CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-57760
8.8 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with …

Aug 25, 2025
CVE-2025-29421
7.5 HIGH

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.

Aug 25, 2025
CVE-2025-29420
7.5 HIGH

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

Aug 25, 2025
CVE-2025-55409
8.8 HIGH

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.

Aug 25, 2025
CVE-2025-53119
7.5 HIGH

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.

Aug 25, 2025
CVE-2025-29523
7.2 HIGH

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.

Aug 25, 2025
CVE-2025-5302
8.6 HIGH

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion …

Aug 25, 2025
CVE-2025-56216
8.5 HIGH

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

Aug 25, 2025
CVE-2025-53510
8.8 HIGH

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, …

Aug 25, 2025
CVE-2025-53085
8.8 HIGH

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a …

Aug 25, 2025
CVE-2025-52930
8.8 HIGH

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a …

Aug 25, 2025
CVE-2025-52456
8.8 HIGH

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation …

Aug 25, 2025
CVE-2025-51281
7.0 HIGH

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to …

Aug 25, 2025
CVE-2025-50129
8.8 HIGH

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a …

Aug 25, 2025
CVE-2025-46407
8.8 HIGH

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, …

Aug 25, 2025
CVE-2025-35984
8.8 HIGH

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a …

Aug 25, 2025
CVE-2025-32468
8.8 HIGH

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, …

Aug 25, 2025
CVE-2025-52461
8.2 HIGH

An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file …

Aug 25, 2025
CVE-2025-46411
8.1 HIGH

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER …

Aug 25, 2025
CVE-2025-43960
8.6 HIGH

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a …

Aug 25, 2025
CVE-2025-29516
7.2 HIGH

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function.

Aug 25, 2025
CVE-2025-26467
8.8 HIGH

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted …

Aug 25, 2025
CVE-2023-47799
7.5 HIGH

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the …

Aug 25, 2025
CVE-2025-9393
8.8 HIGH

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing …

Aug 24, 2025
CVE-2025-9392
8.8 HIGH

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. …

Aug 24, 2025
CVE-2025-9380
7.8 HIGH

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component …

Aug 24, 2025
CVE-2025-9379
7.2 HIGH

A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes …

Aug 24, 2025
CVE-2025-36174
8.0 HIGH

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another …

Aug 24, 2025
CVE-2025-9363
8.8 HIGH

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The …

Aug 23, 2025
CVE-2025-9361
8.8 HIGH

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. …

Aug 23, 2025
CVE-2025-9360
8.8 HIGH

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. …

Aug 23, 2025
CVE-2025-9359
8.8 HIGH

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. …

Aug 23, 2025
CVE-2025-9358
8.8 HIGH

A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file …

Aug 23, 2025
CVE-2025-5060
8.1 HIGH

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin …

Aug 23, 2025
CVE-2025-9357
8.8 HIGH

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation …

Aug 23, 2025
CVE-2025-7813
7.2 HIGH

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, …

Aug 23, 2025
CVE-2025-9048
8.1 HIGH

The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up …

Aug 23, 2025
CVE-2025-43768
7.7 HIGH

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update …

Aug 23, 2025
CVE-2025-9356
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file …

Aug 22, 2025
CVE-2025-9355
8.8 HIGH

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file …

Aug 22, 2025
CVE-2025-52451
8.5 HIGH

Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before …

Aug 22, 2025
CVE-2025-26498
7.3 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: …

Aug 22, 2025
CVE-2025-26497
7.3 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau …

Aug 22, 2025
CVE-2025-6791
8.8 HIGH

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an …

Aug 22, 2025
CVE-2025-55454
8.8 HIGH

An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file.

Aug 22, 2025
CVE-2025-54813
7.5 HIGH

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain …

Aug 22, 2025
CVE-2025-4650
7.2 HIGH

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used …

Aug 22, 2025
CVE-2024-48988
7.6 HIGH

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes …

Aug 22, 2025
CVE-2025-55581
7.3 HIGH

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and …

Aug 22, 2025
CVE-2025-52287
8.8 HIGH

OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.

Aug 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.