CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-12622
8.8 HIGH

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument …

Nov 3, 2025
CVE-2025-12619
8.8 HIGH

A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in …

Nov 3, 2025
CVE-2025-12618
8.8 HIGH

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads …

Nov 3, 2025
CVE-2025-12617
7.3 HIGH

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing a manipulation of the argument …

Nov 3, 2025
CVE-2025-12611
8.8 HIGH

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads …

Nov 3, 2025
CVE-2025-12608
7.3 HIGH

A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manage_user.php. Performing …

Nov 3, 2025
CVE-2025-12607
7.3 HIGH

A vulnerability was identified in itsourcecode Online Loan Management System 1.0. Impacted is an unknown function of the file /manage_payment.php. Such manipulation of the argument …

Nov 3, 2025
CVE-2025-12606
7.3 HIGH

A vulnerability was determined in itsourcecode Online Loan Management System 1.0. This issue affects some unknown processing of the file /manage_borrower.php. This manipulation of the …

Nov 3, 2025
CVE-2025-12605
7.3 HIGH

A vulnerability was found in itsourcecode Online Loan Management System 1.0. This vulnerability affects unknown code of the file /manage_loan.php. The manipulation of the argument …

Nov 2, 2025
CVE-2025-12604
7.3 HIGH

A vulnerability has been found in itsourcecode Online Loan Management System 1.0. This affects an unknown part of the file /load_fields.php. The manipulation of the …

Nov 2, 2025
CVE-2025-12596
8.8 HIGH

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time …

Nov 2, 2025
CVE-2025-12595
8.8 HIGH

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes …

Nov 2, 2025
CVE-2025-12601
7.5 HIGH

Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Nov 1, 2025
CVE-2025-36367
8.8 HIGH

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious …

Nov 1, 2025
CVE-2025-6990
8.8 HIGH

The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the `TH_PhpCode` pagebuilder widget. This …

Nov 1, 2025
CVE-2025-6574
8.8 HIGH

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is …

Nov 1, 2025
CVE-2025-12171
8.8 HIGH

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions …

Nov 1, 2025
CVE-2025-11755
8.8 HIGH

The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via …

Nov 1, 2025
CVE-2025-10487
7.3 HIGH

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 …

Nov 1, 2025
CVE-2025-5949
8.8 HIGH

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is …

Nov 1, 2025
CVE-2025-11995
7.2 HIGH

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due …

Nov 1, 2025
CVE-2025-11920
8.8 HIGH

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in …

Nov 1, 2025
CVE-2025-63561
7.5 HIGH

Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where …

Oct 31, 2025
CVE-2025-64349
8.8 HIGH

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and …

Oct 31, 2025
CVE-2025-64348
7.1 HIGH

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with …

Oct 31, 2025
CVE-2025-63458
7.5 HIGH

Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63454
7.5 HIGH

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-62618
8.0 HIGH

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the …

Oct 31, 2025
CVE-2025-63459
7.5 HIGH

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63465
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63464
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63463
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63462
7.5 HIGH

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63461
7.5 HIGH

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63460
7.5 HIGH

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63469
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63468
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63467
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-63466
7.5 HIGH

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a …

Oct 31, 2025
CVE-2025-12509
8.4 HIGH

On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator …

Oct 31, 2025
CVE-2025-12508
8.4 HIGH

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise …

Oct 31, 2025
CVE-2025-12507
8.8 HIGH

The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs …

Oct 31, 2025
CVE-2025-64168
7.1 HIGH

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team …

Oct 31, 2025
CVE-2025-60749
7.8 HIGH

DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.

Oct 31, 2025
CVE-2025-57107
7.1 HIGH

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor …

Oct 31, 2025
CVE-2025-57106
7.5 HIGH

Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF …

Oct 31, 2025
CVE-2025-12501
7.5 HIGH

Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the …

Oct 31, 2025
CVE-2025-33003
7.8 HIGH

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution …

Oct 31, 2025
CVE-2025-64366
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy …

Oct 31, 2025
CVE-2025-64364
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue …

Oct 31, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.