| CVE-2022-2780 | In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. | high |
| CVE-2022-25665 | Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | high |
| CVE-2022-25664 | Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | medium |
| CVE-2022-25663 | Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | medium |
| CVE-2022-25662 | Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | high |
| CVE-2022-25661 | Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | high |
| CVE-2022-25660 | Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | high |
| CVE-2022-22078 | Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | medium |
| CVE-2022-22077 | Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile | high |
| CVE-2022-20464 | In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A | medium |
| CVE-2022-20397 | In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A | high |
| CVE-2021-46840 | The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | critical |
| CVE-2021-46839 | The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | critical |
| CVE-2021-36369 | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | high |
| CVE-2021-0699 | In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178 | high |
| CVE-2025-47899 | Rejected reason: Not used | No Score |
| CVE-2025-47898 | Rejected reason: Not used | No Score |
| CVE-2025-47897 | Rejected reason: Not used | No Score |
| CVE-2025-47896 | Rejected reason: Not used | No Score |
| CVE-2025-47895 | Rejected reason: Not used | No Score |
| CVE-2025-47894 | Rejected reason: Not used | No Score |
| CVE-2025-47893 | Rejected reason: Not used | No Score |
| CVE-2025-47892 | Rejected reason: Not used | No Score |
| CVE-2025-47891 | Rejected reason: Not used | No Score |
| CVE-2025-47729 | The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025. | medium |
| CVE-2025-47204 | An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | medium |
| CVE-2025-45956 | A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter | high |
| CVE-2025-45867 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. | medium |
| CVE-2025-45866 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. | medium |
| CVE-2025-45864 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. | medium |
| CVE-2025-45859 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. | medium |
| CVE-2025-45857 | EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. | critical |
| CVE-2025-44831 | EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | critical |
| CVE-2025-4470 | A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | medium |
| CVE-2025-4468 | A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-44135 | A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks. | medium |
| CVE-2025-44134 | A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks. | medium |
| CVE-2025-4316 | Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0. | medium |
| CVE-2025-4314 | A vulnerability has been found in SourceCodester Advanced Web Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument txtLogin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4313 | A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/admin_addnew_product.php. The manipulation of the argument txtProdId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4312 | A vulnerability, which was classified as critical, has been found in SourceCodester Advanced Web Store 1.0. This issue affects some unknown processing of the file /productdetail.php. The manipulation of the argument prodid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4283 | A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4282 | A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-41450 | Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2 | high |
| CVE-2025-4080 | A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4077 | A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4023 | A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | medium |
| CVE-2025-4022 | A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-4021 | A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | medium |
| CVE-2025-3998 | A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | medium |
