CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-45845
8.8 HIGH

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.

May 8, 2025
CVE-2025-45844
8.8 HIGH

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.

May 8, 2025
CVE-2025-45843
8.8 HIGH

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.

May 8, 2025
CVE-2025-45842
8.8 HIGH

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.

May 8, 2025
CVE-2025-26842
7.5 HIGH

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible …

May 8, 2025
CVE-2024-6648
7.5 HIGH

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' …

May 8, 2025
CVE-2025-41450
8.2 HIGH

Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2

May 8, 2025
CVE-2025-1254
7.4 HIGH

Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from …

May 8, 2025
CVE-2025-1253
7.8 HIGH

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This …

May 8, 2025
CVE-2025-1252
7.1 HIGH

Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 …

May 8, 2025
CVE-2025-37825
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no …

May 8, 2025
CVE-2025-37823
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we …

May 8, 2025
CVE-2025-37822
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL (execute out-of-line) buffer …

May 8, 2025
CVE-2025-37819
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with …

May 8, 2025
CVE-2025-37817
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would …

May 8, 2025
CVE-2025-37810
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event …

May 8, 2025
CVE-2025-37803
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 …

May 8, 2025
CVE-2025-3419
7.5 HIGH

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, …

May 8, 2025
CVE-2024-13793
7.3 HIGH

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This …

May 8, 2025
CVE-2025-46727
7.5 HIGH

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data …

May 7, 2025
CVE-2025-46265
8.8 HIGH

On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions …

May 7, 2025
CVE-2025-41433
7.5 HIGH

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests …

May 7, 2025
CVE-2025-41431
7.5 HIGH

When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems …

May 7, 2025
CVE-2025-41414
7.5 HIGH

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached …

May 7, 2025
CVE-2025-41399
7.5 HIGH

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: …

May 7, 2025
CVE-2025-36557
7.5 HIGH

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) …

May 7, 2025
CVE-2025-36546
8.1 HIGH

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; …

May 7, 2025
CVE-2025-36525
7.5 HIGH

When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have …

May 7, 2025
CVE-2025-36504
7.5 HIGH

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions …

May 7, 2025
CVE-2025-35995
7.5 HIGH

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on …

May 7, 2025
CVE-2025-31644
8.7 HIGH

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an …

May 7, 2025
CVE-2025-3925
7.8 HIGH

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for …

May 7, 2025
CVE-2025-26169
8.1 HIGH

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be …

May 7, 2025
CVE-2025-26168
8.1 HIGH

IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that …

May 7, 2025
CVE-2025-32821
7.2 HIGH

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a …

May 7, 2025
CVE-2025-32820
8.8 HIGH

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the …

May 7, 2025
CVE-2025-32819
8.8 HIGH

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially …

May 7, 2025
CVE-2025-20210
7.3 HIGH

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the …

May 7, 2025
CVE-2025-20202
7.4 HIGH

A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an …

May 7, 2025
CVE-2025-20192
7.7 HIGH

A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a …

May 7, 2025
CVE-2025-20191
7.4 HIGH

A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller …

May 7, 2025
CVE-2025-20189
7.4 HIGH

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 …

May 7, 2025
CVE-2025-20186
8.8 HIGH

A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with …

May 7, 2025
CVE-2025-20182
8.6 HIGH

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, …

May 7, 2025
CVE-2025-20164
8.3 HIGH

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This …

May 7, 2025
CVE-2025-20162
8.6 HIGH

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue …

May 7, 2025
CVE-2025-20154
8.6 HIGH

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote …

May 7, 2025
CVE-2025-20140
7.4 HIGH

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless …

May 7, 2025
CVE-2025-20122
7.8 HIGH

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the …

May 7, 2025
CVE-2025-46827
8.0 HIGH

Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by …

May 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.