Skip to main content
CVE-2025-5450 MEDIUM This Month

A security vulnerability in the certificate management component of Ivanti Connect Secure (CVSS 6.3) that allows a remote authenticated admin with read-only rights. Remediation should follow standard vulnerability management procedures.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-48386 MEDIUM PATCH This Month

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Buffer Overflow Ubuntu Debian Red Hat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-47980 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-49545 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses.

SSRF Coldfusion
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21000 MEDIUM This Month

A security vulnerability in Bluetooth (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21002 MEDIUM This Month

A security vulnerability in LeAudioService (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21001 MEDIUM This Month

A security vulnerability in LeAudioService (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-20997 MEDIUM This Month

A security vulnerability in Framework for Galaxy Watch (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21433 MEDIUM This Month

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Null Pointer Dereference Denial Of Service Wcn6450 Firmware Qcm2150 Firmware Snapdragon 888 5g Mobile Firmware +262
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21004 MEDIUM This Month

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.

Information Disclosure Wear Os
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-23364 MEDIUM This Month

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.

RCE Tia Administrator
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-7192 LOW POC Monitor

A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Command Injection D-Link
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-42956 MEDIUM PATCH This Month

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.

SAP XSS Sap Basis
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42969 MEDIUM This Month

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On successful exploitation, the attacker can access or modify sensitive information within the scope of victim's web browser, with no impact on availability of the application.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42981 MEDIUM This Month

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.

SAP Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-7181 LOW POC Monitor

A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7152 LOW POC Monitor

A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7175 LOW POC Monitor

A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7190 LOW POC Monitor

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7167 LOW POC Monitor

A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7166 LOW POC Monitor

A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7163 LOW POC Monitor

A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/add-animals.php. The manipulation of the argument cnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7162 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/add-foreigners-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7161 LOW POC Monitor

A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7159 LOW POC Monitor

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-animals.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7158 LOW POC Monitor

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-normal-ticket.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7182 LOW POC Monitor

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7200 LOW POC Monitor

A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7189 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipulation of the argument msg leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7188 LOW POC Monitor

A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7187 LOW POC Monitor

A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7186 LOW POC Monitor

A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-42985 MEDIUM This Month

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

SAP Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40720 MEDIUM PATCH This Month

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /<Client>FacturaE/VerFacturaPDF.

XSS Quiter Gateway
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40719 MEDIUM PATCH This Month

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF.

XSS Quiter Gateway
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-42962 MEDIUM This Month

SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-43039 MEDIUM This Month

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

XSS IBM Openpages With Watson
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-7177 LOW POC Monitor

A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the argument wpid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-21195 MEDIUM PATCH This Month

Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

Information Disclosure Azure Service Fabric
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-7153 LOW POC Monitor

A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-40742 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-48823 MEDIUM PATCH This Month

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 1607 Windows 10 22h2 Windows 11 22h2 +11
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-42970 MEDIUM This Month

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

Path Traversal
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-49722 MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 Windows Server 2016 Windows 10 1507 +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-48002 MEDIUM PATCH This Month

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.

Microsoft Information Disclosure Buffer Overflow Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-0292 MEDIUM This Month

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

SSRF Ivanti Policy Secure Connect Secure
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-36357 MEDIUM PATCH This Month

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

Information Disclosure Ubuntu Debian Red Hat Suse
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2024-36350 MEDIUM PATCH This Month

A security vulnerability in some AMD processors may allow an attacker to infer data from previous stores (CVSS 5.6) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian Red Hat Suse
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-42979 MEDIUM This Month

CVE-2025-42979 is a security vulnerability (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Microsoft SAP Information Disclosure Windows
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-49664 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows 11 22h2 Windows 10 21h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 7 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy