CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-43468 Microsoft Configuration Manager Remote Code Execution Vulnerability | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-40765 A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-11533 The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4338 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38945 Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38944 An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4329 Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute | 9.8 | CRITICAL | β | 0 |
| CVE-2025-9697 The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10690 The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin' funct... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6553 The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6919 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46292 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-46581 ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-28390 An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-42937 SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files cau... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59735 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59736 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59737 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59738 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59739 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59740 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41506 An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP fi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59741 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59742 SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-59743 SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-6439 The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path valid... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-24681 An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioni... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4323 Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29971 Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-9485 The OAuth Single Sign On β SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugi... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4324 Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23809 A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23606 An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23313 An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-o... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23310 A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary co... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-23305 An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead t... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-22097 A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21812 An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-21795 A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62353 A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end userβs system. The vulner... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47862 A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-5948 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37903 vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may re... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46289 Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46290 Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46291 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46293 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46294 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46295 Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4325 Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.