Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-7503 | NONE | — | 2025-07-11 | An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet servic… | |
| CVE-2025-47812 | CRITICAL | Patched | 10.0 | 2025-07-10 | In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This c… |
| CVE-2025-53624 | CRITICAL | Patched | 10.0 | 2025-07-09 | The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 a… |
| CVE-2025-3499 | CRITICAL | 10.0 | 2025-07-09 | The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs… | |
| CVE-2025-34077 | NONE | — | 2025-07-09 | An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitt… | |
| CVE-2025-41672 | CRITICAL | 10.0 | 2025-07-07 | A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. | |
| CVE-2025-20309 | CRITICAL | 10.0 | 2025-07-02 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an una… | |
| CVE-2025-34067 | NONE | — | 2025-07-02 | An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulne… | |
| CVE-2025-34073 | NONE | — | 2025-07-02 | An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands… | |
| CVE-2025-34060 | NONE | — | 2025-07-01 | A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. T… | |
| CVE-2025-34063 | NONE | — | 2025-07-01 | A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4… | |
| CVE-2025-34054 | NONE | — | 2025-07-01 | An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers… | |
| CVE-2025-41656 | CRITICAL | 10.0 | 2025-07-01 | An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configu… | |
| CVE-2025-34043 | NONE | — | 2025-06-26 | A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerab… | |
| CVE-2025-34046 | NONE | — | 2025-06-26 | An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php end… | |
| CVE-2025-20282 | CRITICAL | 10.0 | 2025-06-25 | A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then e… | |
| CVE-2025-20281 | CRITICAL | 10.0 | 2025-06-25 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating syste… | |
| CVE-2025-52572 | CRITICAL | 10.0 | 2025-06-24 | Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session… | |
| CVE-2025-4378 | CRITICAL | Patched | 10.0 | 2025-06-24 | Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, A… |
| CVE-2025-32975 | CRITICAL | Patched | 10.0 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.… |
| CVE-2024-56731 | CRITICAL | Patched | 10.0 | 2025-06-24 | Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution d… |
| CVE-2025-34039 | NONE | — | 2025-06-24 | A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access … | |
| CVE-2025-34040 | NONE | — | 2025-06-24 | An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated… | |
| CVE-2025-34041 | NONE | — | 2025-06-24 | An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.1… | |
| CVE-2025-34037 | NONE | — | 2025-06-24 | An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The … |