CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-6091
8.8 HIGH

A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation …

Jun 15, 2025
CVE-2025-6090
8.8 HIGH

A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of …

Jun 15, 2025
CVE-2025-1411
7.8 HIGH

IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.

Jun 15, 2025
CVE-2025-4200
8.1 HIGH

The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, …

Jun 14, 2025
CVE-2025-5487
7.2 HIGH

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the …

Jun 14, 2025
CVE-2025-3234
7.2 HIGH

The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up …

Jun 14, 2025
CVE-2025-33108
8.5 HIGH

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to …

Jun 14, 2025
CVE-2025-25215
8.8 HIGH

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted …

Jun 13, 2025
CVE-2025-24919
8.1 HIGH

A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially …

Jun 13, 2025
CVE-2025-25050
8.8 HIGH

An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially …

Jun 13, 2025
CVE-2025-24922
8.8 HIGH

A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially …

Jun 13, 2025
CVE-2025-24311
8.4 HIGH

An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted …

Jun 13, 2025
CVE-2025-49587
8.0 HIGH

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits …

Jun 13, 2025
CVE-2025-49586
8.8 HIGH

XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all …

Jun 13, 2025
CVE-2025-49585
8.0 HIGH

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right …

Jun 13, 2025
CVE-2025-49584
7.5 HIGH

XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose …

Jun 13, 2025
CVE-2025-49582
8.0 HIGH

XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer …

Jun 13, 2025
CVE-2025-49581
8.8 HIGH

XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) …

Jun 13, 2025
CVE-2025-49580
8.0 HIGH

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain …

Jun 13, 2025
CVE-2025-48920
7.3 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.

Jun 13, 2025
CVE-2025-48918
8.8 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 …

Jun 13, 2025
CVE-2025-48915
8.6 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: …

Jun 13, 2025
CVE-2025-48914
8.6 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: …

Jun 13, 2025
CVE-2025-36633
8.8 HIGH

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with …

Jun 13, 2025
CVE-2025-36631
8.4 HIGH

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with …

Jun 13, 2025
CVE-2025-28382
7.5 HIGH

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

Jun 13, 2025
CVE-2025-28381
7.5 HIGH

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.

Jun 13, 2025
CVE-2025-39240
7.2 HIGH

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw …

Jun 13, 2025
CVE-2025-22239
8.1 HIGH

Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event …

Jun 13, 2025
CVE-2025-22236
8.1 HIGH

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job …

Jun 13, 2025
CVE-2025-5282
7.5 HIGH

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a …

Jun 13, 2025
CVE-2025-5491
8.8 HIGH

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this …

Jun 13, 2025
CVE-2025-47959
7.1 HIGH

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

Jun 13, 2025
CVE-2025-30399
7.5 HIGH

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

Jun 13, 2025
CVE-2025-4232
8.8 HIGH

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to …

Jun 13, 2025
CVE-2025-4231
7.2 HIGH

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have …

Jun 13, 2025
CVE-2025-27689
7.8 HIGH

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, …

Jun 12, 2025
CVE-2025-6031
7.5 HIGH

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. …

Jun 12, 2025
CVE-2025-5485
8.6 HIGH

User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. …

Jun 12, 2025
CVE-2025-5484
8.3 HIGH

A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on …

Jun 12, 2025
CVE-2025-44019
7.1 HIGH

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI …

Jun 12, 2025
CVE-2025-43866
7.5 HIGH

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The …

Jun 12, 2025
CVE-2025-49080
7.5 HIGH

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a …

Jun 12, 2025
CVE-2024-55567
7.5 HIGH

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The …

Jun 12, 2025
CVE-2025-46035
7.5 HIGH

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in …

Jun 12, 2025
CVE-2025-36573
7.1 HIGH

Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially …

Jun 12, 2025
CVE-2025-49199
8.8 HIGH

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. …

Jun 12, 2025
CVE-2025-49194
7.5 HIGH

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client …

Jun 12, 2025
CVE-2025-49184
7.5 HIGH

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.

Jun 12, 2025
CVE-2025-49183
7.5 HIGH

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the …

Jun 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.