CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6302
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of …

Jun 20, 2025
CVE-2025-6300
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. This vulnerability affects unknown code of the file /admin/editempeducation.php. The manipulation …

Jun 20, 2025
CVE-2025-6296
7.3 HIGH

A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

Jun 20, 2025
CVE-2025-6295
7.3 HIGH

A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

Jun 20, 2025
CVE-2025-6294
7.3 HIGH

A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact.php. …

Jun 20, 2025
CVE-2025-6293
7.3 HIGH

A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /contact_manager.php. The …

Jun 20, 2025
CVE-2025-6292
8.8 HIGH

A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request …

Jun 20, 2025
CVE-2025-6291
8.8 HIGH

A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. …

Jun 20, 2025
CVE-2025-49715
7.5 HIGH

Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.

Jun 20, 2025
CVE-2025-33121
7.1 HIGH

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote …

Jun 19, 2025
CVE-2025-52464
8.3 HIGH

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in …

Jun 19, 2025
CVE-2025-6019
7.0 HIGH

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions …

Jun 19, 2025
CVE-2025-5071
8.8 HIGH

The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the …

Jun 19, 2025
CVE-2025-49763
7.5 HIGH

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use …

Jun 19, 2025
CVE-2025-31698
7.5 HIGH

ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to …

Jun 19, 2025
CVE-2025-24286
7.2 HIGH

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.

Jun 19, 2025
CVE-2025-23173
7.5 HIGH

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed …

Jun 19, 2025
CVE-2025-23172
7.2 HIGH

The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities …

Jun 19, 2025
CVE-2025-23171
7.2 HIGH

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. …

Jun 19, 2025
CVE-2025-23121
8.8 HIGH

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user

Jun 19, 2025
CVE-2025-6192
8.8 HIGH

Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 18, 2025
CVE-2025-6191
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted …

Jun 18, 2025
CVE-2025-29646
7.1 HIGH

An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet …

Jun 18, 2025
CVE-2025-20271
8.6 HIGH

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote …

Jun 18, 2025
CVE-2025-4821
7.5 HIGH

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than …

Jun 18, 2025
CVE-2025-44952
7.8 HIGH

A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker …

Jun 18, 2025
CVE-2025-44951
7.1 HIGH

A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker …

Jun 18, 2025
CVE-2025-36049
8.8 HIGH

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote …

Jun 18, 2025
CVE-2025-36048
7.2 HIGH

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution …

Jun 18, 2025
CVE-2025-46109
8.8 HIGH

SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request

Jun 18, 2025
CVE-2025-45786
8.1 HIGH

Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.

Jun 18, 2025
CVE-2025-6220
7.2 HIGH

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' …

Jun 18, 2025
CVE-2022-50231
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: …

Jun 18, 2025
CVE-2022-50229
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver …

Jun 18, 2025
CVE-2022-50221
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in …

Jun 18, 2025
CVE-2022-50220
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which …

Jun 18, 2025
CVE-2022-50219
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in …

Jun 18, 2025
CVE-2022-50214
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) and hold …

Jun 18, 2025
CVE-2022-50213
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for …

Jun 18, 2025
CVE-2022-50212
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for …

Jun 18, 2025
CVE-2022-50211
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test …

Jun 18, 2025
CVE-2022-50200
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent …

Jun 18, 2025
CVE-2022-50192
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegra_slink_remove() After calling spi_unregister_master(), the refcount of master will be …

Jun 18, 2025
CVE-2022-50190
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: spi: Fix simplification of devm_spi_register_controller This reverts commit 59ebbe40fb51 ("spi: simplify devm_spi_register_controller"). If devm_add_action() fails …

Jun 18, 2025
CVE-2022-50189
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return …

Jun 18, 2025
CVE-2022-50185
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers …

Jun 18, 2025
CVE-2022-50182
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH, with …

Jun 18, 2025
CVE-2022-50179
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was …

Jun 18, 2025
CVE-2022-50169
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even …

Jun 18, 2025
CVE-2022-50168
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], …

Jun 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.