CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-41067
7.5 HIGH

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request …

Oct 27, 2025
CVE-2025-12277
7.3 HIGH

A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument …

Oct 27, 2025
CVE-2025-12274
8.8 HIGH

A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of …

Oct 27, 2025
CVE-2025-12273
8.8 HIGH

A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page …

Oct 27, 2025
CVE-2025-12272
8.8 HIGH

A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing a manipulation of the argument …

Oct 27, 2025
CVE-2025-12271
8.8 HIGH

A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to …

Oct 27, 2025
CVE-2025-59461
7.6 HIGH

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.

Oct 27, 2025
CVE-2025-59460
7.5 HIGH

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases …

Oct 27, 2025
CVE-2025-12265
8.8 HIGH

A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the …

Oct 27, 2025
CVE-2025-8432
8.4 HIGH

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue …

Oct 27, 2025
CVE-2025-12260
8.8 HIGH

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter …

Oct 27, 2025
CVE-2025-12259
8.8 HIGH

A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter …

Oct 27, 2025
CVE-2025-12258
8.8 HIGH

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation …

Oct 27, 2025
CVE-2025-12257
7.3 HIGH

A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /view_result.php. The manipulation …

Oct 27, 2025
CVE-2025-46582
7.7 HIGH

A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, …

Oct 27, 2025
CVE-2025-12253
7.3 HIGH

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation …

Oct 27, 2025
CVE-2025-12248
7.3 HIGH

A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument …

Oct 27, 2025
CVE-2025-12247
7.0 HIGH

A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted …

Oct 27, 2025
CVE-2025-12241
8.8 HIGH

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation …

Oct 27, 2025
CVE-2025-12240
8.8 HIGH

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip …

Oct 27, 2025
CVE-2025-12239
8.8 HIGH

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to …

Oct 27, 2025
CVE-2025-12237
7.3 HIGH

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument …

Oct 27, 2025
CVE-2025-12236
8.8 HIGH

A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes …

Oct 27, 2025
CVE-2025-12235
8.0 HIGH

A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results …

Oct 27, 2025
CVE-2025-12234
8.8 HIGH

A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads …

Oct 27, 2025
CVE-2025-12233
8.8 HIGH

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of …

Oct 27, 2025
CVE-2025-12232
8.8 HIGH

A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the …

Oct 27, 2025
CVE-2025-12055
7.5 HIGH

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack …

Oct 27, 2025
CVE-2025-12225
8.8 HIGH

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. …

Oct 27, 2025
CVE-2025-12215
7.3 HIGH

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the …

Oct 27, 2025
CVE-2025-12214
8.8 HIGH

A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue affects the function SetValue/GetValue of the file /goform/sysAutoReboot. Performing a manipulation of the argument enable …

Oct 27, 2025
CVE-2025-12213
8.8 HIGH

A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). This vulnerability affects the function SetValue/GetValue of the file /goform/setVlanConfig. Such manipulation of the argument …

Oct 27, 2025
CVE-2025-12212
8.8 HIGH

A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes …

Oct 27, 2025
CVE-2025-12211
8.8 HIGH

A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of …

Oct 27, 2025
CVE-2025-12210
8.8 HIGH

A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument …

Oct 27, 2025
CVE-2025-12209
8.8 HIGH

A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can …

Oct 27, 2025
CVE-2025-12208
7.3 HIGH

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the …

Oct 27, 2025
CVE-2025-62986
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6.

Oct 27, 2025
CVE-2025-62962
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.

Oct 27, 2025
CVE-2025-62957
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.

Oct 27, 2025
CVE-2025-62956
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.

Oct 27, 2025
CVE-2025-62945
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= …

Oct 27, 2025
CVE-2025-62934
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4.

Oct 27, 2025
CVE-2025-62933
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.

Oct 27, 2025
CVE-2025-62896
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.

Oct 27, 2025
CVE-2025-62886
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.3.

Oct 27, 2025
CVE-2025-11447
7.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have …

Oct 27, 2025
CVE-2025-10497
7.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have …

Oct 27, 2025
CVE-2025-8709
7.3 HIGH

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises …

Oct 26, 2025
CVE-2025-12221
8.8 HIGH

Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.