CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-50263
8.1 HIGH

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

Jul 3, 2025
CVE-2025-50262
7.5 HIGH

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

Jul 3, 2025
CVE-2025-50260
7.5 HIGH

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

Jul 3, 2025
CVE-2025-50258
8.1 HIGH

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.

Jul 3, 2025
CVE-2025-2932
8.8 HIGH

The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up …

Jul 3, 2025
CVE-2025-27461
7.6 HIGH

During startup, the device automatically logs in the EPC2 Windows user without requesting a password.

Jul 3, 2025
CVE-2025-27460
7.6 HIGH

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access …

Jul 3, 2025
CVE-2025-27456
7.5 HIGH

The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to …

Jul 3, 2025
CVE-2025-27449
7.5 HIGH

The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

Jul 3, 2025
CVE-2025-27447
7.4 HIGH

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is …

Jul 3, 2025
CVE-2025-1710
7.5 HIGH

The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force …

Jul 3, 2025
CVE-2025-1708
8.6 HIGH

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.

Jul 3, 2025
CVE-2025-38172
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra …

Jul 3, 2025
CVE-2025-38159
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the …

Jul 3, 2025
CVE-2025-38157
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a …

Jul 3, 2025
CVE-2025-38154
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sk_socket after free when sending The sk->sk_socket is not locked or …

Jul 3, 2025
CVE-2025-38153
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified …

Jul 3, 2025
CVE-2025-38146
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not …

Jul 3, 2025
CVE-2025-38141
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible …

Jul 3, 2025
CVE-2025-38139
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the …

Jul 3, 2025
CVE-2025-38137
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: (a) …

Jul 3, 2025
CVE-2025-38133
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 chan pointer handling The pointer returned from ad4851_parse_channels_common() is incremented …

Jul 3, 2025
CVE-2025-38131
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfg_csdev_enable_active_config(), …

Jul 3, 2025
CVE-2025-38129
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in …

Jul 3, 2025
CVE-2025-38118
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete This reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to avoid …

Jul 3, 2025
CVE-2025-38117
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect …

Jul 3, 2025
CVE-2025-38116
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the …

Jul 3, 2025
CVE-2025-38111
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write …

Jul 3, 2025
CVE-2025-38110
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' …

Jul 3, 2025
CVE-2025-38109
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual …

Jul 3, 2025
CVE-2025-38108
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: red: fix a race in __red_change() Gerrard Tai reported a race condition in RED, …

Jul 3, 2025
CVE-2025-38107
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, …

Jul 3, 2025
CVE-2025-38106
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read …

Jul 3, 2025
CVE-2025-38103
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the …

Jul 3, 2025
CVE-2025-38102
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a …

Jul 3, 2025
CVE-2025-38101
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Enlarge the critical section in ring_buffer_subbuf_order_set() to ensure that …

Jul 3, 2025
CVE-2025-43025
7.5 HIGH

HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, …

Jul 2, 2025
CVE-2025-34079
7.8 HIGH

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the …

Jul 2, 2025
CVE-2025-34078
7.8 HIGH

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the …

Jul 2, 2025
CVE-2025-34076
7.2 HIGH

An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the …

Jul 2, 2025
CVE-2025-49713
8.8 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 2, 2025
CVE-2025-52841
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.

Jul 2, 2025
CVE-2025-38091
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How] Fix a false …

Jul 2, 2025
CVE-2025-53106
8.8 HIGH

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated …

Jul 2, 2025
CVE-2025-4946
8.1 HIGH

The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up …

Jul 2, 2025
CVE-2025-27025
8.8 HIGH

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic …

Jul 2, 2025
CVE-2025-27022
7.5 HIGH

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP …

Jul 2, 2025
CVE-2025-27021
7.0 HIGH

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via …

Jul 2, 2025
CVE-2025-24332
7.1 HIGH

Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. …

Jul 2, 2025
CVE-2025-6464
7.5 HIGH

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up …

Jul 2, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.