Full List

Search

Recent Vulnerabilities

• CVE-2025-45042 • published on May 5, 2025 Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
• CVE-2025-45322 • published on May 5, 2025 kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
• CVE-2025-45237 • published on May 5, 2025 Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
• CVE-2025-45239 • published on May 5, 2025 An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
• CVE-2025-45240 • published on May 5, 2025 foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
• CVE-2025-45242 • published on May 5, 2025 Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
• CVE-2025-45320 • published on May 5, 2025 A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
• CVE-2025-45321 • published on May 5, 2025 kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
• CVE-2025-45610 • published on May 5, 2025 Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload.
• CVE-2025-45236 • published on May 5, 2025 A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
• CVE-2025-45238 • published on May 5, 2025 foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.
• CVE-2025-45607 • published on May 5, 2025 An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.
• CVE-2025-45608 • published on May 5, 2025 Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.
• CVE-2025-45609 • published on May 5, 2025 Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload.
• CVE-2025-45611 • published on May 5, 2025 Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.
• CVE-2025-45614 • published on May 5, 2025 Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.
• CVE-2025-45613 • published on May 5, 2025 Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.
• CVE-2025-45618 • published on May 5, 2025 Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload.
• CVE-2025-45616 • published on May 5, 2025 Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.
• CVE-2025-45751 • published on May 5, 2025 SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.