Filter and search through 196,499 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-43873 | Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. | 0.0 | 0 | Neutral | No |
| No |
| CVE-2025-43856 | immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oaut... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43855 | ### Summary An unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthentica... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-4384 | The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4379 | DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitra... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43774 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote aut... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-43772 | Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not r... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-4377 | Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.p... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4376 | Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue af... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4375 | Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cros... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4364 | The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obt... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43490 | A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow e... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43264 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43219 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43210 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4321 | In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will brin... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4318 | The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially a... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-43018 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-4280 | MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-4273 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |