CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-8244
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the …

Jul 27, 2025
CVE-2025-8243
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component …

Jul 27, 2025
CVE-2025-8242
8.8 HIGH

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component …

Jul 27, 2025
CVE-2025-8241
7.3 HIGH

A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file …

Jul 27, 2025
CVE-2025-8240
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of …

Jul 27, 2025
CVE-2025-8239
7.3 HIGH

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. …

Jul 27, 2025
CVE-2025-8238
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation …

Jul 27, 2025
CVE-2025-8237
7.3 HIGH

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

Jul 27, 2025
CVE-2025-8236
7.3 HIGH

A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. …

Jul 27, 2025
CVE-2025-8235
7.3 HIGH

A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. …

Jul 27, 2025
CVE-2025-8234
7.3 HIGH

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jul 27, 2025
CVE-2025-8233
7.3 HIGH

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jul 27, 2025
CVE-2025-8232
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The …

Jul 27, 2025
CVE-2025-8220
7.3 HIGH

A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component …

Jul 27, 2025
CVE-2025-54597
7.2 HIGH

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

Jul 27, 2025
CVE-2025-8185
7.3 HIGH

A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the …

Jul 26, 2025
CVE-2025-8184
8.8 HIGH

A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of …

Jul 26, 2025
CVE-2025-6991
7.5 HIGH

The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'TH_LatestPosts4` widget. This makes …

Jul 26, 2025
CVE-2025-6989
8.1 HIGH

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up …

Jul 26, 2025
CVE-2025-8181
7.2 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of …

Jul 26, 2025
CVE-2025-8180
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file …

Jul 26, 2025
CVE-2025-8198
7.5 HIGH

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. …

Jul 26, 2025
CVE-2025-8179
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of …

Jul 26, 2025
CVE-2025-8178
8.8 HIGH

A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the …

Jul 26, 2025
CVE-2025-54378
8.3 HIGH

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and …

Jul 26, 2025
CVE-2025-54366
8.8 HIGH

FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a …

Jul 26, 2025
CVE-2024-13507
7.5 HIGH

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in …

Jul 26, 2025
CVE-2025-8173
7.3 HIGH

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality …

Jul 25, 2025
CVE-2025-8170
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT …

Jul 25, 2025
CVE-2025-8169
8.8 HIGH

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP …

Jul 25, 2025
CVE-2025-8168
8.8 HIGH

A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file …

Jul 25, 2025
CVE-2025-46198
8.8 HIGH

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

Jul 25, 2025
CVE-2025-8166
7.3 HIGH

A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php …

Jul 25, 2025
CVE-2025-52454
8.2 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: …

Jul 25, 2025
CVE-2025-52453
8.2 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: …

Jul 25, 2025
CVE-2025-52452
8.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows …

Jul 25, 2025
CVE-2025-52449
8.5 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive …

Jul 25, 2025
CVE-2025-52448
8.1 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the production database …

Jul 25, 2025
CVE-2025-52447
8.1 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production …

Jul 25, 2025
CVE-2025-52446
8.0 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database …

Jul 25, 2025
CVE-2025-36727
8.3 HIGH

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.

Jul 25, 2025
CVE-2023-53155
7.2 HIGH

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.

Jul 25, 2025
CVE-2025-45466
8.8 HIGH

Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.

Jul 25, 2025
CVE-2025-38464
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] …

Jul 25, 2025
CVE-2025-38459
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This …

Jul 25, 2025
CVE-2025-38456
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() The "intf" list iterator is an invalid pointer …

Jul 25, 2025
CVE-2025-38447
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix potential out-of-bounds page table access during batched unmap As pointed out by David[1], …

Jul 25, 2025
CVE-2025-38446
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data When num_parents is 4, __clk_register() occurs an …

Jul 25, 2025
CVE-2025-38445
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1_reshape In the raid1_reshape function, newpool is …

Jul 25, 2025
CVE-2025-38443
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_genl_connect() error path There is a use-after-free issue in nbd: block …

Jul 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.