Daily insights into the world's most dangerous security vulnerabilities
CVE-2025-6146 is a critical buffer overflow vulnerability identified in the TOTOLINK X15 router, specifically affecting the HTTP POST Request Handler in the /boafrm/formSysLog file. With a CVSS score ...
CVE-2025-6147 is a critical buffer overflow vulnerability affecting the Totolink A702R firmware version 4.0.0-B20230721.1521, with a CVSS score of 8.8, indicating a high severity level. The vulnerabil...
CVE-2025-6148 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002RU router firmware version 3.0.0-B20230809.1615. With a CVSS score of 8.8, this vulnerability poses a signific...
CVE-2025-6149 is a critical buffer overflow vulnerability affecting the Totolink A3002R router firmware version 4.0.0-B20230531.1404. With a CVSS score of 8.8, this vulnerability allows remote attacke...
CVE-2025-6151 is a critical buffer overflow vulnerability affecting the TP-Link TL-WR940N V4 firmware, with a CVSS score of 8.8, indicating a high severity level. The vulnerability resides in the /use...
CVE-2025-6158 represents a critical stack-based buffer overflow vulnerability found in the D-Link DIR-665 router, specifically within the HTTP POST request handler function sub_AC78. With a CVSS score...
CVE-2025-6162 is a critical buffer overflow vulnerability identified in the TOTOLINK EX1200T router, specifically within the HTTP POST Request Handler in the /boafrm/formMultiAP file. With a CVSS scor...
CVE-2025-6163 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002RU router, specifically within the HTTP POST request handler of the /boafrm/formMultiAP component. With a CVSS...
CVE-2025-6164 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404. With a CVSS score of 8.8, this vulnerability allows remote att...
CVE-2025-6165 is a critical buffer overflow vulnerability affecting the TOTOLINK X15 router firmware version 1.0.0-B20230714.1105. With a CVSS score of 8.8, this vulnerability allows for remote exploi...
CVE-2025-3515 is a critical vulnerability affecting the Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress, with a CVSS score of 8.1/10.0. The vulnerability arises from insuffi...
CVE-2025-33053, classified as an External Control Security Vulnerability, poses a significant risk to various versions of Microsoft Windows and Windows Server. With a CVSS score of 8.8, this high-seve...
CVE-2025-5903 is a high-severity buffer overflow vulnerability found in the TOTOLINK T10 router firmware (version 4.1.8cu.5207). This vulnerability resides in the setWiFiAclRules function within the /...
CVE-2025-5904 is a critical buffer overflow vulnerability affecting the Totolink T10 firmware version 4.1.8cu.5207. With a CVSS score of 8.8, this vulnerability allows remote attackers to exploit the ...
CVE-2025-5905 is a critical buffer overflow vulnerability affecting the Totolink T10 firmware (version 4.1.8cu.5207). With a CVSS score of 8.8, this vulnerability allows remote attackers to exploit th...
CVE-2025-42982 represents a significant security vulnerability in SAP GRC (Governance, Risk, and Compliance) systems, with a CVSS score of 8.8 indicating a high severity level. This vulnerability allo...
CVE-2025-5907 is a critical buffer overflow vulnerability affecting the Totolink EX1200T firmware, specifically in the HTTP POST request handler located in /boafrm/formFilter. With a CVSS score of 8.8...
CVE-2025-5908 is a critical buffer overflow vulnerability affecting the TOTOLINK EX1200T firmware versions up to 4.1.2cu.5232_B20210713. With a CVSS score of 8.8, this vulnerability allows remote atta...
CVE-2025-5909 represents a critical buffer overflow vulnerability in the Totolink EX1200T firmware, specifically affecting versions up to 4.1.2cu.5232_B20210713. With a CVSS score of 8.8, this vulnera...
CVE-2025-5910 is a critical buffer overflow vulnerability affecting the Totolink EX1200T firmware versions up to 4.1.2cu.5232_B20210713, with a CVSS score of 8.8, indicating a high severity level. Thi...
CVE-2025-5911 represents a critical buffer overflow vulnerability in the Totolink EX1200T firmware, specifically affecting versions up to 4.1.2cu.5232_B20210713. With a CVSS score of 8.8, this vulnera...
