CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-34045
7.5 HIGH

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw …

Jun 26, 2025
CVE-2025-53002
8.3 HIGH

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during …

Jun 26, 2025
CVE-2025-52902
7.6 HIGH

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The …

Jun 26, 2025
CVE-2025-52887
7.5 HIGH

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not …

Jun 26, 2025
CVE-2025-51672
8.0 HIGH

A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and …

Jun 26, 2025
CVE-2025-6710
7.5 HIGH

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting …

Jun 26, 2025
CVE-2025-6709
7.5 HIGH

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC …

Jun 26, 2025
CVE-2025-48921
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before …

Jun 26, 2025
CVE-2025-6693
7.8 HIGH

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation …

Jun 26, 2025
CVE-2025-6562
8.8 HIGH

Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary …

Jun 26, 2025
CVE-2025-5966
8.1 HIGH

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.

Jun 26, 2025
CVE-2025-5366
8.1 HIGH

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.

Jun 26, 2025
CVE-2025-3771
7.1 HIGH

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR …

Jun 26, 2025
CVE-2025-6212
7.2 HIGH

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 …

Jun 26, 2025
CVE-2024-6174
8.8 HIGH

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations …

Jun 26, 2025
CVE-2025-5459
8.8 HIGH

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary …

Jun 26, 2025
CVE-2025-37101
8.7 HIGH

A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only …

Jun 26, 2025
CVE-2025-6624
7.2 HIGH

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry …

Jun 26, 2025
CVE-2025-5590
8.8 HIGH

The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.9 …

Jun 26, 2025
CVE-2025-6668
7.3 HIGH

A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/fetchSelectedBrand.php. …

Jun 25, 2025
CVE-2025-6661
7.8 HIGH

PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User …

Jun 25, 2025
CVE-2025-6660
7.8 HIGH

PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Jun 25, 2025
CVE-2025-6659
7.8 HIGH

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange …

Jun 25, 2025
CVE-2025-6654
7.8 HIGH

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange …

Jun 25, 2025
CVE-2025-6651
7.8 HIGH

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange …

Jun 25, 2025
CVE-2025-6647
7.8 HIGH

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange …

Jun 25, 2025
CVE-2025-6645
7.8 HIGH

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. …

Jun 25, 2025
CVE-2025-6644
7.8 HIGH

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. …

Jun 25, 2025
CVE-2025-6642
7.8 HIGH

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange …

Jun 25, 2025
CVE-2025-6640
7.8 HIGH

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. …

Jun 25, 2025
CVE-2025-6443
7.2 HIGH

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication …

Jun 25, 2025
CVE-2025-6665
7.3 HIGH

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jun 25, 2025
CVE-2025-45333
7.5 HIGH

berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing …

Jun 25, 2025
CVE-2025-6627
8.8 HIGH

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component …

Jun 25, 2025
CVE-2025-6678
7.5 HIGH

Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel …

Jun 25, 2025
CVE-2025-6445
8.1 HIGH

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this …

Jun 25, 2025
CVE-2025-5834
7.8 HIGH

Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of …

Jun 25, 2025
CVE-2025-5830
8.8 HIGH

Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations …

Jun 25, 2025
CVE-2025-5827
8.8 HIGH

Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations …

Jun 25, 2025
CVE-2025-5825
7.5 HIGH

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel …

Jun 25, 2025
CVE-2025-5824
7.5 HIGH

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger …

Jun 25, 2025
CVE-2025-5822
8.8 HIGH

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel …

Jun 25, 2025
CVE-2025-45332
7.5 HIGH

vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing …

Jun 25, 2025
CVE-2025-6617
8.8 HIGH

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of …

Jun 25, 2025
CVE-2025-6616
8.8 HIGH

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation …

Jun 25, 2025
CVE-2025-5015
8.8 HIGH

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a …

Jun 25, 2025
CVE-2025-52894
7.5 HIGH

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker …

Jun 25, 2025
CVE-2025-52890
8.1 HIGH

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates …

Jun 25, 2025
CVE-2023-44915
7.1 HIGH

A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a …

Jun 25, 2025
CVE-2025-6615
8.8 HIGH

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of …

Jun 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.