CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-44650
7.5 HIGH

In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when …

Jul 21, 2025
CVE-2025-44647
7.3 HIGH

In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode …

Jul 21, 2025
CVE-2025-7928
7.3 HIGH

A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The …

Jul 21, 2025
CVE-2025-46123
7.2 HIGH

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint …

Jul 21, 2025
CVE-2025-46116
8.8 HIGH

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can …

Jul 21, 2025
CVE-2025-7382
8.8 HIGH

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on …

Jul 21, 2025
CVE-2025-4130
7.5 HIGH

Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025.

Jul 21, 2025
CVE-2025-4129
7.5 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.05.2025.

Jul 21, 2025
CVE-2024-13974
8.1 HIGH

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS …

Jul 21, 2025
CVE-2025-4040
7.1 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic Station Monitoring System: before 5.0.6.51.

Jul 21, 2025
CVE-2025-30192
7.5 HIGH

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated …

Jul 21, 2025
CVE-2025-41459
7.8 HIGH

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass …

Jul 21, 2025
CVE-2025-50151
8.8 HIGH

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users …

Jul 21, 2025
CVE-2025-49656
7.5 HIGH

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. …

Jul 21, 2025
CVE-2025-41675
7.2 HIGH

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special …

Jul 21, 2025
CVE-2025-41674
7.2 HIGH

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used …

Jul 21, 2025
CVE-2025-41673
7.2 HIGH

A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used …

Jul 21, 2025
CVE-2025-1469
7.5 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025.

Jul 21, 2025
CVE-2025-7344
8.8 HIGH

The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a …

Jul 21, 2025
CVE-2025-24938
8.4 HIGH

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) …

Jul 21, 2025
CVE-2025-7917
7.2 HIGH

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell …

Jul 21, 2025
CVE-2025-7915
7.3 HIGH

A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of …

Jul 21, 2025
CVE-2025-7914
8.8 HIGH

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. …

Jul 21, 2025
CVE-2025-7913
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation …

Jul 21, 2025
CVE-2025-7912
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. …

Jul 20, 2025
CVE-2025-7911
8.8 HIGH

A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. …

Jul 20, 2025
CVE-2025-7910
8.8 HIGH

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa …

Jul 20, 2025
CVE-2025-7909
8.8 HIGH

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file …

Jul 20, 2025
CVE-2025-7908
8.8 HIGH

A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file …

Jul 20, 2025
CVE-2025-54317
8.4 HIGH

An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which …

Jul 20, 2025
CVE-2025-47917
8.9 HIGH

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a …

Jul 20, 2025
CVE-2025-7897
7.3 HIGH

A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file …

Jul 20, 2025
CVE-2025-46385
8.6 HIGH

CWE-918 Server-Side Request Forgery (SSRF)

Jul 20, 2025
CVE-2025-46384
8.8 HIGH

CWE-434 Unrestricted Upload of File with Dangerous Type

Jul 20, 2025
CVE-2025-7886
7.3 HIGH

A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The …

Jul 20, 2025
CVE-2025-7883
7.8 HIGH

A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component …

Jul 20, 2025
CVE-2025-7875
7.3 HIGH

A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The …

Jul 20, 2025
CVE-2025-7862
7.3 HIGH

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi …

Jul 20, 2025
CVE-2025-7861
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The …

Jul 20, 2025
CVE-2025-7860
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file …

Jul 20, 2025
CVE-2025-7859
7.3 HIGH

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/update_password_admin.php. The manipulation of …

Jul 20, 2025
CVE-2025-7855
8.8 HIGH

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation …

Jul 19, 2025
CVE-2025-7854
8.8 HIGH

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the …

Jul 19, 2025
CVE-2025-7853
8.8 HIGH

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The …

Jul 19, 2025
CVE-2025-7838
7.3 HIGH

A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the …

Jul 19, 2025
CVE-2025-7837
8.8 HIGH

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. …

Jul 19, 2025
CVE-2025-54313
7.5 HIGH KEV

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches …

Jul 19, 2025
CVE-2025-7833
7.3 HIGH

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file …

Jul 19, 2025
CVE-2025-7832
7.3 HIGH

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of …

Jul 19, 2025
CVE-2025-7831
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation …

Jul 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.