CVE-2025-58430 - listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the... read CVE-2025-58430
Published: September 09, 2025; 4:15:48 PM -0400

V3.1: 6.1 MEDIUM

CVE-2025-45939 - Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (SSRF) via the test webhook function.
Published: July 25, 2025; 10:15:34 AM -0400

CVE-2025-45777 - An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supplying a crafted request.
Published: July 25, 2025; 10:15:34 AM -0400

CVE-2025-54379 - LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper... read CVE-2025-54379
Published: July 24, 2025; 7:15:26 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-45702 - SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.
Published: July 24, 2025; 1:15:32 PM -0400

CVE-2025-6921 - The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-con... read CVE-2025-6921
Published: September 23, 2025; 10:15:41 AM -0400

V3.1: 7.5 HIGH

CVE-2025-56819 - An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
Published: September 24, 2025; 12:15:38 PM -0400

CVE-2025-56815 - Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the f... read CVE-2025-56815
Published: September 24, 2025; 1:15:41 PM -0400

CVE-2025-56816 - Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's u... read CVE-2025-56816
Published: September 24, 2025; 1:15:41 PM -0400

CVE-2025-57438 - The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can... read CVE-2025-57438
Published: September 22, 2025; 2:15:45 PM -0400

CVE-2025-57437 - The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique ... read CVE-2025-57437
Published: September 22, 2025; 2:15:45 PM -0400

CVE-2025-1083 - A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untr... read CVE-2025-1083
Published: February 06, 2025; 6:15:08 PM -0500

V3.1: 6.8 MEDIUM

CVE-2025-1084 - A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remo... read CVE-2025-1084
Published: February 06, 2025; 7:15:28 PM -0500

V3.1: 4.3 MEDIUM

CVE-2025-2036 - A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0. It has been classified as critical. This affects an unknown part of the file details.php. The manipulation of the argument pro_id leads to sql injection. It is possible to initi... read CVE-2025-2036
Published: March 06, 2025; 2:15:28 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-2041 - A vulnerability, which was classified as critical, has been found in s-a-zhd Ecommerce-Website-using-PHP 1.0. Affected by this issue is some unknown functionality of the file /shop.php. The manipulation of the argument p_cat leads to sql injection... read CVE-2025-2041
Published: March 06, 2025; 4:15:16 PM -0500

V3.1: 9.8 CRITICAL

CVE-2024-58102 - An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.
Published: March 11, 2025; 4:15:10 AM -0400

V3.1: 6.5 MEDIUM

CVE-2025-27911 - An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events... read CVE-2025-27911
Published: March 11, 2025; 4:15:11 AM -0400

CVE-2025-27912 - An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/passwor... read CVE-2025-27912
Published: March 11, 2025; 4:15:11 AM -0400

CVE-2025-40664 - Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.
Published: May 26, 2025; 9:15:20 AM -0400

V3.1: 9.1 CRITICAL

CVE-2025-2176 - A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remot... read CVE-2025-2176
Published: March 11, 2025; 4:15:12 AM -0400

V3.1: 7.5 HIGH