CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-5911
8.8 HIGH

A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jun 10, 2025
CVE-2025-5910
8.8 HIGH

A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jun 10, 2025
CVE-2025-5909
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of …

Jun 10, 2025
CVE-2025-5908
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file …

Jun 10, 2025
CVE-2025-5907
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component …

Jun 10, 2025
CVE-2025-5906
7.3 HIGH

A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads …

Jun 10, 2025
CVE-2025-42995
7.5 HIGH

SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process …

Jun 10, 2025
CVE-2025-42994
7.5 HIGH

SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process …

Jun 10, 2025
CVE-2025-42983
8.5 HIGH

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or …

Jun 10, 2025
CVE-2025-42982
8.8 HIGH

SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes …

Jun 10, 2025
CVE-2025-42977
7.6 HIGH

SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker …

Jun 10, 2025
CVE-2025-23192
8.2 HIGH

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, …

Jun 10, 2025
CVE-2025-5905
8.8 HIGH

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file …

Jun 10, 2025
CVE-2025-5904
8.8 HIGH

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file …

Jun 10, 2025
CVE-2025-5903
8.8 HIGH

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the …

Jun 10, 2025
CVE-2025-5902
8.8 HIGH

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component …

Jun 9, 2025
CVE-2025-5901
8.8 HIGH

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the …

Jun 9, 2025
CVE-2025-30183
7.5 HIGH

CyberData 011209 Intercom does not properly store or protect web server admin credentials.

Jun 9, 2025
CVE-2025-26468
7.5 HIGH

CyberData 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.

Jun 9, 2025
CVE-2025-49140
7.5 HIGH

Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be …

Jun 9, 2025
CVE-2025-49141
8.5 HIGH

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string …

Jun 9, 2025
CVE-2025-49137
8.5 HIGH

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user …

Jun 9, 2025
CVE-2025-49004
7.5 HIGH

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on …

Jun 9, 2025
CVE-2025-5914
7.8 HIGH

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to …

Jun 9, 2025
CVE-2025-49653
8.0 HIGH

Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

Jun 9, 2025
CVE-2025-49651
8.1 HIGH

Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists …

Jun 9, 2025
CVE-2025-45001
7.5 HIGH

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers …

Jun 9, 2025
CVE-2025-49297
8.1 HIGH

Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.

Jun 9, 2025
CVE-2025-49296
8.1 HIGH

Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.

Jun 9, 2025
CVE-2025-49295
8.1 HIGH

Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.

Jun 9, 2025
CVE-2025-49282
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49281
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49280
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49279
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49278
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49277
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49276
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49275
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue …

Jun 9, 2025
CVE-2025-49265
7.5 HIGH

Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a …

Jun 9, 2025
CVE-2025-48279
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel …

Jun 9, 2025
CVE-2025-48267
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from …

Jun 9, 2025
CVE-2025-48261
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22.

Jun 9, 2025
CVE-2025-48143
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! formularios-de-contacto-salesup allows Reflected XSS.This issue affects Formulario de …

Jun 9, 2025
CVE-2025-48130
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from …

Jun 9, 2025
CVE-2025-48126
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File …

Jun 9, 2025
CVE-2025-48125
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP …

Jun 9, 2025
CVE-2025-48124
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light …

Jun 9, 2025
CVE-2025-47651
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: …

Jun 9, 2025
CVE-2025-47561
8.8 HIGH

Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13.

Jun 9, 2025
CVE-2025-47527
7.1 HIGH

Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18.

Jun 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.