CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-49835 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py open_asr function. asr_inp_dir (and a number o... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49836 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py change_label function. path_list takes user in... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49837 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPre. The model_choose variable takes u... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49838 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable t... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53925 Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-49839 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in bsroformer.py. The model_choose variable takes us... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49840 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable tak... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49841 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in process_ckpt.py. The SoVITS_dropdown variable tak... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-6993 The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler r... | 7.5 | HIGH | — | 0 |
| CVE-2025-24511 Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via da... | 3.3 | LOW | — | 0 |
| CVE-2025-53926 Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via t... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53929 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` end... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53930 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_especie.php`... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53931 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_raca.php` en... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53932 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_adotante.p... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53933 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_enfermidade.... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-37105 An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | 7.5 | HIGH | — | 0 |
| CVE-2025-53934 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53935 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_sele... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53936 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_sele... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53937 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifica... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53938 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php... | 7.5 | HIGH | — | 0 |
| CVE-2025-20272 A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-36097 IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a... | 7.5 | HIGH | — | 0 |
| CVE-2025-53927 MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific dire... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-53928 MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issu... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-53946 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario`... | 8.8 | HIGH | — | 0 |
| CVE-2025-54058 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_fami... | 8.8 | HIGH | — | 0 |
| CVE-2025-54060 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_fami... | 8.8 | HIGH | — | 0 |
| CVE-2025-54061 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_fami... | 8.8 | HIGH | — | 0 |
| CVE-2025-54062 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionar... | 8.8 | HIGH | — | 0 |
| CVE-2023-41566 OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the backgroun... | 8.1 | HIGH | — | 0 |
| CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successf... | 9.0 | CRITICAL | — | 0 |
| CVE-2025-6230 A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-7755 A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation o... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7757 A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of th... | 7.3 | HIGH | — | 0 |
| CVE-2025-7764 A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2025-7765 A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.... | 7.3 | HIGH | — | 0 |
| CVE-2025-36005 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could ... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-7767 A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/edit-art-m... | 3.5 | LOW | — | 0 |
| CVE-2025-49484 A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application fe... | N/A | NONE | — | 0 |
| CVE-2025-7784 A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their pri... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-46732 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMu... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-54076 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54077 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54078 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54079 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/... | 8.8 | HIGH | — | 0 |
| CVE-2025-7791 A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The manipu... | 3.5 | LOW | — | 0 |
| CVE-2025-47158 Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-47995 Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.