CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-11246 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific pe... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-13761 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the c... | 8.0 | HIGH | — | 0 |
| CVE-2025-13772 GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utili... | 7.1 | HIGH | — | 0 |
| CVE-2025-13781 GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-3950 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by ... | 3.5 | LOW | — | 0 |
| CVE-2025-64090 This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-64091 This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | 8.6 | HIGH | — | 0 |
| CVE-2025-64092 This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | 7.5 | HIGH | — | 0 |
| CVE-2025-64093 Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-9222 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve sto... | 8.7 | HIGH | — | 0 |
| CVE-2025-14598 BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15492 A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-46643 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through... | 2.3 | LOW | — | 0 |
| CVE-2025-46644 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-46676 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through... | 2.7 | LOW | — | 0 |
| CVE-2025-56225 fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. | 7.5 | HIGH | — | 0 |
| CVE-2025-67133 An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component | 7.5 | HIGH | — | 0 |
| CVE-2025-55250 HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. | 1.8 | LOW | — | 0 |
| CVE-2025-67278 An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67279 An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67280 In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive da... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-67281 In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-67282 In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other us... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-0803 A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-0817 Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0492 SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could ... | 8.8 | HIGH | — | 0 |
| CVE-2025-15493 A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15494 A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to s... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15495 A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-46645 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67004 ** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-69542 A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname par... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70161 EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66715 A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67810 In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254)... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67811 Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulti... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-51626 SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60538 A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15499 A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation... | 8.8 | HIGH | — | 0 |
| CVE-2025-15500 A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HT... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22584 Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS:... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15501 A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipu... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59057 React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta()/<Meta> API... | 7.6 | HIGH | — | 0 |
| CVE-2025-61686 React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorag... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-13774 A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. | 8.8 | HIGH | — | 0 |
| CVE-2025-68470 React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navig... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21884 React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Frame... | 8.2 | HIGH | — | 0 |
| CVE-2026-22029 React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from l... | 8.0 | HIGH | — | 0 |
| CVE-2026-22030 React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document PO... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.