CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-55742
8.0 HIGH

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG …

Aug 21, 2025
CVE-2025-55420
8.8 HIGH

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it …

Aug 21, 2025
CVE-2025-9305
7.3 HIGH

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The …

Aug 21, 2025
CVE-2025-9304
7.3 HIGH

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the …

Aug 21, 2025
CVE-2025-9303
8.8 HIGH

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument …

Aug 21, 2025
CVE-2025-55383
8.6 HIGH

Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the …

Aug 21, 2025
CVE-2025-55297
8.8 HIGH

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi …

Aug 21, 2025
CVE-2025-52194
7.5 HIGH

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header …

Aug 21, 2025
CVE-2025-48956
7.5 HIGH

vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be …

Aug 21, 2025
CVE-2025-9302
7.3 HIGH

A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid …

Aug 21, 2025
CVE-2025-55564
7.5 HIGH

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.

Aug 21, 2025
CVE-2025-55370
8.8 HIGH

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.

Aug 21, 2025
CVE-2025-55368
8.8 HIGH

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

Aug 21, 2025
CVE-2025-34158
8.5 HIGH

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server …

Aug 21, 2025
CVE-2025-9299
8.8 HIGH

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the …

Aug 21, 2025
CVE-2025-9298
8.8 HIGH

A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can …

Aug 21, 2025
CVE-2025-9297
8.8 HIGH

A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in …

Aug 21, 2025
CVE-2025-8592
8.1 HIGH

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or …

Aug 21, 2025
CVE-2025-48978
7.5 HIGH

An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent …

Aug 21, 2025
CVE-2025-27216
8.8 HIGH

Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.

Aug 21, 2025
CVE-2025-27215
8.1 HIGH

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to …

Aug 21, 2025
CVE-2025-9253
8.8 HIGH

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of …

Aug 20, 2025
CVE-2025-9252
8.8 HIGH

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the …

Aug 20, 2025
CVE-2025-9251
8.8 HIGH

A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. …

Aug 20, 2025
CVE-2025-9250
8.8 HIGH

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation …

Aug 20, 2025
CVE-2025-9249
8.8 HIGH

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation …

Aug 20, 2025
CVE-2025-9248
8.8 HIGH

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. …

Aug 20, 2025
CVE-2025-9247
8.8 HIGH

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file …

Aug 20, 2025
CVE-2025-9246
8.8 HIGH

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing …

Aug 20, 2025
CVE-2025-9245
8.8 HIGH

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing …

Aug 20, 2025
CVE-2025-5115
7.5 HIGH

In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames …

Aug 20, 2025
CVE-2025-54988
8.4 HIGH

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External …

Aug 20, 2025
CVE-2025-50902
8.8 HIGH

Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message.

Aug 20, 2025
CVE-2024-57152
7.5 HIGH

Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class

Aug 20, 2025
CVE-2025-9238
7.3 HIGH

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing …

Aug 20, 2025
CVE-2024-53495
7.5 HIGH

Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.

Aug 20, 2025
CVE-2025-8612
7.3 HIGH

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An …

Aug 20, 2025
CVE-2025-8309
8.1 HIGH

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability …

Aug 20, 2025
CVE-2025-28041
8.6 HIGH

Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.

Aug 20, 2025
CVE-2025-55732
7.5 HIGH

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people …

Aug 20, 2025
CVE-2025-55731
8.8 HIGH

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL …

Aug 20, 2025
CVE-2025-55498
7.5 HIGH

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

Aug 20, 2025
CVE-2025-55482
7.5 HIGH

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

Aug 20, 2025
CVE-2025-51991
8.8 HIGH

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global …

Aug 20, 2025
CVE-2024-57491
8.8 HIGH

Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle …

Aug 20, 2025
CVE-2025-55503
7.3 HIGH

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.

Aug 20, 2025
CVE-2025-55483
7.5 HIGH

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.

Aug 20, 2025
CVE-2025-54926
7.2 HIGH

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with …

Aug 20, 2025
CVE-2025-54925
7.5 HIGH

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious …

Aug 20, 2025
CVE-2025-54924
7.5 HIGH

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a …

Aug 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.