CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-5913 A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manip... | 7.3 | HIGH | — | 0 |
| CVE-2025-5925 The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_opti... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5934 A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overf... | 8.8 | HIGH | — | 0 |
| CVE-2025-5952 A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1... | 7.3 | HIGH | — | 0 |
| CVE-2025-5945 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-13089 An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges ma... | 7.2 | HIGH | — | 0 |
| CVE-2024-13090 A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing ... | 7.0 | HIGH | — | 0 |
| CVE-2025-41657 Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-43697 Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025 | 7.5 | HIGH | — | 0 |
| CVE-2025-43698 Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-43699 Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check. This impacts OmniStudio: before Spring 2025 | 5.3 | MEDIUM | — | 0 |
| CVE-2025-43700 Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. | 7.5 | HIGH | — | 0 |
| CVE-2025-43701 Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. | 7.5 | HIGH | — | 0 |
| CVE-2025-49454 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt:... | 8.1 | HIGH | — | 0 |
| CVE-2025-49455 Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49507 Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49509 Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-49510 Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Mana... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-41797 A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-27206 Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacke... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-40585 A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR comp... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-40591 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX15... | 7.7 | HIGH | — | 0 |
| CVE-2025-43585 Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker... | 8.2 | HIGH | — | 0 |
| CVE-2025-43586 Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privilege... | 8.1 | HIGH | — | 0 |
| CVE-2025-44043 Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-44044 Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrat... | 7.5 | HIGH | — | 0 |
| CVE-2025-49709 Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-48937 matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Acc... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-4653 Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105. | N/A | NONE | — | 0 |
| CVE-2025-4678 Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105. | N/A | NONE | — | 0 |
| CVE-2025-4801 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2024-57186 In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-57189 In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-57190 Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-30317 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Expl... | 7.8 | HIGH | — | 0 |
| CVE-2025-30321 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnera... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43558 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati... | 7.8 | HIGH | — | 0 |
| CVE-2025-43589 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | — | 0 |
| CVE-2025-43590 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati... | 7.8 | HIGH | — | 0 |
| CVE-2025-43593 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati... | 7.8 | HIGH | — | 0 |
| CVE-2025-47104 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-5973 A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-table.php. The ... | 2.4 | LOW | — | 0 |
| CVE-2025-47105 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabil... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-47106 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-5970 A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The... | 2.4 | LOW | — | 0 |
| CVE-2024-37394 A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-37395 A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-47102 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. | N/A | NONE | — | 0 |
| CVE-2022-4976 Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 a... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-37396 A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the '... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.