0.0
CVE-2025-57746 -
Not used
5.1
CVE-2025-9137 - Scada-LTS scheduled_events.shtm cross site scripting
A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vend…
4.8
CVE-2025-9136 - libretro RetroArch file_stream.c filestream_vscanf out-of-bounds
A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It…
4.8
CVE-2025-9135 - Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml impr…
A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. …
4.4
CVE-2025-8783 - Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title'
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access…
4.8
CVE-2025-9134 - AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of androi…
A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The…
6.4
CVE-2025-8567 - Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widg…
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contr…
6.5
CVE-2025-41685 - SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.
7.5
CVE-2025-41689 - Wiesemann & Theis: Motherbox 3 allows unauthenticated read-only DB access
An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.
6.4
CVE-2025-8622 - Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Map…
The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a…