Filter and search through 197,149 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-54515 | The Secure Flag passed to Versal™ Adaptive SoC’s Arm® Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (P... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2025-5448 | Rejected reason: This CVE id was assigned but later discarded. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54476 | Improper handling of input could lead to a cross-site scripting (XSS) vector in the checkAttribute method of the input filter framework class. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-54475 | A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54474 | A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL co... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54473 | An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54465 | This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54464 | This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with phys... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54461 | ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54433 | ## Summary In affected versions, ingestion paths construct file locations directly from untrusted `event_id` input without validation. A specially cr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-54432 | Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54429 | Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. pre... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54427 | Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrin... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54426 | Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Cu... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54420 | Rejected reason: This CVE is a duplicate of CVE-2025-8129. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54415 | dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54414 | Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources fro... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-54413 | ## Summary An inconsistency in `MethodNode` can be exploited to access unexpected object fields through dot notation. This can be used to achieve **a... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-54412 | ## Summary An inconsistency in `OperatorFuncNode` can be exploited to hide the execution of untrusted `operator.xxx` methods. This can then be used in... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-54407 | Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSess... | 0.0 | 0 | Neutral | No | No |