CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-5860
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. …

Jun 9, 2025
CVE-2025-5856
7.3 HIGH

A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. …

Jun 9, 2025
CVE-2025-5855
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of …

Jun 9, 2025
CVE-2025-5854
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file …

Jun 9, 2025
CVE-2025-5853
8.8 HIGH

A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation …

Jun 9, 2025
CVE-2025-5852
8.8 HIGH

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the …

Jun 9, 2025
CVE-2025-5851
8.8 HIGH

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of …

Jun 9, 2025
CVE-2025-5850
8.8 HIGH

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of …

Jun 8, 2025
CVE-2025-5849
8.8 HIGH

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the …

Jun 8, 2025
CVE-2025-5848
8.8 HIGH

A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of …

Jun 8, 2025
CVE-2025-3460
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization …

Jun 8, 2025
CVE-2025-3459
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization …

Jun 8, 2025
CVE-2025-35010
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege …

Jun 8, 2025
CVE-2025-35009
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege …

Jun 8, 2025
CVE-2025-35008
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege …

Jun 8, 2025
CVE-2025-35007
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege …

Jun 8, 2025
CVE-2025-35006
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege …

Jun 8, 2025
CVE-2025-35005
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege …

Jun 8, 2025
CVE-2025-35004
7.1 HIGH

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege …

Jun 8, 2025
CVE-2025-32459
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance …

Jun 8, 2025
CVE-2025-32458
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance …

Jun 8, 2025
CVE-2025-32457
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance …

Jun 8, 2025
CVE-2025-32456
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance …

Jun 8, 2025
CVE-2025-32455
7.7 HIGH

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance …

Jun 8, 2025
CVE-2025-5847
8.8 HIGH

A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg …

Jun 8, 2025
CVE-2025-38004
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can …

Jun 8, 2025
CVE-2025-5840
7.3 HIGH

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. …

Jun 7, 2025
CVE-2025-5839
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file …

Jun 7, 2025
CVE-2025-49619
8.5 HIGH

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization …

Jun 7, 2025
CVE-2025-5303
7.2 HIGH

The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress …

Jun 7, 2025
CVE-2025-5399
7.5 HIGH

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless …

Jun 7, 2025
CVE-2025-47601
8.8 HIGH

Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through <= 2.1.0.

Jun 7, 2025
CVE-2025-5799
8.8 HIGH

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file …

Jun 6, 2025
CVE-2025-5798
8.8 HIGH

A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation …

Jun 6, 2025
CVE-2025-5795
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of …

Jun 6, 2025
CVE-2025-5794
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file …

Jun 6, 2025
CVE-2025-5481
7.8 HIGH

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations …

Jun 6, 2025
CVE-2025-5480
7.8 HIGH

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must …

Jun 6, 2025
CVE-2025-5474
7.3 HIGH

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must …

Jun 6, 2025
CVE-2025-5473
8.8 HIGH

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User …

Jun 6, 2025
CVE-2025-3485
8.8 HIGH

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required …

Jun 6, 2025
CVE-2025-2766
8.8 HIGH

70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is …

Jun 6, 2025
CVE-2025-5793
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component …

Jun 6, 2025
CVE-2025-5792
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of …

Jun 6, 2025
CVE-2025-5790
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST …

Jun 6, 2025
CVE-2025-5789
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP …

Jun 6, 2025
CVE-2025-47950
7.5 HIGH

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) …

Jun 6, 2025
CVE-2025-5788
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file …

Jun 6, 2025
CVE-2025-5787
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file …

Jun 6, 2025
CVE-2025-5786
8.8 HIGH

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the …

Jun 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.