7.3
CVE-2025-40905 - WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
5.1
CVE-2026-26188 - Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP โฆ
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integration metadata areโฆ
8.8
CVE-2019-25335 - PRO-7070 Hazฤฑr Profesyonel Web Sitesi 1.0 - Authentication Bypass
PRO-7070 Hazฤฑr Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface.
8.6
CVE-2020-37167 - ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through theย ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytโฆ
7.1
CVE-2019-25342 - Centova Cast 3.2.12 - Denial of Service
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters.
6.7
CVE-2019-25341 - iNetTools for iOS 8.20 - 'Whois' Denial of Service
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.
6.7
CVE-2019-25340 - SpotAuditor 5.3.2 - 'Base64' Denial Of Service
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted intoโฆ
6.7
CVE-2019-25339 - GHIA CamIP 1.2 for iOS - 'Password' Denial of Service
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.
6.9
CVE-2019-25338 - Dokuwiki 2018-04-22b - Username Enumeration
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyziโฆ
5.3
CVE-2019-25337 - OwnCloud 8.1.8 - Username Disclosure
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user inforโฆ