CVE Database

37604+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-47948
7.2 HIGH

Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the …

May 17, 2025
CVE-2025-4833
8.8 HIGH

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some unknown processing of the file /boafrm/formNtp …

May 17, 2025
CVE-2025-4832
8.8 HIGH

A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formDosCfg …

May 17, 2025
CVE-2025-4831
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formSiteSurveyProfile …

May 17, 2025
CVE-2025-4830
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this issue is some unknown functionality …

May 17, 2025
CVE-2025-47273
8.8 HIGH

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in …

May 17, 2025
CVE-2025-33103
8.5 HIGH

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command …

May 17, 2025
CVE-2025-4829
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this vulnerability is the function sub_40BE30 of the file …

May 17, 2025
CVE-2025-4827
8.8 HIGH

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formSaveConfig …

May 17, 2025
CVE-2024-13613
7.5 HIGH

The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This …

May 17, 2025
CVE-2025-4826
8.8 HIGH

A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the …

May 17, 2025
CVE-2025-4825
8.8 HIGH

A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formDMZ of the …

May 17, 2025
CVE-2025-4824
8.8 HIGH

A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formWsc of …

May 17, 2025
CVE-2025-4823
8.8 HIGH

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url …

May 17, 2025
CVE-2025-4190
7.2 HIGH

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files …

May 17, 2025
CVE-2025-3812
8.1 HIGH

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in …

May 17, 2025
CVE-2025-4818
7.3 HIGH

A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file …

May 17, 2025
CVE-2025-4817
7.3 HIGH

A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php …

May 17, 2025
CVE-2025-4816
7.3 HIGH

A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php …

May 17, 2025
CVE-2025-4815
7.3 HIGH

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the …

May 17, 2025
CVE-2025-4814
7.3 HIGH

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of …

May 17, 2025
CVE-2025-1706
7.5 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

May 17, 2025
CVE-2025-4813
7.3 HIGH

A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file …

May 16, 2025
CVE-2025-4812
7.3 HIGH

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of …

May 16, 2025
CVE-2025-4811
7.3 HIGH

A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of …

May 16, 2025
CVE-2025-4810
8.8 HIGH

A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file …

May 16, 2025
CVE-2025-4809
8.8 HIGH

A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation …

May 16, 2025
CVE-2025-4802
7.8 HIGH

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled …

May 16, 2025
CVE-2025-4794
7.3 HIGH

A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of …

May 16, 2025
CVE-2025-4793
7.3 HIGH

A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as critical. Affected is an unknown function of the file /edit-student-profile.php. …

May 16, 2025
CVE-2025-4792
7.3 HIGH

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component MDELETE Command Handler. …

May 16, 2025
CVE-2025-4791
7.3 HIGH

A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component HASH Command Handler. …

May 16, 2025
CVE-2025-4790
7.3 HIGH

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component GLOB Command Handler. …

May 16, 2025
CVE-2025-4789
7.3 HIGH

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the …

May 16, 2025
CVE-2025-4788
7.3 HIGH

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component DELETE Command …

May 16, 2025
CVE-2025-48146
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline lupsonline-link-netwerk allows Stored XSS.This issue affects SEO Flow by LupsOnline: from n/a through …

May 16, 2025
CVE-2025-48144
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Stored XSS.This issue affects Import Export For WooCommerce: from n/a through <= …

May 16, 2025
CVE-2025-48137
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a …

May 16, 2025
CVE-2025-48136
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Local File …

May 16, 2025
CVE-2025-48134
7.2 HIGH

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.

May 16, 2025
CVE-2025-48114
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= …

May 16, 2025
CVE-2025-48112
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages dot-htmlphpxml-etc-pages allows Reflected XSS.This issue affects Dot html,php,xml …

May 16, 2025
CVE-2025-47693
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking fat-services-booking allows PHP Local File …

May 16, 2025
CVE-2025-47567
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL …

May 16, 2025
CVE-2025-39537
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects …

May 16, 2025
CVE-2025-39507
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This …

May 16, 2025
CVE-2025-39492
7.5 HIGH

Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.

May 16, 2025
CVE-2025-39491
8.1 HIGH

Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.

May 16, 2025
CVE-2025-32310
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar …

May 16, 2025
CVE-2025-32307
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This …

May 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.