE-2025-8435 | code-projects Online Movie Streaming 1.0 /admin-control.php ID authorization

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability

  

CVE-2025-8436 | projectworlds Online Admission System 1.0 /viewdoc.php ID sql injection

A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue

  

CVE-2025-8438 | code-projects Wazifa System 1.0 postpublish.php post sql injection

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file

  

CVE-2025-8437 | code-projects Kitchen Treasure 1.0 /userregistration.php email sql injection

A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the

  

CVE-2025-8439 | code-projects Wazifa System 1.0 updatesettings.php Password sql injection

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown

  

CVE-2025-50867 | CloudClassroom-PHP-Project 1.0/2.php POST Parameter takeassessment2.php Q5 sql injection

A vulnerability, which was classified as critical, has been found in CloudClassroom-PHP-Project 1.0/2.php. Affected by this issue is some unknown

  

CVE-2025-50850 | CS Cart 4.18.3 Captcha excessive authentication

A vulnerability classified as problematic was found in CS Cart 4.18.3. Affected by this vulnerability is an unknown functionality of

  

CVE-2024-34327 | Sielox AnyWare 2.1.2 Password Reset email address sql injection

A vulnerability has been found in Sielox AnyWare 2.1.2 and classified as critical. This vulnerability affects unknown code of the

  

CVE-2025-29556 | ExaGrid EX10 up to 7.0.1.P08 API access control

A vulnerability, which was classified as critical, was found in ExaGrid EX10 up to 7.0.1.P08. This affects an unknown part

  

CVE-2025-50866 | CloudClassroom-PHP-Project 1.0 postquerypublic email cross site scripting

A vulnerability was found in CloudClassroom-PHP-Project 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown

  

CVE-2025-50847 | CS Cart 4.18.3 cross-site request forgery

A vulnerability was found in CS Cart 4.18.3. It has been classified as problematic. Affected is an unknown function. The

  

CVE-2025-50848 | CS Cart 4.18.3 File Upload cross site scripting

A vulnerability was found in CS Cart 4.18.3 and classified as problematic. This issue affects some unknown processing of the

  

CVE-2025-4523 | IDonate Plugin up to 2.0.0/2.1.9 on WordPress admin_donor_profile_view donor authorization

A vulnerability classified as problematic was found in IDonate Plugin up to 2.0.0/2.1.9 on WordPress. This vulnerability affects the function

  

CVE-2025-7845 | Stratum Plugin up to 1.6.0 on WordPress Google Maps Widget/Image Hotspot Widgets cross site scripting

A vulnerability classified as problematic has been found in Stratum Plugin up to 1.6.0 on WordPress. This affects an unknown

  

CVE-2025-7443 | BerqWP Plugin up to 2.2.42 on WordPress store_javascript_cache.php store_javascript_cache unrestricted upload

A vulnerability was found in BerqWP Plugin up to 2.2.42 on WordPress. It has been rated as critical. Affected by

  

CVE-2025-7725 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI Plugin cross site scripting

A vulnerability, which was classified as problematic, has been found in Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery

  

CVE-2013-10043 | Astium VoIP PBX up to 2.1-25399 RPM logon.php importcompany sql injection (Exploit 23831 / EDB-23831)

A vulnerability was found in Astium VoIP PBX up to 2.1-25399 RPM. It has been rated as critical. This issue

  

CVE-2025-46809 | SUSE Manager Server Module 4.3 log file

A vulnerability classified as problematic has been found in SUSE Container, Manager, Image SLES15-SP4-Manager-Server-4-3-BYOS, Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure, Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2, Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

  

CVE-2025-50475 | Russound MBX-PRE-D67F 3.1.6 Hostname os command injection

A vulnerability, which was classified as critical, was found in Russound MBX-PRE-D67F 3.1.6. This affects an unknown part. The manipulation

  

CVE-2013-10038 | TUFaT FlashChat up to 6.0.2/6.0.8 upload.php unrestricted upload (EDB-28709)

