Common Vulnerabilities and Exposures (CVE)

CVE-2025-40931

Apr 12, 2026 17:19:38 UTC

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() ...

CVE-2019-25713

Apr 12, 2026 12:28:57 UTC

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to t...

CVE-2019-25712

Apr 12, 2026 12:28:56 UTC

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 25...

CVE-2019-25711

Apr 12, 2026 12:28:55 UTC

SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload...

CVE-2019-25710

Apr 12, 2026 12:28:54 UTC

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST para...

CVE-2019-25709

Apr 12, 2026 12:28:54 UTC

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deseri...

CVE-2019-25708

Apr 12, 2026 12:28:53 UTC

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms t...

CVE-2019-25707

Apr 12, 2026 12:28:52 UTC

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQ...

CVE-2019-25706

Apr 12, 2026 12:28:52 UTC

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint...

CVE-2019-25705

Apr 12, 2026 12:28:51 UTC

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text ...

CVE-2019-25703

Apr 12, 2026 12:28:50 UTC

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.ph...

CVE-2019-25701

Apr 12, 2026 12:28:49 UTC

Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996...

CVE-2019-25699

Apr 12, 2026 12:28:49 UTC

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attack...

CVE-2019-25697

Apr 12, 2026 12:28:48 UTC

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_...

CVE-2019-25695

Apr 12, 2026 12:28:47 UTC

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP in...