CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9251
8.8 HIGH

A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. …

Aug 20, 2025
CVE-2025-9250
8.8 HIGH

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation …

Aug 20, 2025
CVE-2025-9249
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation …

Aug 20, 2025
CVE-2025-9248
8.8 HIGH

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. …

Aug 20, 2025
CVE-2025-9247
8.8 HIGH

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file …

Aug 20, 2025
CVE-2025-9246
8.8 HIGH

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing …

Aug 20, 2025
CVE-2025-9245
8.8 HIGH

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing …

Aug 20, 2025
CVE-2025-5115
7.5 HIGH

In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames …

Aug 20, 2025
CVE-2025-54988
8.4 HIGH

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External …

Aug 20, 2025
CVE-2025-50902
8.8 HIGH

Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message.

Aug 20, 2025
CVE-2024-57152
7.5 HIGH

Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class

Aug 20, 2025
CVE-2025-9238
7.3 HIGH

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing …

Aug 20, 2025
CVE-2024-53495
7.5 HIGH

Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.

Aug 20, 2025
CVE-2025-8612
7.3 HIGH

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An …

Aug 20, 2025
CVE-2025-8309
8.1 HIGH

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability …

Aug 20, 2025
CVE-2025-28041
8.6 HIGH

Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.

Aug 20, 2025
CVE-2025-55732
7.5 HIGH

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people …

Aug 20, 2025
CVE-2025-55731
8.8 HIGH

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL …

Aug 20, 2025
CVE-2025-55498
7.5 HIGH

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

Aug 20, 2025
CVE-2025-55482
7.5 HIGH

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

Aug 20, 2025
CVE-2025-51991
8.8 HIGH

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global …

Aug 20, 2025
CVE-2024-57491
8.8 HIGH

Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle …

Aug 20, 2025
CVE-2025-55503
7.3 HIGH

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.

Aug 20, 2025
CVE-2025-55483
7.5 HIGH

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.

Aug 20, 2025
CVE-2025-54926
7.2 HIGH

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with …

Aug 20, 2025
CVE-2025-54925
7.5 HIGH

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious …

Aug 20, 2025
CVE-2025-54924
7.5 HIGH

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a …

Aug 20, 2025
CVE-2025-50503
8.8 HIGH

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By …

Aug 20, 2025
CVE-2025-32010
8.1 HIGH

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary …

Aug 20, 2025
CVE-2025-31355
7.2 HIGH

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary …

Aug 20, 2025
CVE-2025-30256
8.6 HIGH

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can …

Aug 20, 2025
CVE-2025-24496
7.5 HIGH

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive …

Aug 20, 2025
CVE-2025-24322
8.1 HIGH

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to …

Aug 20, 2025
CVE-2025-57732
7.5 HIGH

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

Aug 20, 2025
CVE-2025-57731
8.7 HIGH

In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content

Aug 20, 2025
CVE-2025-5261
7.5 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.

Aug 20, 2025
CVE-2025-5260
8.6 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.

Aug 20, 2025
CVE-2025-55715
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg …

Aug 20, 2025
CVE-2025-54750
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local …

Aug 20, 2025
CVE-2025-54735
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24.

Aug 20, 2025
CVE-2025-54670
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through <= …

Aug 20, 2025
CVE-2025-54056
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue …

Aug 20, 2025
CVE-2025-54055
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= …

Aug 20, 2025
CVE-2025-54052
7.5 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a …

Aug 20, 2025
CVE-2025-54044
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Reflected XSS.This issue affects Elite Video Player: …

Aug 20, 2025
CVE-2025-54034
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters newsletters-lite allows PHP Local File Inclusion.This …

Aug 20, 2025
CVE-2025-54032
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate …

Aug 20, 2025
CVE-2025-54031
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board supportboard allows PHP Local File Inclusion.This …

Aug 20, 2025
CVE-2025-54028
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP …

Aug 20, 2025
CVE-2025-54027
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a …

Aug 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.