A vulnerability, which was classified as critical, has been found in TUFaT FlashChat up to 6.0.2/6.0.8. Affected by this issue

  

CVE-2013-10033 | Kimai 0.9.2.x db_restore.php dates sql injection (EDB-25606)

A vulnerability classified as critical was found in Kimai 0.9.2.x. Affected by this vulnerability is an unknown functionality of the

  

CVE-2013-10040 | ClipBucket up to 2.6 ofc_upload_image.php unrestricted upload

A vulnerability was found in ClipBucket up to 2.6 and classified as critical. This issue affects some unknown processing of

  

CVE-2014-125121 | Array Networks vAPV/vxAG 8.3.2.17 SSH Private Key /ca/bin/monitor.sh hard-coded credentials (EDB-32440)

A vulnerability has been found in Array Networks vAPV and vxAG 8.3.2.17 and classified as critical. This vulnerability affects unknown

  

CVE-2025-50849 | CS Cart up to 4.18.3 company_id resource injection

A vulnerability was found in CS Cart up to 4.18.3. It has been rated as problematic. Affected by this issue

  

CVE-2013-10034 | Kaseya KServer prior 6.3.0.2 uploadImage.asp filename unrestricted upload (EDB-29675)

A vulnerability was found in Kaseya KServer. It has been declared as critical. Affected by this vulnerability is an unknown

  

CVE-2025-52203 | DevaslanPHP project-management 1.2.4 Ticket Name cross site scripting

A vulnerability was found in DevaslanPHP project-management 1.2.4. It has been classified as problematic. Affected is an unknown function. The

  

CVE-2013-10039 | GestioIP IPAM up to up to 3.0 ip_checkhost.cgi ip os command injection

A vulnerability classified as critical was found in GestioIP IPAM up to up to 3.0. This vulnerability affects unknown code

  

CVE-2013-10036 | Beetel Teletech Connection Manager PCW_BTLINDV1.0.0B04 NetConfig.ini Username stack-based overflow (EDB-28969)

A vulnerability classified as critical has been found in Beetel Teletech Connection Manager PCW_BTLINDV1.0.0B04. This affects an unknown part of

  

CVE-2014-125125 | A10 AX Loadbalancer up to 2.6.1-GR1-P5/2.7.0 /xml/downloads filename path traversal (EDB-31261)

A vulnerability, which was classified as critical, was found in A10 AX Loadbalancer up to 2.6.1-GR1-P5/2.7.0. Affected is an unknown

  

CVE-2013-10042 | freeFTPd up to 1.0.10 PASS Command stack-based overflow (EDB-27747)

A vulnerability, which was classified as critical, has been found in freeFTPd up to 1.0.10. This issue affects some unknown

  

CVE-2025-51569 | LB-LINK BL-CPE300M 01.01.02P42U14_06 Web Interface goform_get_cmd_process cmd cross site scripting

A vulnerability was found in LB-LINK BL-CPE300M 01.01.02P42U14_06 and classified as problematic. Affected by this issue is some unknown functionality

  

CVE-2025-29557 | ExaGrid EX10 up to 7.0.1.P08 MailConfiguration API Endpoint access control

A vulnerability has been found in ExaGrid EX10 up to 7.0.1.P08 and classified as critical. Affected by this vulnerability is

  

CVE-2024-34328 | Sielox AnyWare 2.1.2 redirect

A vulnerability was found in Sielox AnyWare 2.1.2. It has been classified as problematic. This affects an unknown part. The

  

CVE-2025-5947 | Service Finder Bookings Plugin up to 6.0 on WordPress User Switch Cookie service_finder_switch_back improper authentication

A vulnerability was found in Service Finder Bookings Plugin up to 6.0 on WordPress. It has been rated as critical.

