CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-20242 A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This v... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-20246 A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. A... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-20247 A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. A... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-20250 A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. A... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-20255 A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerabili... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-20257 A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to ge... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-20258 A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-20267 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-25539 Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-45754 A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-4415 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-4416 Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 befo... | 7.5 | HIGH | β | 0 |
| CVE-2025-3481 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations ... | 7.8 | HIGH | β | 0 |
| CVE-2025-45529 An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEd... | 7.1 | HIGH | β | 0 |
| CVE-2025-3482 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations ... | 7.8 | HIGH | β | 0 |
| CVE-2025-3483 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations ... | 7.8 | HIGH | β | 0 |
| CVE-2025-3484 MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations ... | N/A | NONE | β | 0 |
| CVE-2025-4405 The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βlinkβ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and o... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-4419 The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-47181 Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | β | 0 |
| CVE-2025-5112 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow.... | 7.3 | HIGH | β | 0 |
| CVE-2025-4594 The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insuffi... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-5096 The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all ve... | 6.4 | MEDIUM | β | 0 |
| CVE-2008-6592 thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal s... | N/A | NONE | β | 0 |
| CVE-2025-5108 A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handle... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-32794 OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authe... | 7.6 | HIGH | β | 0 |
| CVE-2025-32967 OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-43860 OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authe... | 7.6 | HIGH | β | 0 |
| CVE-2008-6593 SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.p... | N/A | NONE | β | 0 |
| CVE-2008-6594 SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2025-25179 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | 7.8 | HIGH | β | 0 |
| CVE-2008-6595 SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2025-5128 A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. T... | 7.3 | HIGH | β | 0 |
| CVE-2025-5139 A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice3... | 5.6 | MEDIUM | β | 0 |
| CVE-2025-5145 A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the f... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-5058 The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and incl... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-35003 Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) t... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-5196 A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulatio... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-4683 The MStore API β Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-5221 A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handler. The manipulation leads to buffer overf... | 7.3 | HIGH | β | 0 |
| CVE-2025-26211 Gibbon before 29.0.00 allows CSRF. | 3.7 | LOW | β | 0 |
| CVE-2025-48827 vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-32722 Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-32724 Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-32725 Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-33050 Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-40592 A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Stu... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-33055 Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-33056 Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-33057 Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.