CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-36924
8.0 HIGH

In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Dec 11, 2025
CVE-2025-36923
8.0 HIGH

In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation …

Dec 11, 2025
CVE-2025-36919
7.8 HIGH

In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional …

Dec 11, 2025
CVE-2025-36918
7.8 HIGH

In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege …

Dec 11, 2025
CVE-2025-36916
7.0 HIGH

In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no …

Dec 11, 2025
CVE-2025-14536
7.3 HIGH

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file …

Dec 11, 2025
CVE-2025-13481
8.8 HIGH

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation …

Dec 11, 2025
CVE-2025-13214
7.6 HIGH

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker …

Dec 11, 2025
CVE-2025-13148
8.1 HIGH

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.

Dec 11, 2025
CVE-2025-56130
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.

Dec 11, 2025
CVE-2025-56129
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.

Dec 11, 2025
CVE-2025-56127
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua.

Dec 11, 2025
CVE-2025-56124
7.8 HIGH

OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get …

Dec 11, 2025
CVE-2025-56123
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get …

Dec 11, 2025
CVE-2025-56122
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file …

Dec 11, 2025
CVE-2025-56120
8.8 HIGH

OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set …

Dec 11, 2025
CVE-2025-56118
8.8 HIGH

OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set …

Dec 11, 2025
CVE-2025-56117
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Dec 11, 2025
CVE-2025-56114
8.8 HIGH

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Dec 11, 2025
CVE-2025-56113
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in …

Dec 11, 2025
CVE-2025-56111
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua.

Dec 11, 2025
CVE-2025-56110
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_deal_update in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua.

Dec 11, 2025
CVE-2025-56109
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin/wireless.lua.

Dec 11, 2025
CVE-2025-56108
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Dec 11, 2025
CVE-2025-56107
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.

Dec 11, 2025
CVE-2025-56106
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Dec 11, 2025
CVE-2025-56102
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Dec 11, 2025
CVE-2025-56101
8.8 HIGH

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Dec 11, 2025
CVE-2025-56099
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Dec 11, 2025
CVE-2025-56098
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Dec 11, 2025
CVE-2025-56097
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file …

Dec 11, 2025
CVE-2025-56096
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.

Dec 11, 2025
CVE-2025-56095
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set …

Dec 11, 2025
CVE-2025-56094
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua.

Dec 11, 2025
CVE-2025-56093
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.

Dec 11, 2025
CVE-2025-56092
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in …

Dec 11, 2025
CVE-2025-66918
8.8 HIGH

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.

Dec 11, 2025
CVE-2025-64669
7.8 HIGH

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Dec 11, 2025
CVE-2025-56091
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Dec 11, 2025
CVE-2025-56090
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set …

Dec 11, 2025
CVE-2025-56089
8.8 HIGH

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Dec 11, 2025
CVE-2025-56088
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.

Dec 11, 2025
CVE-2025-56087
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.

Dec 11, 2025
CVE-2025-56086
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file …

Dec 11, 2025
CVE-2025-56085
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file …

Dec 11, 2025
CVE-2025-56084
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file …

Dec 11, 2025
CVE-2025-56083
8.8 HIGH

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lua.

Dec 11, 2025
CVE-2025-56082
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua.

Dec 11, 2025
CVE-2025-56079
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file …

Dec 11, 2025
CVE-2025-56077
8.8 HIGH

OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file …

Dec 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.