  

CVE-2025-5954 | Service Finder SMS System Plugin up to 2.0.0 on WordPress aonesms_fn_savedata_after_signup Remote Code Execution

A vulnerability was found in Service Finder SMS System Plugin up to 2.0.0 on WordPress. It has been declared as

  

CVE-2025-50460 | ms-swift up to 3.6.3 PyYAML deserialization

A vulnerability classified as critical has been found in ms-swift up to 3.6.3. Affected is an unknown function of the

  

freeSSHd 1.0.9 Denial of Service (DoS)

Topic: freeSSHd 1.0.9 Denial of Service (DoS) Risk: Medium Text:# Exploit Title: freeSSHd 1.0.9 – Denial of Service (DoS) #

  

White Star Software Protop 4.4.2-2024-11-27 Local File Inclusion

Topic: White Star Software Protop 4.4.2-2024-11-27 Local File Inclusion Risk: High Text:# Exploit Title: White Star Software Protop 4.4.2-2024-11-27 –

  

Ubuntu 14.04 LTS: USN-7684-3 Linux Kernel Important Fixes

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

SUSE: Java 11 OpenJDK Important Update for Vulnerabilities 2025:02563-1

* bsc#1246575 * bsc#1246580 * bsc#1246584 * bsc#1246595 * bsc#1246598LinuxSecurity – Security AdvisoriesRead More

  

SUSE: Rmt-server Important DoS Fix CVE-2025-46727 2025:02564-1

* bsc#1242893 * bsc#1242898 * bsc#1244166 Cross-References:LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 22.04 LTS: Advisory USN-7683-2 Linux Kernel Critical Threats

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 24.04 LTS: USN-7682-3 Linux Kernel Critical Network Vulnerability

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 16.04 LTS: Kernel Critical Update for System Compromise USN-7684-2

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 22.04 LTS USN-7683-3: Linux Kernel Critical Flaws in TTY and Network

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-40980 | UltimateFosters UltimatePOS 6.4; Query /products//edit Name cross site scripting

A vulnerability, which was classified as problematic, was found in UltimateFosters UltimatePOS 6.4;. This affects an unknown part of the

  

CVE-2025-41688 | MB Connect Line mbNET HW1/mbNET/mbNET.rokey LUA Sandbox improper isolation or compartmentalization (VDE-2025-065)

A vulnerability was found in MB Connect Line mbNET HW1, mbNET and mbNET.rokey and classified as critical. This issue affects

  

CVE-2025-2813 | Phoenix Contact AXL F BK PN TPS HTTP Service allocation of resources (VDE-2025-029)

A vulnerability has been found in Phoenix Contact AXL F BK PN TPS, AXL F BK PN TPS XC, AXL

  

CVE-2025-8192 | Android TV AppRestrictionsFragment.java TvSettings toctou

A vulnerability was found in Android TV and classified as problematic. Affected by this issue is the function TvSettings of

  

CVE-2025-54757 | Alfasado PowerCMS unrestricted upload

A vulnerability was found in Alfasado PowerCMS. It has been declared as critical. This vulnerability affects unknown code. The manipulation

  

CVE-2025-54752 | Alfasado PowerCMS csv injection

A vulnerability was found in Alfasado PowerCMS. It has been classified as critical. This affects an unknown part. The manipulation

  

CVE-2025-46359 | Alfasado PowerCMS Backup File path traversal

A vulnerability classified as critical was found in Alfasado PowerCMS. Affected by this vulnerability is an unknown functionality of the

  

CVE-2025-41396 | Alfasado PowerCMS path traversal

A vulnerability classified as critical has been found in Alfasado PowerCMS. Affected is an unknown function. The manipulation leads to

  

CVE-2025-36563 | Alfasado PowerCMS cross site scripting

A vulnerability was found in Alfasado PowerCMS. It has been rated as problematic. This issue affects some unknown processing. The

  

CVE-2025-41391 | Alfasado PowerCMS cross site scripting

A vulnerability, which was classified as problematic, has been found in Alfasado PowerCMS. Affected by this issue is some unknown

  

Fedora 42: libtiff Important Two Issues Resolved 2025-7d08872494

fix CVE-2025-8176: use after free in tiffmedian (rhbz#2383821) fix CVE-2025-8177: buffer oveflow in thumbnail setrow when processing malformed TIFF (rhbz#2383827)LinuxSecurity

