| CVE-2025-13191 |
D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow |
15.11.2025 |
|
| CVE-2025-12849 |
Contest Gallery <= 28.0.2 - Missing Authorization |
15.11.2025 |
5.3 |
| CVE-2025-13190 |
D-Link DIR-816L __ajax_exporer.sgi scandir_main stack-based overflow |
15.11.2025 |
|
| CVE-2025-13189 |
D-Link DIR-816L gena.cgi genacgi_main stack-based overflow |
15.11.2025 |
|
| CVE-2025-12494 |
Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move |
15.11.2025 |
4.3 |
| CVE-2025-12847 |
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion |
15.11.2025 |
4.3 |
| CVE-2025-8994 |
WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' |
15.11.2025 |
6.5 |
| CVE-2025-65064 |
|
15.11.2025 |
|
| CVE-2025-65065 |
|
15.11.2025 |
|
| CVE-2025-65066 |
|
15.11.2025 |
|
| CVE-2025-65067 |
|
15.11.2025 |
|
| CVE-2025-65068 |
|
15.11.2025 |
|
| CVE-2025-65069 |
|
15.11.2025 |
|
| CVE-2025-65070 |
|
15.11.2025 |
|
| CVE-2025-65071 |
|
15.11.2025 |
|
| CVE-2025-65072 |
|
15.11.2025 |
|
| CVE-2025-12182 |
Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize |
15.11.2025 |
4.3 |
| CVE-2025-8386 |
AVEVA Application Server IDE Basic Cross-site Scripting |
14.11.2025 |
6.9 |
| CVE-2025-9317 |
AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm |
14.11.2025 |
8.4 |
| CVE-2025-64308 |
Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials |
14.11.2025 |
7.5 |
| CVE-2025-64309 |
Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials |
14.11.2025 |
8.6 |
| CVE-2025-64307 |
Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function |
14.11.2025 |
6.5 |
| CVE-2025-55034 |
General Industrial Controls Lynx+ Gateway Weak Password Requirements |
14.11.2025 |
8.2 |
| CVE-2025-58083 |
General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function |
14.11.2025 |
10 |
| CVE-2025-59780 |
General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function |
14.11.2025 |
7.5 |
| CVE-2025-62765 |
General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information |
14.11.2025 |
7.5 |
| CVE-2016-15056 |
Ubee EVW3226 Unauthenticated Backup File Disclosure |
14.11.2025 |
|
| CVE-2018-25125 |
Netis DL4322D RTK 2.1.1 FTP Service DoS |
14.11.2025 |
|
| CVE-2021-4465 |
ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS |
14.11.2025 |
|
| CVE-2021-4466 |
IPCop <= 2.1.9 Authenticated RCE |
14.11.2025 |
|
| CVE-2021-4467 |
Positive Technologies MaxPatrol 8 & XSpider Remote DoS |
14.11.2025 |
|
| CVE-2021-4468 |
PLANEX CS-QP50F-ING2 Smart Camera Remote Configuration Disclosure |
14.11.2025 |
|
| CVE-2021-4469 |
Denver SHO-110 IP Camera Unauthenticated Snapshot Access |
14.11.2025 |
|
| CVE-2021-4470 |
TG8 Firewall Unauthenticated RCE via runphpcmd.php |
14.11.2025 |
|
| CVE-2021-4471 |
TG8 Firewall Unauthenticated User Password Disclosure |
14.11.2025 |
|
| CVE-2022-4985 |
Vodafone H500s WiFi Password Disclosure via activation.json |
14.11.2025 |
|
| CVE-2023-7328 |
Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure |
14.11.2025 |
|
| CVE-2025-13188 |
D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow |
14.11.2025 |
|
| CVE-2025-1256 |
|
14.11.2025 |
|
| CVE-2025-13187 |
Intelbras ICIP acessodeusuario.xml credentials storage |
14.11.2025 |
|
| CVE-2025-13186 |
Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting |
14.11.2025 |
|
| CVE-2025-13185 |
Bdtask/CodeCanyon News365 profile unrestricted upload |
14.11.2025 |
|
| CVE-2025-63745 |
|
14.11.2025 |
|
| CVE-2025-13182 |
