Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,411
Quick preset (or use dates below)
Clear Filters
Showing 14,281 - 14,300 of 14,425 CVEs
CVE-2025-15176 HIGH - 7.5

A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to reachable assertion. It is possible to launch ...

Vendor: open5gs
Product: open5gs
Published: Dec 29, 2025
Source: NVD
CVE-2025-13417 HIGH - 8.6

The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform SQL injection attacks.

Published: Dec 29, 2025
Source: NVD
CVE-2025-15169 HIGH - 7.2

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to ...

Vendor: biggidroid
Product: simple_php_cms
Published: Dec 29, 2025
Source: NVD
CVE-2025-15164 HIGH - 7.2

A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be e...

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15163 HIGH - 7.2

A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly ava...

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15067 HIGH - 7.7

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam)

Published: Dec 29, 2025
Source: NVD
CVE-2025-15162 HIGH - 7.2

A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly ...

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15161 HIGH - 7.2

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be u...

Vendor: tenda
Product: wh450_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15160 HIGH - 7.2

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor: tenda
Product: wh450_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15155 HIGH - 7.8

A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now p...

Vendor: floooh
Product: sokol
Published: Dec 28, 2025
Source: NVD
CVE-2025-15150 HIGH - 7.8

A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is on...

Vendor: dronecode
Product: px4_drone_autopilot
Published: Dec 28, 2025
Source: NVD
CVE-2025-15148 HIGH - 7.2

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code injection. The attack may be launched remote...

Vendor: cmseasy
Product: cmseasy
Published: Dec 28, 2025
Source: NVD
CVE-2025-68973 HIGH - 7.0

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Vendor: gnupg
Product: gnupg
Published: Dec 28, 2025
Source: NVD
CVE-2025-15143 HIGH - 7.2

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to launch ...

Vendor: eyoucms
Product: eyoucms
Published: Dec 28, 2025
Source: NVD
CVE-2025-15142 HIGH - 7.3

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15140 HIGH - 7.3

A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remotel...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15139 HIGH - 8.8

A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4ย  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

Vendor: trendnet
Product: tew-822dre_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15138 HIGH - 7.2

A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and ma...

Vendor: prasathmani
Product: tiny_file_manager
Published: Dec 28, 2025
Source: NVD
CVE-2025-15137 HIGH - 8.8

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934ย  of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacte...

Vendor: trendnet
Product: tew-800mb_firmware
Published: Dec 28, 2025
Source: NVD
CVE-2025-15136 HIGH - 8.8

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely....

Vendor: trendnet
Product: tew-800mb_firmware
Published: Dec 28, 2025
Source: NVD