  

CVE-2025-8408 | code-projects Vehicle Management 1.0 /filter1.php vehicle sql injection

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of

  

CVE-2025-8407 | code-projects Vehicle Management 1.0 /filter2.php from sql injection

A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown

  

CVE-2025-8409 | code-projects Vehicle Management 1.0 /filter.php from sql injection

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an

  

CVE-2025-36039 | IBM Aspera Faspex up to 5.0.12.1 client-side enforcement of server-side security

A vulnerability was found in IBM Aspera Faspex up to 5.0.12.1. It has been declared as problematic. This vulnerability affects

  

CVE-2025-54586 | finos git-proxy up to 1.19.1 information disclosure (GHSA-v98g-8rqx-g93g)

A vulnerability was found in finos git-proxy up to 1.19.1. It has been classified as problematic. This affects an unknown

  

CVE-2025-54585 | finos git-proxy up to 1.19.1 improper authorization (GHSA-39p2-8hq9-fwj6)

A vulnerability was found in finos git-proxy up to 1.19.1 and classified as critical. Affected by this issue is some

  

CVE-2025-49084 | Absolutee Security Secure Access up to 13.55 Management Console permission

A vulnerability classified as critical was found in Absolutee Security Secure Access up to 13.55. Affected by this vulnerability is

  

CVE-2025-49083 | Absolute Security Secure Access up to 13.55 Management Console deserialization

A vulnerability classified as problematic has been found in Absolute Security Secure Access up to 13.55. Affected is an unknown

  

CVE-2025-36040 | IBM Aspera Faspex up to 5.0.12.1 session expiration

A vulnerability was found in IBM Aspera Faspex up to 5.0.12.1. It has been rated as problematic. This issue affects

  

CVE-2025-54085 | Absolute Security Secure Access up to 13.55 Console permission

A vulnerability, which was classified as critical, was found in Absolute Security Secure Access up to 13.55. This affects an

  

CVE-2025-49082 | Absolute Security Secure Access up to 13.55 permission

A vulnerability, which was classified as critical, has been found in Absolute Security Secure Access up to 13.55. Affected by

  

CVE-2025-8068 | HT Mega Plugin up to 2.9.1 on WordPress ajax_trash_templates improper authorization

A vulnerability was found in HT Mega Plugin up to 2.9.1 on WordPress. It has been classified as critical. Affected

  

CVE-2025-8151 | HT Mega Plugin up to 2.9.1 on WordPress CSS File save_block_css path traversal

A vulnerability was found in HT Mega Plugin up to 2.9.1 on WordPress and classified as critical. This issue affects

  

CVE-2025-53558 | ZTE ZXHN-F660T/ZXHN-F660A prior 1.0.10P17N4 weak credentials (EUVD-2025-23239)

A vulnerability has been found in ZTE ZXHN-F660T and ZXHN-F660A and classified as very critical. This vulnerability affects unknown code.

  

CVE-2025-8401 | HT Mega Plugin up to 2.9.1 on WordPress get_post_data information disclosure

A vulnerability was found in HT Mega Plugin up to 2.9.1 on WordPress. It has been rated as problematic. Affected

  

CVE-2025-8213 | NinjaScanner Plugin up to 3.2.5 on WordPress nscan_ajax_quarantine denial of service

A vulnerability was found in NinjaScanner Plugin up to 3.2.5 on WordPress. It has been declared as problematic. Affected by

  

CVE-2025-3132 | Lorex 2K Indoor Wi-Fi Security Camera stack-based overflow

A vulnerability classified as critical was found in Lorex 2K Indoor Wi-Fi Security Camera. This vulnerability affects unknown code. The

  

CVE-2025-8389 | Lorex 2K Indoor Wi-Fi Security Camera array index

A vulnerability classified as critical has been found in Lorex 2K Indoor Wi-Fi Security Camera. This affects an unknown part.