Skip to main content

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. No vendor patch available.

Information Disclosure
NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. No vendor patch available.

Information Disclosure
NVD
CVE-2025-64685 HIGH This Month

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-64684 MEDIUM Monitor

In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Youtrack
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-64683 MEDIUM This Month

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Hub
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64682 LOW Monitor

In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Authentication Bypass Hub
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-64681 LOW Monitor

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hub
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-64457 MEDIUM Monitor

In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition. Rated medium severity (CVSS 4.2). No vendor patch available.

Privilege Escalation Dottrace Resharper Rider
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-64456 HIGH This Month

In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Privilege Escalation Resharper
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-41001 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Soplanning
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12405 HIGH This Month

An improper privilege management vulnerability was found in Looker Studio. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-41107 MEDIUM This Month

Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/online_admission', wich affects the parameters. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smart School
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12409 HIGH This Month

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-12397 HIGH This Month

A SQL injection vulnerability was found in Looker Studio. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-12155 HIGH This Month

A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Command Injection
NVD
CVSS 4.0
7.1
EPSS
0.7%
CVE-2025-41731 HIGH This Month

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-62689 HIGH PATCH This Month

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Heap Overflow Libmicrohttpd Red Hat +1
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-59777 HIGH PATCH This Month

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libmicrohttpd Red Hat Suse
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-12613 HIGH PATCH This Month

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-12868 CRITICAL This Week

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-12867 HIGH This Month

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-12866 CRITICAL This Week

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-12865 HIGH This Month

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft U Office Force
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-12864 HIGH This Month

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft U Office Force
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-12925 MEDIUM POC This Week

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Forest
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-12924 MEDIUM POC This Month

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Forest
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy