CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-52896 Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scrip... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-6915 A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulat... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-6916 A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2025-52898 Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. Th... | 8.8 | HIGH | — | 0 |
| CVE-2025-6917 A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The manipulation of th... | 7.3 | HIGH | — | 0 |
| CVE-2025-52491 Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF. | 5.8 | MEDIUM | — | 0 |
| CVE-2025-52995 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the a... | 8.0 | HIGH | — | 0 |
| CVE-2025-49520 A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to... | 8.8 | HIGH | — | 0 |
| CVE-2025-49521 A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated us... | 8.8 | HIGH | — | 0 |
| CVE-2025-53004 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. T... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-6929 A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/view-normal-ticket.php. The manipulation... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-6930 A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/manage-foreigners-ticket.php. The manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-49365 tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This aff... | N/A | NONE | — | 0 |
| CVE-2025-6931 A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the co... | 3.7 | LOW | — | 0 |
| CVE-2025-6932 A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password ... | 3.7 | LOW | — | 0 |
| CVE-2025-6935 A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulat... | 7.3 | HIGH | — | 0 |
| CVE-2025-6936 A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ... | 7.3 | HIGH | — | 0 |
| CVE-2025-53005 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters.... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-6071 Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 21... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-6937 A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2024-46992 Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-b... | 7.8 | HIGH | — | 0 |
| CVE-2025-53003 The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surfac... | N/A | NONE | — | 0 |
| CVE-2025-6938 A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the... | 7.3 | HIGH | — | 0 |
| CVE-2024-46993 Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() a... | N/A | NONE | — | 0 |
| CVE-2024-49364 tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package.... | N/A | NONE | — | 0 |
| CVE-2025-6072 Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is... | 7.5 | HIGH | — | 0 |
| CVE-2025-6939 A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request ... | 8.8 | HIGH | — | 0 |
| CVE-2025-6940 A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the compone... | 8.8 | HIGH | — | 0 |
| CVE-2025-5967 A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data. | N/A | NONE | — | 0 |
| CVE-2025-6081 Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP ... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-6934 The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-41648 An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-41656 An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-34066 An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. T... | N/A | NONE | — | 0 |
| CVE-2025-6756 The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5314 The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all versions up to... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-6951 A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default crede... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-37097 A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service | 7.5 | HIGH | — | 0 |
| CVE-2025-49029 Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a t... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-6953 A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST ... | 8.8 | HIGH | — | 0 |
| CVE-2025-37098 A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. | 7.5 | HIGH | — | 0 |
| CVE-2025-6954 A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The manip... | 7.3 | HIGH | — | 0 |
| CVE-2025-6955 A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2025-6956 A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of the argument... | 7.3 | HIGH | — | 0 |
| CVE-2025-34050 A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of ... | N/A | NONE | — | 0 |
| CVE-2025-34051 A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An ... | N/A | NONE | — | 0 |
| CVE-2025-34053 An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".ca... | N/A | NONE | — | 0 |
| CVE-2025-34055 An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the D... | N/A | NONE | — | 0 |
| CVE-2025-34056 An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply i... | N/A | NONE | — | 0 |
| CVE-2025-34058 Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.