CVE Database

37482+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7504
7.5 HIGH

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the query_vars parameter This makes …

Jul 12, 2025
CVE-2025-7468
8.8 HIGH

A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the …

Jul 12, 2025
CVE-2025-7467
7.3 HIGH

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation …

Jul 12, 2025
CVE-2025-7466
7.3 HIGH

A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Management 1.0. Affected by this issue is some unknown functionality of …

Jul 12, 2025
CVE-2025-6423
8.8 HIGH

The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions …

Jul 12, 2025
CVE-2025-7465
8.8 HIGH

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the …

Jul 12, 2025
CVE-2025-7463
8.8 HIGH

A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of …

Jul 12, 2025
CVE-2025-1313
8.8 HIGH

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …

Jul 12, 2025
CVE-2025-7461
7.3 HIGH

A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. …

Jul 12, 2025
CVE-2025-6057
8.8 HIGH

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up …

Jul 12, 2025
CVE-2025-24294
7.5 HIGH

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain …

Jul 12, 2025
CVE-2025-5199
7.3 HIGH

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed …

Jul 12, 2025
CVE-2025-7460
8.8 HIGH

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi …

Jul 11, 2025
CVE-2025-7459
7.3 HIGH

A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the …

Jul 11, 2025
CVE-2025-7457
7.3 HIGH

A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects an unknown part of the …

Jul 11, 2025
CVE-2025-7456
7.3 HIGH

A vulnerability, which was classified as critical, has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this issue is some …

Jul 11, 2025
CVE-2025-7455
7.3 HIGH

A vulnerability classified as critical was found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of …

Jul 11, 2025
CVE-2025-7454
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected is an unknown function of the file …

Jul 11, 2025
CVE-2025-30403
8.1 HIGH

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.

Jul 11, 2025
CVE-2013-3307
8.3 HIGH

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip …

Jul 11, 2025
CVE-2025-53641
8.2 HIGH

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into …

Jul 11, 2025
CVE-2025-30402
8.1 HIGH

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. …

Jul 11, 2025
CVE-2025-7029
8.2 HIGH

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, …

Jul 11, 2025
CVE-2025-7028
7.8 HIGH

A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values. …

Jul 11, 2025
CVE-2025-7027
8.2 HIGH

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 …

Jul 11, 2025
CVE-2025-7026
8.2 HIGH

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used as an unchecked pointer …

Jul 11, 2025
CVE-2025-52983
7.2 HIGH

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to …

Jul 11, 2025
CVE-2025-52981
7.5 HIGH

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 …

Jul 11, 2025
CVE-2025-52980
7.5 HIGH

A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based …

Jul 11, 2025
CVE-2025-52954
7.8 HIGH

A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain …

Jul 11, 2025
CVE-2025-52946
7.5 HIGH

A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker …

Jul 11, 2025
CVE-2025-52089
8.8 HIGH

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands …

Jul 11, 2025
CVE-2025-30661
7.3 HIGH

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install …

Jul 11, 2025
CVE-2025-6851
7.2 HIGH

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function …

Jul 11, 2025
CVE-2025-7442
7.5 HIGH

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, …

Jul 11, 2025
CVE-2025-30025
7.8 HIGH

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.

Jul 11, 2025
CVE-2025-7436
7.3 HIGH

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file …

Jul 11, 2025
CVE-2025-7434
8.8 HIGH

A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file …

Jul 11, 2025
CVE-2025-7423
8.8 HIGH

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the …

Jul 11, 2025
CVE-2025-7422
8.8 HIGH

A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. …

Jul 11, 2025
CVE-2025-7421
8.8 HIGH

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of …

Jul 11, 2025
CVE-2025-7420
8.8 HIGH

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of …

Jul 11, 2025
CVE-2025-53515
8.8 HIGH

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at …

Jul 11, 2025
CVE-2025-53475
8.8 HIGH

A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with …

Jul 11, 2025
CVE-2025-52577
8.8 HIGH

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at …

Jul 11, 2025
CVE-2025-50109
7.7 HIGH

Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.

Jul 11, 2025
CVE-2025-48891
7.6 HIGH

A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker …

Jul 11, 2025
CVE-2025-46358
7.7 HIGH

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Jul 11, 2025
CVE-2025-7419
8.8 HIGH

A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the …

Jul 10, 2025
CVE-2025-7418
8.8 HIGH

A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of …

Jul 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.