Total
295444 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47478 | 2025-05-23 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0. | |||||
| CVE-2025-48283 | 2025-05-23 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0. | |||||
| CVE-2025-4692 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
| Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform. | |||||
| CVE-2025-47541 | 2025-05-23 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7. | |||||
| CVE-2025-41407 | 2025-05-23 | N/A | 8.3 HIGH | ||
| Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in theĀ OU History report. | |||||
| CVE-2025-31056 | 2025-05-23 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0. | |||||
| CVE-2024-13955 | 2025-05-23 | N/A | 8.8 HIGH | ||
| 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2024-41199 | 2025-05-23 | N/A | 7.2 HIGH | ||
| An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2025-46456 | 2025-05-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through 1.2.5. | |||||
| CVE-2025-31423 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8. | |||||
| CVE-2025-5105 | 2025-05-23 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9163 | 2025-05-23 | N/A | 3.5 LOW | ||
| A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. | |||||
| CVE-2025-46468 | 2025-05-23 | N/A | 9.8 CRITICAL | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra allows PHP Local File Inclusion. This issue affects Fable Extra: from n/a through 1.0.6. | |||||
| CVE-2025-2394 | 2025-05-23 | N/A | N/A | ||
| Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | |||||
| CVE-2025-46463 | 2025-05-23 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection. This issue affects Mailing Group Listserv: from n/a through 3.0.4. | |||||
| CVE-2025-5111 | 2025-05-23 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-51360 | 2025-05-23 | N/A | N/A | ||
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
| CVE-2024-7487 | 2025-05-23 | N/A | 5.8 MEDIUM | ||
| An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process. | |||||
| CVE-2025-46474 | 2025-05-23 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects SEUR Oficial: from n/a through 2.2.23. | |||||
| CVE-2025-31397 | 2025-05-23 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce allows SQL Injection. This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a through 1.7. | |||||