CVE-2025-4387 is a critical vulnerability affecting the Abandoned Cart Pro for WooCommerce plugin, which allows authenticated attackers to upload arbitrary files due to inadequate file type validation...
CVE-2025-4601 represents a significant privilege escalation vulnerability in the "RH - Real Estate WordPress Theme," affecting all versions up to and including 4.4.0. With a CVSS score of 8.8, the vul...
CVE-2025-5912 is a critical buffer overflow vulnerability identified in the D-Link DIR-632 firmware (version FW103B08). With a CVSS score of 8.8, this vulnerability poses a significant risk as it allo...
CVE-2025-5934 is a critical buffer overflow vulnerability affecting the Netgear EX3700 firmware versions prior to 1.0.0.88, with a CVSS score of 8.8, indicating high severity. This vulnerability allow...
CVE-2025-27818 represents a critical remote code execution (RCE) vulnerability in Apache Kafka, with a CVSS score of 8.8, indicating high severity. The vulnerability arises from improper handling of S...
CVE-2025-42983 represents a critical security vulnerability within SAP Business Warehouse and SAP Plug-In Basis, allowing authenticated attackers to drop arbitrary database tables. With a CVSS score o...
CVE-2025-23192 represents a significant security vulnerability within SAP BusinessObjects Business Intelligence (BI Workspace), allowing unauthenticated attackers to inject and execute malicious scrip...
CVE-2025-42977 represents a critical path traversal vulnerability within SAP NetWeaver Visual Composer, classified with a CVSS score of 7.6/10.0. This vulnerability arises from insufficient validation...
CVE-2025-42994 is a high-severity vulnerability affecting the SAP MDM Server, specifically within the ReadString function. This vulnerability allows an attacker to send specially crafted packets that ...
CVE-2025-42995 represents a significant vulnerability within the SAP MDM Server, classified with a CVSS score of 7.5, indicating a high severity level. This vulnerability allows unauthenticated attack...
CVE-2025-4840 is a high-severity SQL Injection vulnerability affecting the inprosysmedia-likes-dislikes-post WordPress plugin (version 1.0.0 and prior). This vulnerability allows unauthenticated attac...
CVE-2025-27817 represents a significant security vulnerability within the Apache Kafka Client, classified with a CVSS score of 7.5, indicating high severity. This vulnerability allows for arbitrary fi...
CVE-2025-27819 represents a critical vulnerability affecting Apache Kafka, specifically tied to the SASL JAAS JndiLoginModule configuration. This flaw enables remote code execution (RCE) and denial of...
CVE-2025-5906 represents a critical vulnerability in the Code-Projects Laundry System 1.0, characterized by missing authentication mechanisms that allow for remote exploitation without user interactio...
CVE-2025-5419 represents a significant security vulnerability in Google Chrome's V8 JavaScript engine, classified with a CVSS score of 8.8, indicating high severity. The vulnerability arises from an o...
CVE-2025-21479 is a high-severity vulnerability affecting various Qualcomm firmware components, with a CVSS score of 8.6. The vulnerability arises from memory corruption due to unauthorized command ex...
CVE-2025-21480 is a high-severity vulnerability affecting multiple Qualcomm firmware components, including the Aqt1000 and Fastconnect series. With a CVSS score of 8.6, this memory corruption vulnerab...
CVE-2025-27038 is a high-severity vulnerability affecting multiple Qualcomm firmware versions, particularly those utilizing Adreno GPU drivers in Chrome. With a CVSS score of 7.5, this vulnerability p...
CVE-2025-3935 is a critical vulnerability in ConnectWise ScreenConnect versions prior to 25.2.4, allowing for remote code execution (RCE) through a ViewState code injection attack. With a CVSS score o...
CVE-2023-39780 is a high-severity vulnerability affecting the ASUS RT-AX55 router firmware version 3.0.0.4.386.51598. This vulnerability allows authenticated attackers to execute arbitrary OS commands...
CVE-2023-33538 is a critical command injection vulnerability affecting multiple TP-Link router firmware versions, including TL-WR940N, TL-WR841N, and TL-WR740N. With a CVSS score of 8.8, this vulnerab...
CVE-2023-0386 is a high-severity vulnerability in the Linux kernel's OverlayFS subsystem, allowing local users to escalate privileges through a flaw in the handling of setuid files with capabilities. ...