CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-33076 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute a... | 8.8 | HIGH | β | 0 |
| CVE-2025-33077 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute a... | 8.8 | HIGH | β | 0 |
| CVE-2025-36116 IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this v... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36117 IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-50481 A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a ... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-51045 Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user inp... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-40596 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | 7.3 | HIGH | β | 0 |
| CVE-2025-40597 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution. | 7.5 | HIGH | β | 0 |
| CVE-2025-40598 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-2633 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requ... | 7.8 | HIGH | β | 0 |
| CVE-2025-2634 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacke... | 7.8 | HIGH | β | 0 |
| CVE-2025-46171 vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume exc... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-4439 An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-... | 7.7 | HIGH | β | 0 |
| CVE-2025-4700 An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allo... | 8.7 | HIGH | β | 0 |
| CVE-2025-47187 A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could... | 7.5 | HIGH | β | 0 |
| CVE-2025-50477 A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-44109 A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-32019 Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability ... | 4.1 | MEDIUM | β | 0 |
| CVE-2025-7822 The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notices hook in all versions up to, and including, 1.6.1. This... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-47281 Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service (DoS) vulnerability exists due to improper handling of JMESPath varia... | 7.7 | HIGH | β | 0 |
| CVE-2025-53537 LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, lea... | 7.5 | HIGH | β | 0 |
| CVE-2025-53942 authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 ... | 7.4 | HIGH | β | 0 |
| CVE-2016-15044 A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote at... | N/A | NONE | β | 0 |
| CVE-2025-0765 An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom se... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-1299 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that,... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-41240 Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthe... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-4393 Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or ele... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-4394 Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-4395 Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-4976 An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker t... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-7001 An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain reso... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-7437 The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. Thi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7852 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7745 Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2. | 5.8 | MEDIUM | β | 0 |
| CVE-2025-8009 The Security Ninja β WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-8107 In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands. This vulnerability only a... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-3669 The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auto_qrcodesabb shortcode in all versions up to, and including, 1.0.9 due to in... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-4608 The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 1.6.4 due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-7835 The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation o... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-5084 The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βargsArray['read_more_text']β parameter in all versions up to, and including, 3.4.13 due to insufficie... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-6262 The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to insufficient input san... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-6380 The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The pluginβs permission cal... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6382 The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The pluginβs render() method ta... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-6385 The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtitleβ parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-6387 The WP Get The Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and outp... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-7780 The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-6441 The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a m... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6539 The Voltax Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βidβ parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-6588 The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βerrorβ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-7640 The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.