CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-25428 TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 8.0 | HIGH | — | 0 |
| CVE-2025-25429 Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page. | 4.8 | MEDIUM | — | 0 |
| CVE-2025-1800 A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the compon... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-55532 Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-38311 Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1876 A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulat... | 7.3 | HIGH | — | 0 |
| CVE-2025-27370 OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a ... | 6.9 | MEDIUM | — | 0 |
| CVE-2025-27371 In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to au... | 6.9 | MEDIUM | — | 0 |
| CVE-2024-13685 The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the logi... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-50705 Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. | 7.1 | HIGH | — | 0 |
| CVE-2025-26091 A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by incl... | 4.6 | MEDIUM | — | 0 |
| CVE-2024-56195 Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to ve... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1954 A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /l... | 7.3 | HIGH | — | 0 |
| CVE-2025-1955 A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/s... | 3.5 | LOW | — | 0 |
| CVE-2025-1961 A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_c... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1964 A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file /booknow.php?roomname=Duplex. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2024-13868 The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflect... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-56202 Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade t... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-4804 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability req... | N/A | NONE | — | 0 |
| CVE-2025-2031 A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2032 A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads... | 3.5 | LOW | — | 0 |
| CVE-2025-2033 A vulnerability, which was classified as critical, was found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /user_dashboard/view_donor.php. The manipula... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2034 A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php?c... | 7.3 | HIGH | — | 0 |
| CVE-2025-2037 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_dashboard/delete_requester.php.... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2038 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to e... | 7.3 | HIGH | — | 0 |
| CVE-2024-13885 The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used a... | 7.1 | HIGH | — | 0 |
| CVE-2025-2039 A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/delete_members.php. The manipulation of the ... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-2044 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_bloo... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-2046 A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/print1.php. The mani... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2051 A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-visitor.php. The manipulat... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2052 A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulati... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2053 A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /visitor-detail.php. The manipulation ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-4805 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated admi... | N/A | NONE | — | 0 |
| CVE-2025-2054 A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_state.... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-2057 A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2025-2058 A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php.... | 7.3 | HIGH | — | 0 |
| CVE-2025-2059 A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. T... | 7.3 | HIGH | — | 0 |
| CVE-2025-2060 A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2025-2062 A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argu... | 7.3 | HIGH | — | 0 |
| CVE-2024-13891 The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high... | 7.1 | HIGH | — | 0 |
| CVE-2025-2063 A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The m... | 7.3 | HIGH | — | 0 |
| CVE-2025-2064 A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment... | 7.3 | HIGH | — | 0 |
| CVE-2025-2065 A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the arg... | 7.3 | HIGH | — | 0 |
| CVE-2025-2066 A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2025-2067 A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the ... | 7.3 | HIGH | — | 0 |
| CVE-2025-21837 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-13668 The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be u... | 7.1 | HIGH | — | 0 |
| CVE-2024-13615 The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow ... | 3.5 | LOW | — | 0 |
| CVE-2024-13805 The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, an... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13825 The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.