CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-22939
9.8 CRITICAL

A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.

Mar 31, 2025
CVE-2025-22938
9.8 CRITICAL

Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.

Mar 31, 2025
CVE-2025-22937
9.8 CRITICAL

An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.

Mar 31, 2025
CVE-2025-29266
9.6 CRITICAL

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in …

Mar 31, 2025
CVE-2025-26689
9.8 CRITICAL

Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to …

Mar 31, 2025
CVE-2025-25211
9.8 CRITICAL

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker …

Mar 31, 2025
CVE-2025-3011
9.8 CRITICAL

SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Mar 31, 2025
CVE-2025-1268
9.4 CRITICAL

Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver …

Mar 31, 2025
CVE-2024-13804
9.8 CRITICAL

Unauthenticated RCE in HPE Insight Cluster Management Utility

Mar 30, 2025
CVE-2025-1861
9.8 CRITICAL

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response …

Mar 30, 2025
CVE-2025-2266
9.8 CRITICAL

The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to …

Mar 29, 2025
CVE-2025-28091
9.1 CRITICAL

maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.

Mar 28, 2025
CVE-2025-28090
9.1 CRITICAL

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.

Mar 28, 2025
CVE-2025-28089
9.1 CRITICAL

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.

Mar 28, 2025
CVE-2025-28087
9.8 CRITICAL

Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.

Mar 28, 2025
CVE-2025-25579
9.8 CRITICAL

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.

Mar 28, 2025
CVE-2025-28256
9.8 CRITICAL

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.

Mar 28, 2025
CVE-2025-22953
9.8 CRITICAL

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter …

Mar 28, 2025
CVE-2024-56975
9.8 CRITICAL

InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.

Mar 28, 2025
CVE-2024-38988
9.8 CRITICAL

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code …

Mar 28, 2025
CVE-2024-38985
9.8 CRITICAL

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers …

Mar 28, 2025
CVE-2024-24292
9.8 CRITICAL

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component.

Mar 28, 2025
CVE-2025-30372
9.8 CRITICAL

Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after …

Mar 28, 2025
CVE-2025-22526
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through <= …

Mar 28, 2025
CVE-2025-22523
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from …

Mar 28, 2025
CVE-2025-2859
9.8 CRITICAL

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to …

Mar 28, 2025
CVE-2025-28219
9.8 CRITICAL

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to …

Mar 28, 2025
CVE-2025-2294
9.8 CRITICAL

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. …

Mar 28, 2025
CVE-2025-24383
9.1 CRITICAL

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker …

Mar 28, 2025
CVE-2025-22398
9.8 CRITICAL

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker …

Mar 28, 2025
CVE-2025-26898
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.

Mar 27, 2025
CVE-2025-26873
9.0 CRITICAL

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.

Mar 27, 2025
CVE-2025-29306
9.8 CRITICAL

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.

Mar 27, 2025
CVE-2025-30367
9.8 CRITICAL

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the …

Mar 27, 2025
CVE-2025-30365
9.8 CRITICAL

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in …

Mar 27, 2025
CVE-2025-30364
9.8 CRITICAL

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the …

Mar 27, 2025
CVE-2025-30361
9.8 CRITICAL

WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a …

Mar 27, 2025
CVE-2025-28138
9.8 CRITICAL

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Mar 27, 2025
CVE-2025-26909
9.6 CRITICAL

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP …

Mar 27, 2025
CVE-2025-25686
9.8 CRITICAL

semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

Mar 27, 2025
CVE-2025-2857
10.0 CRITICAL

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the …

Mar 27, 2025
CVE-2025-2332
9.8 CRITICAL

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, …

Mar 27, 2025
CVE-2025-26011
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.

Mar 26, 2025
CVE-2025-26010
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.

Mar 26, 2025
CVE-2025-26008
9.8 CRITICAL

In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.

Mar 26, 2025
CVE-2025-26007
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.

Mar 26, 2025
CVE-2025-26006
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.

Mar 26, 2025
CVE-2025-26005
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.

Mar 26, 2025
CVE-2024-55964
9.8 CRITICAL

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith …

Mar 26, 2025
CVE-2025-26004
9.8 CRITICAL

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.

Mar 26, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.