CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-5701
8.8 HIGH

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on …

Jun 5, 2025
CVE-2011-10007
8.8 HIGH

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 …

Jun 5, 2025
CVE-2025-5650
7.3 HIGH

A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of …

Jun 5, 2025
CVE-2025-5639
7.3 HIGH

A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jun 5, 2025
CVE-2025-3055
8.1 HIGH

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in …

Jun 5, 2025
CVE-2025-3054
8.8 HIGH

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in …

Jun 5, 2025
CVE-2025-5637
7.3 HIGH

A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. …

Jun 5, 2025
CVE-2025-5636
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET …

Jun 5, 2025
CVE-2025-5635
7.3 HIGH

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation …

Jun 5, 2025
CVE-2025-5634
7.3 HIGH

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The …

Jun 5, 2025
CVE-2025-5631
7.3 HIGH

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the …

Jun 5, 2025
CVE-2025-5629
8.8 HIGH

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of …

Jun 5, 2025
CVE-2025-5626
7.3 HIGH

A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. …

Jun 5, 2025
CVE-2025-5625
7.3 HIGH

A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of …

Jun 5, 2025
CVE-2025-5621
7.3 HIGH

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. …

Jun 5, 2025
CVE-2025-5620
7.3 HIGH

A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of …

Jun 5, 2025
CVE-2025-5619
8.8 HIGH

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The …

Jun 4, 2025
CVE-2025-46341
7.1 HIGH

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate …

Jun 4, 2025
CVE-2025-5609
8.8 HIGH

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation …

Jun 4, 2025
CVE-2025-5608
8.8 HIGH

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the …

Jun 4, 2025
CVE-2025-5607
8.8 HIGH

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The …

Jun 4, 2025
CVE-2025-31134
7.5 HIGH

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories …

Jun 4, 2025
CVE-2025-22243
7.5 HIGH

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

Jun 4, 2025
CVE-2025-5604
7.3 HIGH

A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file …

Jun 4, 2025
CVE-2025-5603
7.3 HIGH

A vulnerability has been found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the …

Jun 4, 2025
CVE-2025-5602
7.3 HIGH

A vulnerability, which was classified as critical, was found in Campcodes Hospital Management System 1.0. Affected is an unknown function of the file /admin/registration.php. The …

Jun 4, 2025
CVE-2025-5599
7.3 HIGH

A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation …

Jun 4, 2025
CVE-2025-5596
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command …

Jun 4, 2025
CVE-2025-5595
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. …

Jun 4, 2025
CVE-2025-20261
8.8 HIGH

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers …

Jun 4, 2025
CVE-2025-20163
8.7 HIGH

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This …

Jun 4, 2025
CVE-2025-5594
7.3 HIGH

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. …

Jun 4, 2025
CVE-2025-5593
7.3 HIGH

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. …

Jun 4, 2025
CVE-2025-29093
8.2 HIGH

File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component.

Jun 4, 2025
CVE-2025-5592
7.3 HIGH

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the …

Jun 4, 2025
CVE-2025-48961
7.3 HIGH

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.

Jun 4, 2025
CVE-2025-27811
7.8 HIGH

A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM …

Jun 4, 2025
CVE-2025-30415
7.5 HIGH

Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build …

Jun 4, 2025
CVE-2025-5601
7.8 HIGH

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

Jun 4, 2025
CVE-2025-5583
7.3 HIGH

A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The …

Jun 4, 2025
CVE-2018-25112
7.5 HIGH

An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network …

Jun 4, 2025
CVE-2025-5581
7.3 HIGH

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file …

Jun 4, 2025
CVE-2025-5580
7.3 HIGH

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file …

Jun 4, 2025
CVE-2025-5579
7.3 HIGH

A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of …

Jun 4, 2025
CVE-2025-5578
7.3 HIGH

A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality …

Jun 4, 2025
CVE-2025-5577
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file …

Jun 4, 2025
CVE-2025-5576
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of …

Jun 4, 2025
CVE-2025-5482
8.8 HIGH

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up …

Jun 4, 2025
CVE-2025-47728
7.3 HIGH

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Jun 4, 2025
CVE-2025-47727
7.3 HIGH

Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Jun 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.