CVE Database

111255+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-29229
9.8 CRITICAL

linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.

Dec 23, 2025
CVE-2025-29228
9.8 CRITICAL

Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.

Dec 23, 2025
CVE-2024-57521
10.0 CRITICAL

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

Dec 23, 2025
CVE-2025-67111
7.5 HIGH

An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted …

Dec 23, 2025
CVE-2025-67109
10.0 CRITICAL

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

Dec 23, 2025
CVE-2025-67108
10.0 CRITICAL

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

Dec 23, 2025
CVE-2025-65865
7.5 HIGH

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Dec 23, 2025
CVE-2025-50526
9.8 CRITICAL

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

Dec 23, 2025
CVE-2025-48864

Rejected reason: This CVE id was assigned but later discarded.

Dec 23, 2025
CVE-2025-48863

Rejected reason: This CVE id was assigned but later discarded.

Dec 23, 2025
CVE-2025-45493
6.5 MEDIUM

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

Dec 23, 2025
CVE-2024-10398

Rejected reason: This CVE id was assigned but later discarded.

Dec 23, 2025
CVE-2024-9684
7.5 HIGH

FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.

Dec 23, 2025
CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct …

Dec 23, 2025
CVE-2025-68342

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data The URB received in gs_usb_receive_bulk_callback() contains a …

Dec 23, 2025
CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP no_direct return section to fix race As explain in commit fa349e396e48 ("veth: …

Dec 23, 2025
CVE-2025-68340
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a …

Dec 23, 2025
CVE-2025-68339

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200e_open() Protect access to fore200e->available_cell_rate with rate_mtx lock in …

Dec 23, 2025
CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized ksz_irq If something goes wrong at setup, ksz_irq_free() can …

Dec 23, 2025
CVE-2025-66845
6.1 MEDIUM

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML …

Dec 23, 2025
CVE-2023-5094

Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant.

Dec 23, 2025
CVE-2023-5093

Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant.

Dec 23, 2025
CVE-2023-5092

Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant.

Dec 23, 2025
CVE-2025-13183
7.3 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS.This issue affects Otello: from …

Dec 23, 2025
CVE-2025-68561
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows SQL Injection.This issue affects AutomatorWP: from …

Dec 23, 2025
CVE-2025-68560
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects …

Dec 23, 2025
CVE-2025-68559
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (for …

Dec 23, 2025
CVE-2025-68557
4.3 MEDIUM

Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through <= …

Dec 23, 2025
CVE-2025-68556
5.3 MEDIUM

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.9.

Dec 23, 2025
CVE-2025-68551
6.5 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm v-form allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from …

Dec 23, 2025
CVE-2025-68550
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects WPBulky: from …

Dec 23, 2025
CVE-2025-68548
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Stored XSS.This issue affects Responsive Posts …

Dec 23, 2025
CVE-2025-68546
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue …

Dec 23, 2025
CVE-2025-68544
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue …

Dec 23, 2025
CVE-2025-59886
8.8 HIGH

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device …

Dec 23, 2025
CVE-2025-14635
6.4 MEDIUM

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_page_custom_js' parameter in all versions up to, and including, …

Dec 23, 2025
CVE-2025-14000
6.4 MEDIUM

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions …

Dec 23, 2025
CVE-2024-24844
7.5 HIGH

Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from …

Dec 23, 2025
CVE-2023-52210
5.3 MEDIUM

Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0.

Dec 23, 2025
CVE-2025-14548
6.4 MEDIUM

The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'event_desc' parameter in all versions up to, and including, 1.3.16 due to …

Dec 23, 2025
CVE-2025-14388
9.8 CRITICAL

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This …

Dec 23, 2025
CVE-2025-14163
4.3 MEDIUM

The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due …

Dec 23, 2025
CVE-2025-14155
5.3 MEDIUM

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing …

Dec 23, 2025
CVE-2025-12934
8.1 HIGH

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check …

Dec 23, 2025
CVE-2025-68655

Rejected reason: Not used

Dec 23, 2025
CVE-2025-68654

Rejected reason: Not used

Dec 23, 2025
CVE-2025-68653

Rejected reason: Not used

Dec 23, 2025
CVE-2025-68652

Rejected reason: Not used

Dec 23, 2025
CVE-2025-68651

Rejected reason: Not used

Dec 23, 2025
CVE-2025-68650

Rejected reason: Not used

Dec 23, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.