Filter and search through 196,404 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-4106 | An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by up... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2025-41031 | Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a PO... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41030 | Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41028 | A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and de... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4102025 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2025-41019 | SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' pa... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41017 | Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from securi... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41016 | Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm e... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41010 | Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-dom... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41009 | SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data fr... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41006 | Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41005 | Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41004 | Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41003 | Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘/projects/hospital/admin/edit_p... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-41000 | Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-40992 | Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile',... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-40985 | SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data f... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-40980 | A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validati... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4098 | Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose i... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-40979 | DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow att... | 0.0 | 0 | Neutral | No | No |