CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-49001 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a J... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49002 DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5527 A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipula... | 8.8 | HIGH | — | 0 |
| CVE-2025-5542 A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server... | 2.4 | LOW | — | 0 |
| CVE-2025-24015 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being val... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-27811 A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the ... | 7.8 | HIGH | — | 0 |
| CVE-2025-5543 A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page... | 2.4 | LOW | — | 0 |
| CVE-2025-5545 A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5546 A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-49202 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49203 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49204 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49205 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49206 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49207 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49208 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49209 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49210 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-49223 billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injec... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5554 A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-re... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-48960 Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. | N/A | NONE | — | 0 |
| CVE-2025-5531 The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5532 The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all version... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5556 A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5557 A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. Th... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5558 A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5560 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argumen... | 7.3 | HIGH | — | 0 |
| CVE-2024-31127 An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. | 7.3 | HIGH | — | 0 |
| CVE-2025-5561 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-d... | 7.3 | HIGH | — | 0 |
| CVE-2025-5562 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail... | 7.3 | HIGH | — | 0 |
| CVE-2025-5566 A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata le... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-48710 kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confus... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-4578 The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-4580 The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5572 A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of t... | 8.8 | HIGH | — | 0 |
| CVE-2025-48961 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. | N/A | NONE | — | 0 |
| CVE-2025-5573 A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulat... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5574 A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. The manipulation of the argument c... | 7.3 | HIGH | — | 0 |
| CVE-2025-5575 A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The manipulation of the argu... | 7.3 | HIGH | — | 0 |
| CVE-2024-13967 This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: throug... | 8.8 | HIGH | — | 0 |
| CVE-2025-27444 A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected un... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-5576 A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php... | 7.3 | HIGH | — | 0 |
| CVE-2025-48962 Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | N/A | NONE | — | 0 |
| CVE-2025-49067 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-5577 A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /profile.php. The manipulation of the argu... | 7.3 | HIGH | — | 0 |
| CVE-2025-5578 A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-deta... | 7.3 | HIGH | — | 0 |
| CVE-2025-5579 A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php. The mani... | 7.3 | HIGH | — | 0 |
| CVE-2025-5580 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument emai... | 7.3 | HIGH | — | 0 |
| CVE-2025-5581 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of th... | 7.3 | HIGH | — | 0 |
| CVE-2025-29094 Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages component... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.