Daily insights into the world's most dangerous security vulnerabilities
CVE-2025-25000 is a high-severity vulnerability affecting the Apache HTTP Server, with a CVSS score of 8.5/10.0. While specific details regarding the vulnerability's mechanics, exploitation vectors, a...
CVE-2025-26234 is a high-severity vulnerability affecting GitLab, with a CVSS score of 8.2 out of 10. While specific details regarding the vulnerability's mechanics, affected versions, and exploitatio...
CVE-2025-27468 is a high-severity vulnerability affecting VLC Media Player, with a CVSS score of 8.0/10.0. The lack of a detailed description and CVSS vector analysis indicates that the vulnerability'...
CVE-2025-32433 is a critical vulnerability affecting multiple versions of Erlang/OTP and Cisco Confd Basic, with a CVSS score of 10.0, indicating a severe risk to organizational security. Although spe...
CVE-2025-24016, affecting Wazuh versions 4.4.0 to 4.9.1, has been assigned a critical CVSS score of 9.9, indicating an immediate threat to organizational security. While specific details regarding the...
CVE-2025-6146 is a critical buffer overflow vulnerability identified in the TOTOLINK X15 router, specifically affecting the HTTP POST Request Handler in the /boafrm/formSysLog file. With a CVSS score ...
CVE-2025-6147 is a critical buffer overflow vulnerability affecting the Totolink A702R firmware version 4.0.0-B20230721.1521, with a CVSS score of 8.8, indicating a high severity level. The vulnerabil...
CVE-2025-6148 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002RU router firmware version 3.0.0-B20230809.1615. With a CVSS score of 8.8, this vulnerability poses a signific...
CVE-2025-6149 is a critical buffer overflow vulnerability affecting the Totolink A3002R router firmware version 4.0.0-B20230531.1404. With a CVSS score of 8.8, this vulnerability allows remote attacke...
CVE-2025-28702 is a high-severity vulnerability affecting MySQL, with a CVSS score of 7.8, indicating a significant risk to systems utilizing this database management system. Although specific details...
CVE-2025-31170 is a high-severity vulnerability affecting Jenkins, a widely used open-source automation server. With a CVSS score of 8.9, this vulnerability presents a significant risk to organization...
CVE-2025-32404 is a critical vulnerability affecting LibreOffice, with a CVSS score of 9.0, indicating a severe threat to organizational security. The lack of a detailed description and CVSS vector an...
CVE-2025-33638 is a high-severity vulnerability affecting Oracle Database, with a CVSS score of 8.8, indicating a significant risk that requires immediate attention from security professionals. As of ...
CVE-2025-6151 is a critical buffer overflow vulnerability affecting the TP-Link TL-WR940N V4 firmware, with a CVSS score of 8.8, indicating a high severity level. The vulnerability resides in the /use...
CVE-2025-6158 represents a critical stack-based buffer overflow vulnerability found in the D-Link DIR-665 router, specifically within the HTTP POST request handler function sub_AC78. With a CVSS score...
CVE-2025-6162 is a critical buffer overflow vulnerability identified in the TOTOLINK EX1200T router, specifically within the HTTP POST Request Handler in the /boafrm/formMultiAP file. With a CVSS scor...
CVE-2025-6163 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002RU router, specifically within the HTTP POST request handler of the /boafrm/formMultiAP component. With a CVSS...
CVE-2025-6164 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404. With a CVSS score of 8.8, this vulnerability allows remote att...
CVE-2025-6165 is a critical buffer overflow vulnerability affecting the TOTOLINK X15 router firmware version 1.0.0-B20230714.1105. With a CVSS score of 8.8, this vulnerability allows for remote exploi...
CVE-2025-3515 is a critical vulnerability affecting the Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress, with a CVSS score of 8.1/10.0. The vulnerability arises from insuffi...
CVE-2025-43200 represents a medium-severity Denial of Service (DoS) vulnerability affecting multiple Apple operating systems, including iPadOS, iOS, and macOS. The flaw arises from a logic issue when ...
CVE-2025-33053, classified as an External Control Security Vulnerability, poses a significant risk to various versions of Microsoft Windows and Windows Server. With a CVSS score of 8.8, this high-seve...
CVE-2025-1041 represents a critical security vulnerability within the Avaya Call Management System, characterized by improper input validation that allows unauthorized remote command execution via spe...
CVE-2025-42989 represents a critical security vulnerability affecting systems that utilize RFC inbound processing without adequate authorization checks. With a CVSS score of 9.6, this vulnerability po...
CVE-2025-5903 is a high-severity buffer overflow vulnerability found in the TOTOLINK T10 router firmware (version 4.1.8cu.5207). This vulnerability resides in the setWiFiAclRules function within the /...
CVE-2025-5904 is a critical buffer overflow vulnerability affecting the Totolink T10 firmware version 4.1.8cu.5207. With a CVSS score of 8.8, this vulnerability allows remote attackers to exploit the ...
CVE-2025-5905 is a critical buffer overflow vulnerability affecting the Totolink T10 firmware (version 4.1.8cu.5207). With a CVSS score of 8.8, this vulnerability allows remote attackers to exploit th...