pojoin h3blog addtitle cross site scripting |
14.11.2025 |
|
| CVE-2025-63744 |
|
14.11.2025 |
|
| CVE-2025-64084 |
|
14.11.2025 |
|
| CVE-2025-63891 |
|
14.11.2025 |
|
| CVE-2025-13181 |
pojoin h3blog add cross site scripting |
14.11.2025 |
|
| CVE-2025-63701 |
|
14.11.2025 |
|
| CVE-2025-13033 |
Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict |
14.11.2025 |
|
| CVE-2025-13179 |
Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery |
14.11.2025 |
|
| CVE-2025-13180 |
Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System edit_profile cross site scripting |
14.11.2025 |
|
| CVE-2025-12187 |
|
14.11.2025 |
|
| CVE-2025-13177 |
Bdtask/CodeCanyon SalesERP cross-site request forgery |
14.11.2025 |
|
| CVE-2025-13178 |
Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting |
14.11.2025 |
|
| CVE-2025-63291 |
|
14.11.2025 |
|
| CVE-2025-13174 |
rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery |
14.11.2025 |
|
| CVE-2025-63680 |
|
14.11.2025 |
|
| CVE-2025-13172 |
CodeAstro Gym Management System view-member-report.php sql injection |
14.11.2025 |
|
| CVE-2025-63724 |
|
14.11.2025 |
|
| CVE-2025-4617 |
Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser |
14.11.2025 |
|
| CVE-2025-4618 |
Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser |
14.11.2025 |
|
| CVE-2025-54345 |
|
14.11.2025 |
|
| CVE-2025-54560 |
|
14.11.2025 |
|
| CVE-2025-54342 |
|
14.11.2025 |
|
| CVE-2025-54559 |
|
14.11.2025 |
|
| CVE-2025-63725 |
|
14.11.2025 |
|
| CVE-2025-54348 |
|
14.11.2025 |
|
| CVE-2025-54561 |
|
14.11.2025 |
|
| CVE-2025-54562 |
|
14.11.2025 |
|
| CVE-2025-13171 |
ZZCMS wangkan_list.php sql injection |
14.11.2025 |
|
| CVE-2025-4616 |
Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser |
14.11.2025 |
|
| CVE-2025-54340 |
|
14.11.2025 |
|
| CVE-2025-54343 |
|
14.11.2025 |
|
| CVE-2025-54346 |
|
14.11.2025 |
|
| CVE-2025-54339 |
|
14.11.2025 |
|
| CVE-2025-63830 |
|
14.11.2025 |
|
| CVE-2025-12897 |
|
14.11.2025 |
|
| CVE-2025-13204 |
CVE-2025-13204 |
14.11.2025 |
|
| CVE-2024-44639 |
|
14.11.2025 |
|
| CVE-2024-44640 |
|
14.11.2025 |
|
| CVE-2024-55016 |
|
14.11.2025 |
|
| CVE-2025-13170 |
code-projects Simple Online Hotel Reservation System edit_account.php sql injection |
14.11.2025 |
|
| CVE-2025-8870 |
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device. |
14.11.2025 |
4.9 |
| CVE-2024-44630 |
|
14.11.2025 |
|
| CVE-2025-64446 |
|
15.11.2025 |
9.1 |
| CVE-2024-44636 |
|
14.11.2025 |
|
| CVE-2024-44632 |
|
14.11.2025 |
|
| CVE-2024-44635 |
|
14.11.2025 |
|
| CVE-2024-42749 |
|
14.11.2025 |
|
| CVE-2024-44633 |
|
14.11.2025 |
|
| CVE-2025-13169 |
code-projects Simple Online Hotel Reservation System add_query_reserve.php sql injection |
14.11.2025 |
|
| CVE-2025-13168 |
ury-erp ury pos_extend.py overrided_past_order_list sql injection |
14.11.2025 |
|
| CVE-2024-21635 |
Memos Access Tokens Stay Valid after User Password Change |
14.11.2025 |
|
| CVE-2025-12149 |
Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents |
14.11.2025 |
|
| CVE-2025-11918 |
Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability |
14.11.2025 |
|
| CVE-2025-10018 |
Multiple Stored XSS in QuickCMS |
14.11.2025 |
|
| CVE-2025-9982 |
Hard-coded admin credentials in Quick.CMS |
14.11.2025 |
|
| CVE-2025-8855 |
2FA Expiry Bypass in Optimus Software's Brokerage Automation |
14.11.2025 |
8.1 |
| CVE-2025-11981 |
School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection |
14.11.2025 |
4.9 |