CVE-2025-25468 - FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.
Published: February 18, 2025; 5:15:18 PM -0500

CVE-2025-25469 - FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.
Published: February 18, 2025; 5:15:18 PM -0500

CVE-2025-1555 - A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated re... read CVE-2025-1555
Published: February 21, 2025; 4:15:13 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-1618 - A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The a... read CVE-2025-1618
Published: February 24, 2025; 12:15:10 AM -0500

V3.1: 6.1 MEDIUM

CVE-2025-1676 - A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Affected by this vulnerability is the function pdf2swf of the file /pdf2swf. The manipulation of the argument file leads to os command injection. The... read CVE-2025-1676
Published: February 25, 2025; 6:15:09 AM -0500

V3.1: 9.8 CRITICAL

CVE-2024-1509 - Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows down... read CVE-2024-1509
Published: February 28, 2025; 5:15:38 PM -0500

V3.1: 9.1 CRITICAL

CVE-2025-25948 - Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
Published: March 02, 2025; 8:15:11 PM -0500

CVE-2025-25949 - A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID pa... read CVE-2025-25949
Published: March 02, 2025; 8:15:11 PM -0500

CVE-2025-9914 - The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.
Published: October 06, 2025; 3:15:36 AM -0400

V3.1: 7.5 HIGH

CVE-2025-9913 - JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
Published: October 06, 2025; 3:15:36 AM -0400

V3.1: 6.1 MEDIUM

CVE-2025-9862 - Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
Published: September 17, 2025; 11:15:43 AM -0400

V3.1: 6.5 MEDIUM

CVE-2025-10213 - DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\... read CVE-2025-10213
Published: September 10, 2025; 8:15:31 AM -0400

V3.1: 7.8 HIGH

CVE-2025-59379 - DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker t... read CVE-2025-59379
Published: January 06, 2026; 11:15:51 AM -0500

CVE-2025-60262 - An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is a... read CVE-2025-60262
Published: January 06, 2026; 11:15:51 AM -0500

CVE-2025-65212 - An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download th... read CVE-2025-65212
Published: January 06, 2026; 11:15:51 AM -0500

CVE-2025-60534 - Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate cr... read CVE-2025-60534
Published: January 06, 2026; 12:15:44 PM -0500

CVE-2025-15479 - Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote u... read CVE-2025-15479
Published: January 07, 2026; 9:15:53 AM -0500

V3.1: 5.4 MEDIUM

CVE-2025-62327 - In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
Published: January 07, 2026; 11:15:50 AM -0500

CVE-2025-61489 - A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.
Published: January 07, 2026; 12:16:00 PM -0500

V3.1: 6.5 MEDIUM

CVE-2025-65805 - OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi s... read CVE-2025-65805
Published: January 07, 2026; 12:16:00 PM -0500