CVE-2025-42982 represents a significant security vulnerability in SAP GRC (Governance, Risk, and Compliance) systems, with a CVSS score of 8.8 indicating a high severity level. This vulnerability allo...
CVE-2025-5907 is a critical buffer overflow vulnerability affecting the Totolink EX1200T firmware, specifically in the HTTP POST request handler located in /boafrm/formFilter. With a CVSS score of 8.8...
CVE-2025-5908 is a critical buffer overflow vulnerability affecting the TOTOLINK EX1200T firmware versions up to 4.1.2cu.5232_B20210713. With a CVSS score of 8.8, this vulnerability allows remote atta...
CVE-2025-5909 represents a critical buffer overflow vulnerability in the Totolink EX1200T firmware, specifically affecting versions up to 4.1.2cu.5232_B20210713. With a CVSS score of 8.8, this vulnera...
CVE-2025-5910 is a critical buffer overflow vulnerability affecting the Totolink EX1200T firmware versions up to 4.1.2cu.5232_B20210713, with a CVSS score of 8.8, indicating a high severity level. Thi...
CVE-2025-5911 represents a critical buffer overflow vulnerability in the Totolink EX1200T firmware, specifically affecting versions up to 4.1.2cu.5232_B20210713. With a CVSS score of 8.8, this vulnera...
CVE-2025-4387 is a critical vulnerability affecting the Abandoned Cart Pro for WooCommerce plugin, which allows authenticated attackers to upload arbitrary files due to inadequate file type validation...
CVE-2025-4601 represents a significant privilege escalation vulnerability in the "RH - Real Estate WordPress Theme," affecting all versions up to and including 4.4.0. With a CVSS score of 8.8, the vul...
CVE-2025-5912 is a critical buffer overflow vulnerability identified in the D-Link DIR-632 firmware (version FW103B08). With a CVSS score of 8.8, this vulnerability poses a significant risk as it allo...
CVE-2025-5934 is a critical buffer overflow vulnerability affecting the Netgear EX3700 firmware versions prior to 1.0.0.88, with a CVSS score of 8.8, indicating high severity. This vulnerability allow...
CVE-2025-27818 represents a critical remote code execution (RCE) vulnerability in Apache Kafka, with a CVSS score of 8.8, indicating high severity. The vulnerability arises from improper handling of S...
CVE-2025-42983 represents a critical security vulnerability within SAP Business Warehouse and SAP Plug-In Basis, allowing authenticated attackers to drop arbitrary database tables. With a CVSS score o...
CVE-2025-23192 represents a significant security vulnerability within SAP BusinessObjects Business Intelligence (BI Workspace), allowing unauthenticated attackers to inject and execute malicious scrip...
CVE-2025-42977 represents a critical path traversal vulnerability within SAP NetWeaver Visual Composer, classified with a CVSS score of 7.6/10.0. This vulnerability arises from insufficient validation...
CVE-2025-42994 is a high-severity vulnerability affecting the SAP MDM Server, specifically within the ReadString function. This vulnerability allows an attacker to send specially crafted packets that ...
CVE-2025-42995 represents a significant vulnerability within the SAP MDM Server, classified with a CVSS score of 7.5, indicating a high severity level. This vulnerability allows unauthenticated attack...
CVE-2025-4840 is a high-severity SQL Injection vulnerability affecting the inprosysmedia-likes-dislikes-post WordPress plugin (version 1.0.0 and prior). This vulnerability allows unauthenticated attac...
CVE-2025-27817 represents a significant security vulnerability within the Apache Kafka Client, classified with a CVSS score of 7.5, indicating high severity. This vulnerability allows for arbitrary fi...
CVE-2025-27819 represents a critical vulnerability affecting Apache Kafka, specifically tied to the SASL JAAS JndiLoginModule configuration. This flaw enables remote code execution (RCE) and denial of...
CVE-2025-5906 represents a critical vulnerability in the Code-Projects Laundry System 1.0, characterized by missing authentication mechanisms that allow for remote exploitation without user interactio...
CVE-2025-5419 represents a significant security vulnerability in Google Chrome's V8 JavaScript engine, classified with a CVSS score of 8.8, indicating high severity. The vulnerability arises from an o...
CVE-2025-21479 is a high-severity vulnerability affecting various Qualcomm firmware components, with a CVSS score of 8.6. The vulnerability arises from memory corruption due to unauthorized command ex...
CVE-2025-21480 is a high-severity vulnerability affecting multiple Qualcomm firmware components, including the Aqt1000 and Fastconnect series. With a CVSS score of 8.6, this memory corruption vulnerab...
CVE-2025-27038 is a high-severity vulnerability affecting multiple Qualcomm firmware versions, particularly those utilizing Adreno GPU drivers in Chrome. With a CVSS score of 7.5, this vulnerability p...
CVE-2025-35939 is a medium-severity vulnerability affecting Craft CMS versions prior to 4.15.3 and between 5.0.0 and 5.7.5. The vulnerability arises from improper handling of session files, allowing u...
CVE-2025-3935 is a critical vulnerability in ConnectWise ScreenConnect versions prior to 25.2.4, allowing for remote code execution (RCE) through a ViewState code injection attack. With a CVSS score o...