CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-10234 A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argu... | 2.4 | LOW | — | 0 |
| CVE-2025-10235 A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes ... | 2.4 | LOW | — | 0 |
| CVE-2025-6088 In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. ... | 3.1 | LOW | — | 0 |
| CVE-2025-58320 Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. | 7.3 | HIGH | — | 0 |
| CVE-2025-58321 Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-10251 A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql in... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-39751 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-58065 Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password res... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-59055 InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers ... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-36222 IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without clie... | 8.7 | HIGH | — | 0 |
| CVE-2025-10271 A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. It is possible to... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10272 A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. The attack ca... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10273 A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traver... | 3.5 | LOW | — | 0 |
| CVE-2025-10274 A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cros... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-27238 Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them. | 3.5 | LOW | — | 0 |
| CVE-2025-27240 A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. | 7.2 | HIGH | — | 0 |
| CVE-2025-6638 A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This... | 7.5 | HIGH | — | 0 |
| CVE-2025-55996 Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface | 6.3 | MEDIUM | — | 0 |
| CVE-2025-39799 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-57579 An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password | 8.0 | HIGH | — | 0 |
| CVE-2024-45431 OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remot... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-45432 OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function ... | 7.5 | HIGH | — | 0 |
| CVE-2024-45433 OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper return control... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-45434 OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an obje... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-10321 A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can be execute... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10322 A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak pass... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10323 A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command... | 7.3 | HIGH | — | 0 |
| CVE-2025-10324 A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabl... | 7.3 | HIGH | — | 0 |
| CVE-2025-10325 A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command i... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10326 A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playl... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-45583 Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-45584 Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication. | 7.5 | HIGH | — | 0 |
| CVE-2025-45585 Multiple stored cross-site scripting (XSS) vulnerabilities in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-45586 An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request. | 7.5 | HIGH | — | 0 |
| CVE-2025-45587 A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.0 | HIGH | — | 0 |
| CVE-2025-10328 A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10358 A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list leads to o... | 7.3 | HIGH | — | 0 |
| CVE-2025-10359 A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command inject... | 7.3 | HIGH | — | 0 |
| CVE-2025-10366 A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross ... | 3.5 | LOW | — | 0 |
| CVE-2025-10367 A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross s... | 3.5 | LOW | — | 0 |
| CVE-2025-10368 A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in ... | 3.5 | LOW | — | 0 |
| CVE-2025-10369 A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. ... | 3.5 | LOW | — | 0 |
| CVE-2025-10373 A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /intranet/educar_turma_tipo_cad.php. Such manipulation of the argu... | 3.5 | LOW | — | 0 |
| CVE-2025-10384 A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executin... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-10389 A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. P... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-10390 A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID c... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-10391 A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument p... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10394 A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.j... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-10395 A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument c... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-10397 A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forge... | 4.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.