CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6159
7.3 HIGH

A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of …

Jun 17, 2025
CVE-2025-6158
8.8 HIGH

A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The …

Jun 17, 2025
CVE-2025-6157
7.3 HIGH

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown …

Jun 17, 2025
CVE-2025-6155
7.3 HIGH

A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. …

Jun 17, 2025
CVE-2025-6154
7.3 HIGH

A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The …

Jun 17, 2025
CVE-2025-6153
7.3 HIGH

A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The …

Jun 17, 2025
CVE-2025-3774
7.2 HIGH

The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due …

Jun 17, 2025
CVE-2025-6150
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the …

Jun 17, 2025
CVE-2025-6149
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP …

Jun 17, 2025
CVE-2025-6148
8.8 HIGH

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of …

Jun 17, 2025
CVE-2025-6147
8.8 HIGH

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the …

Jun 17, 2025
CVE-2025-6146
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the …

Jun 17, 2025
CVE-2025-6145
8.8 HIGH

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of …

Jun 16, 2025
CVE-2025-6144
8.8 HIGH

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd …

Jun 16, 2025
CVE-2025-6143
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component …

Jun 16, 2025
CVE-2025-6138
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the …

Jun 16, 2025
CVE-2025-6137
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP …

Jun 16, 2025
CVE-2025-32797
7.0 HIGH

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with …

Jun 16, 2025
CVE-2025-6132
7.3 HIGH

A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. …

Jun 16, 2025
CVE-2025-6177
7.4 HIGH

Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting …

Jun 16, 2025
CVE-2025-6130
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of …

Jun 16, 2025
CVE-2025-6129
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST …

Jun 16, 2025
CVE-2025-6128
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP …

Jun 16, 2025
CVE-2025-49795
7.5 HIGH

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input …

Jun 16, 2025
CVE-2025-49125
7.5 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the …

Jun 16, 2025
CVE-2025-49124
8.4 HIGH

Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This …

Jun 16, 2025
CVE-2025-48988
7.5 HIGH

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from …

Jun 16, 2025
CVE-2025-48976
7.5 HIGH

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 …

Jun 16, 2025
CVE-2025-3526
7.5 HIGH

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does …

Jun 16, 2025
CVE-2025-6124
7.3 HIGH

A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The …

Jun 16, 2025
CVE-2025-3602
7.5 HIGH

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack …

Jun 16, 2025
CVE-2025-36632
7.8 HIGH

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

Jun 16, 2025
CVE-2025-6123
7.3 HIGH

A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The …

Jun 16, 2025
CVE-2025-5689
8.5 HIGH

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first …

Jun 16, 2025
CVE-2025-6118
7.3 HIGH

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as critical. This issue affects some unknown processing of the …

Jun 16, 2025
CVE-2025-6117
7.3 HIGH

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file …

Jun 16, 2025
CVE-2025-6116
7.3 HIGH

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file …

Jun 16, 2025
CVE-2025-6115
8.8 HIGH

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument …

Jun 16, 2025
CVE-2025-6114
8.8 HIGH

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. …

Jun 16, 2025
CVE-2025-40728
8.8 HIGH

SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter …

Jun 16, 2025
CVE-2025-6113
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of …

Jun 16, 2025
CVE-2025-6112
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The …

Jun 16, 2025
CVE-2025-4987
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to …

Jun 16, 2025
CVE-2025-6111
8.8 HIGH

A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the …

Jun 16, 2025
CVE-2025-6110
8.8 HIGH

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the …

Jun 16, 2025
CVE-2025-6104
8.8 HIGH

A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. …

Jun 16, 2025
CVE-2025-6103
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality …

Jun 16, 2025
CVE-2025-6102
8.8 HIGH

A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file …

Jun 16, 2025
CVE-2025-6095
7.3 HIGH

A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation …

Jun 15, 2025
CVE-2025-5990
7.6 HIGH

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored …

Jun 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.