CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-46192 SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38241 Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24330 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59390 Apache Druidβs Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is ge... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-3605 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not pr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-4403 The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a userβsupplied support... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66261 Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows a... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66259 Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43400 A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Act... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-11861 EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66262 Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-50402 FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-16165 The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45347 Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23256 An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51960 Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13764 The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restrict... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54489 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31470 There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted pac... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-54491 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31585 Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-44796 An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT toke... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13597 The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53877 Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-15040 The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplie... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67793 An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-53941 EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51742 An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deseri... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8503 An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51743 An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68541 Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64063 Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62863 Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could resul... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65084 An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information o... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-31864 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC d... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65085 A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose informa... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2018 Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-41734 An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-61168 An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-51744 An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62864 Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that c... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4462 Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded f... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64717 ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8932 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()Β function on 32-bit systems can cause an integer overflow, resulting in a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-48654 One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium ba... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.