Total
79903 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5663 | 1 Phpgurukul | 1 Auto\/taxi Stand Management System | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-48909 | 1 Aarboard | 1 Jave2 | 2025-06-06 | N/A | 8.8 HIGH |
| An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. | |||||
| CVE-2024-6477 | 1 Ayecode | 1 Userswp | 2025-06-06 | N/A | 7.5 HIGH |
| The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address | |||||
| CVE-2025-5621 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-5620 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-50858 | 1 Gestioip | 1 Gestioip | 2025-06-06 | N/A | 8.8 HIGH |
| Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration. | |||||
| CVE-2025-24398 | 1 Jenkins | 1 Bitbucket Server Integration | 2025-06-06 | N/A | 8.8 HIGH |
| Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2025-5625 | 1 Campcodes | 1 Online Teacher Record Management System | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5626 | 1 Campcodes | 1 Online Teacher Record Management System | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5629 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5018 | 2025-06-06 | N/A | 7.1 HIGH | ||
| The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242. | |||||
| CVE-2025-48909 | 2025-06-06 | N/A | 7.1 HIGH | ||
| Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-48911 | 2025-06-06 | N/A | 8.2 HIGH | ||
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48903 | 2025-06-06 | N/A | 7.8 HIGH | ||
| Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48906 | 2025-06-06 | N/A | 8.8 HIGH | ||
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48905 | 2025-06-06 | N/A | 8.1 HIGH | ||
| Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | |||||
| CVE-2025-49308 | 2025-06-06 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1. | |||||
| CVE-2025-28981 | 2025-06-06 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3. | |||||
| CVE-2025-49315 | 2025-06-06 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS allows SQL Injection. This issue affects Persian Woocommerce SMS: from n/a through 7.0.10. | |||||
| CVE-2025-39358 | 2025-06-06 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Posts Carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through 1.3.12. | |||||