Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the WinGUp updater. The update mechanism fails to cryptographically verify downloaded metadata and installers, allowing man-in-the-middle attackers to serve malicious executables during the update process. KEV-listed, this supply chain risk affects one of the most widely used text editors on Windows.
FUXA v1.2.7 has hard-coded JWT credentials (EPSS 4.8%) that allow attackers to forge authentication tokens and bypass all access controls on the SCADA interface.
AdminPando 1.0.1 by Fikir Odalari has a CVSS 10.0 SQL injection in the login functionality allowing complete authentication bypass and database takeover.
Dokans SaaS e-commerce platform v3.9.2 has a CVSS 10.0 authentication bypass allowing unauthenticated attackers to obtain sensitive application secrets and tenant data.
School ERP Pro 1.0 allows students to upload arbitrary PHP files, enabling remote code execution from a low-privileged student account.
CI4MS (CodeIgniter 4 CMS skeleton) has a code injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary PHP code through the CMS module system.
TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface.
TOTOLINK A950RG has a third buffer overflow in setRadvdCfg providing yet another RCE vector through the router's IPv6 configuration interface.
CraftCMS 3 vCard Plugin 1.0.0 has an insecure deserialization vulnerability allowing unauthenticated remote code execution through crafted vCard data.
webERP 4.15.1 has an unauthenticated file access vulnerability allowing remote attackers to download sensitive files including configuration and database credentials.
LanSend 3.2 has a buffer overflow in the Add Computers Wizard file import enabling code execution through crafted computer list files.
CloudMe 1.11.2 cloud sync application has a buffer overflow enabling remote code execution through the network sync protocol.
Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the industrial monitoring database.
TOTOLINK A950RG has a stack-based buffer overflow in a second endpoint, providing an additional RCE vector through the router's CGI interface.
MediaCrush through version 1.0.1 allows unauthenticated arbitrary file upload without file type restrictions, enabling web shell deployment and remote code execution.
YouDataSum CPAS Audit Management System v4.9 has a SQL injection in the archive report endpoint allowing extraction of audit and compliance data.
Konica Minolta FTP Utility 1.0 has a second buffer overflow in the NLST command, providing an additional RCE vector alongside the LIST vulnerability.
Konica Minolta FTP Utility 1.0 has a buffer overflow in the LIST command allowing remote attackers to execute code on systems running the utility.
Remote Desktop Audit 2.3.0.157 has a buffer overflow enabling code execution through crafted RDP scan responses.
StreamRipper32 2.6 has a buffer overflow in the Station/Song Section allowing remote code execution through crafted audio stream metadata.
GoldWave 5.70 audio editor has a buffer overflow enabling code execution through crafted audio files.
webTareas 2.0.p8 has an arbitrary file deletion vulnerability in the print_layout.php admin component enabling system disruption.
Filetto 1.0 FTP server has a denial of service vulnerability in FEAT command processing causing uncontrolled resource consumption.
Open Eclass Platform versions up to 1.7.3 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Victor Cms versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise. [CVSS 8.8 HIGH]
import module contains a vulnerability that allows attackers to delete arbitrary files by manipulating the delete_import parameter (CVSS 8.8).
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 8.7 HIGH]
Authorization bypass in EspoCRM 5.8.5 lets an authenticated low-privilege user reuse or manipulate Basic-Authorization and Espo-Authorization tokens to authenticate as a different user, including administrators, and inherit their privileges. The flaw stems from the login path never binding an auth token to its owning user, so a token valid for one account is accepted for another when passwords collide, also defeating two-factor authentication. Publicly available exploit code exists (Exploit-DB 48376); EPSS is low at 0.35%, and the issue is not listed in CISA KEV.
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. [CVSS 7.5 HIGH]
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. [CVSS 8.2 HIGH]
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. [CVSS 8.2 HIGH]
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. [CVSS 8.2 HIGH]
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. [CVSS 8.2 HIGH]
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. [CVSS 8.2 HIGH]
Ziroom ZHOME A0101 devices running version 1.0.1.0 use hardcoded default credentials in the Dropbear SSH service, enabling unauthenticated remote attackers to gain unauthorized access with high impact to confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response. While exploitation requires specific conditions, security professionals should prioritize assessment and credential rotation for affected systems.
WCAssistantService contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Syncbreeze versions up to 12.4.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. [CVSS 7.8 HIGH]
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. [CVSS 7.8 HIGH]
its service configuration contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Anydesk versions up to 5.4.0 contains a vulnerability that allows attackers to potentially inject malicious executables (CVSS 7.8).
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. [CVSS 7.8 HIGH]
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. [CVSS 7.8 HIGH]
Pc Helpsoft Driver Updater versions up to 9.1.57803.1174 is affected by improper access control (CVSS 7.8).
Arbitrary code execution in iccDEV versions prior to 2.3.1.2 via stack-based buffer overflow in the icFixXml() function when parsing malformed ICC color profiles with crafted NamedColor2 tags. Local attackers with user interaction can exploit this vulnerability to execute arbitrary code with high impact on confidentiality, integrity, and availability. Public exploit code exists and a patch is available in version 2.3.1.2 and later.
Open Eclass Platform versions up to 4.2 is affected by authorization bypass through user-controlled key (CVSS 7.5).
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device. [CVSS 7.5 HIGH]
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. [CVSS 7.5 HIGH]
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. [CVSS 7.5 HIGH]