CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49796
9.1 CRITICAL

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an …

Jun 16, 2025
CVE-2025-49794
9.1 CRITICAL

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> …

Jun 16, 2025
CVE-2025-3594
9.8 CRITICAL

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update …

Jun 16, 2025
CVE-2025-6121
9.8 CRITICAL

A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component …

Jun 16, 2025
CVE-2025-47869
9.8 CRITICAL

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device …

Jun 16, 2025
CVE-2025-47868
9.8 CRITICAL

Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This …

Jun 16, 2025
CVE-2025-40916
9.1 CRITICAL

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the …

Jun 16, 2025
CVE-2025-6172
9.8 CRITICAL

Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.

Jun 16, 2025
CVE-2025-6169
9.8 CRITICAL

The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, …

Jun 16, 2025
CVE-2025-6098
9.8 CRITICAL

A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file …

Jun 16, 2025
CVE-2025-6065
9.1 CRITICAL

The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task …

Jun 14, 2025
CVE-2025-28389
9.8 CRITICAL

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

Jun 13, 2025
CVE-2025-28388
9.8 CRITICAL

OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.

Jun 13, 2025
CVE-2025-28386
9.8 CRITICAL

A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted …

Jun 13, 2025
CVE-2025-28384
9.1 CRITICAL

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

Jun 13, 2025
CVE-2025-46060
9.8 CRITICAL

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

Jun 13, 2025
CVE-2025-45988
9.8 CRITICAL

Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain …

Jun 13, 2025
CVE-2025-45987
9.8 CRITICAL

Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain …

Jun 13, 2025
CVE-2025-45986
9.8 CRITICAL

Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a …

Jun 13, 2025
CVE-2025-45985
9.8 CRITICAL

Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain …

Jun 13, 2025
CVE-2025-45984
9.8 CRITICAL

Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain …

Jun 13, 2025
CVE-2025-29902
10.0 CRITICAL

Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.

Jun 13, 2025
CVE-2025-46783
9.8 CRITICAL

Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed …

Jun 13, 2025
CVE-2024-38824
9.6 CRITICAL

Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

Jun 13, 2025
CVE-2025-5288
9.8 CRITICAL

The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to …

Jun 13, 2025
CVE-2025-43863
9.8 CRITICAL

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access …

Jun 12, 2025
CVE-2024-56158
9.8 CRITICAL

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki …

Jun 12, 2025
CVE-2025-4973
9.8 CRITICAL

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and …

Jun 12, 2025
CVE-2022-4976
9.8 CRITICAL

Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, …

Jun 12, 2025
CVE-2025-40912
9.8 CRITICAL

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that …

Jun 11, 2025
CVE-2025-40914
9.8 CRITICAL

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that …

Jun 11, 2025
CVE-2025-32711
9.3 CRITICAL

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Jun 11, 2025
CVE-2025-49710
9.8 CRITICAL

An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4.

Jun 11, 2025
CVE-2025-49709
9.8 CRITICAL

Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.

Jun 11, 2025
CVE-2025-41663
9.8 CRITICAL

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then …

Jun 11, 2025
CVE-2025-2474
9.8 CRITICAL

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition …

Jun 10, 2025
CVE-2024-57190
9.8 CRITICAL

Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them …

Jun 10, 2025
CVE-2025-40585
9.9 CRITICAL

A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to …

Jun 10, 2025
CVE-2025-30220
9.9 CRITICAL

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent …

Jun 10, 2025
CVE-2024-34711
9.3 CRITICAL

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized …

Jun 10, 2025
CVE-2025-49507
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1.

Jun 10, 2025
CVE-2025-49455
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from …

Jun 10, 2025
CVE-2025-43698
9.1 CRITICAL

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025

Jun 10, 2025
CVE-2025-40657
9.8 CRITICAL

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the …

Jun 10, 2025
CVE-2025-40656
9.8 CRITICAL

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the …

Jun 10, 2025
CVE-2025-40655
9.8 CRITICAL

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the …

Jun 10, 2025
CVE-2025-40654
9.8 CRITICAL

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the …

Jun 10, 2025
CVE-2025-1041
9.9 CRITICAL

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include …

Jun 10, 2025
CVE-2025-42989
9.6 CRITICAL

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact …

Jun 10, 2025
CVE-2025-30515
9.8 CRITICAL

CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.

Jun 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.