CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-6982 Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ),Β allows attackers to decrypt the config.xml files. | N/A | NONE | β | 0 |
| CVE-2025-34132 A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at... | N/A | NONE | β | 0 |
| CVE-2025-53816 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Ver... | 7.5 | HIGH | β | 0 |
| CVE-2025-53964 GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary. | 9.6 | CRITICAL | β | 0 |
| CVE-2025-7756 A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-38349 In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep ref... | 7.8 | HIGH | β | 0 |
| CVE-2025-7783 Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-dat... | N/A | NONE | β | 0 |
| CVE-2025-27209 The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the string... | N/A | NONE | β | 0 |
| CVE-2025-27210 An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API... | N/A | NONE | β | 0 |
| CVE-2025-38351 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls H... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-7895 A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the compone... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7896 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/control... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7897 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the componen... | 7.3 | HIGH | β | 0 |
| CVE-2025-48965 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero. | 4.0 | MEDIUM | β | 0 |
| CVE-2025-41679 An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-47917 Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head ar... | 8.9 | HIGH | β | 0 |
| CVE-2025-41673 A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command. | 7.2 | HIGH | β | 0 |
| CVE-2025-41674 A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command. | 7.2 | HIGH | β | 0 |
| CVE-2025-41675 A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS comma... | 7.2 | HIGH | β | 0 |
| CVE-2025-41676 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. | 4.9 | MEDIUM | β | 0 |
| CVE-2025-41677 A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. | 4.9 | MEDIUM | β | 0 |
| CVE-2025-41678 A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-41681 A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content. | 4.8 | MEDIUM | β | 0 |
| CVE-2025-49656 Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to versio... | 7.5 | HIGH | β | 0 |
| CVE-2025-50151 File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to versio... | 8.8 | HIGH | β | 0 |
| CVE-2024-13973 A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | 6.8 | MEDIUM | β | 0 |
| CVE-2024-13974 A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewallβs DNS environment to achieve remote code ... | 8.1 | HIGH | β | 0 |
| CVE-2025-7382 A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2)Β can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxili... | 8.8 | HIGH | β | 0 |
| CVE-2025-7624 An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-7962 In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing theΒ \r and \n UTF-8 characters to separate different messages. | 7.5 | HIGH | β | 0 |
| CVE-2025-7938 A vulnerability was found in jerryshensjf JPACookieShop θη³εεJPAη 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-7939 A vulnerability was found in jerryshensjf JPACookieShop θη³εεJPAη 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to ... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-34140 An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass acc... | N/A | NONE | β | 0 |
| CVE-2025-34141 A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as click... | N/A | NONE | β | 0 |
| CVE-2025-34142 An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML inp... | N/A | NONE | β | 0 |
| CVE-2025-34143 An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The ... | N/A | NONE | β | 0 |
| CVE-2025-35966 A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of servic... | 7.5 | HIGH | β | 0 |
| CVE-2025-36512 A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of ser... | 7.5 | HIGH | β | 0 |
| CVE-2025-36520 A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service... | 7.5 | HIGH | β | 0 |
| CVE-2025-46354 A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service... | 7.5 | HIGH | β | 0 |
| CVE-2025-48498 A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol ... | 7.5 | HIGH | β | 0 |
| CVE-2025-8027 On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ES... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-8028 On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulner... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22397 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fl... | 8.1 | HIGH | β | 0 |
| CVE-2025-8029 Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 12... | 8.1 | HIGH | β | 0 |
| CVE-2025-8030 Insufficient escaping in the βCopy as cURLβ feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ES... | 8.1 | HIGH | β | 0 |
| CVE-2025-8031 The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-8032 XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Th... | 8.1 | HIGH | β | 0 |
| CVE-2025-8033 The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-8034 Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evide... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.