17282 Total CVEs
8582 AI Analyzed
264 CISA KEV
3488 Critical
All Vendors
Showing 9001-9050 of 17282 CVEs Page 181 of 346
CVE-2025-70999
7.5
GPU Multiple Products

A GPU device-ID validation flaw in the flow

2026-01-30
CVE-2025-70998
Analyzed
9.8
UTT HiPER 810 / nv810v4 router firmware

Insecure default credentials in the Telnet service of UTT HiPER routers allow remote attackers to gain root access via automated scripts.

2026-02-19
CVE-2025-70995
8.8
ASDK Multiple Products

An issue in Aranda Service Desk Web Edition (ASDK API 8

2026-03-07
CVE-2025-70994
7.3
Signal forgery after

Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system

2026-04-24
CVE-2025-70986
7.5
Unknown Multiple Products

Incorrect access control in the selectDept function of RuoYi v4

2026-01-24
CVE-2025-70985
Analyzed
9.1
Unknown Multiple Products

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.

2026-01-24
CVE-2025-70983
Analyzed
9.9
Unknown Multiple Products

Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.

2026-01-24
CVE-2025-70982
Analyzed
9.9
Intel Multiple Products

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive u...

2026-01-27
CVE-2025-70981
Analyzed
9.8
CordysCRM CordysCRM

CordysCRM 1.4.1 contains an SQL Injection vulnerability in the employee list query interface (/user/list) via the 'departmentIds' parameter.

2026-02-13
CVE-2025-70974
Analyzed
10
Fastjson before Multiple Products

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, th...

2026-01-09
CVE-2025-70968
Analyzed
9.8
FreeImage Multiple Products

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

2026-01-15
CVE-2025-70963
7.6
Gophish Multiple Products

Gophish <=0

2026-02-07
CVE-2025-70950
Analyzed
7.3
Unknown Multiple Products

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request

2026-05-20
CVE-2025-70949
7.5
Infor Multiple Products

An observable timing discrepancy in @perfood/couch-auth v0

2026-03-07
CVE-2025-70893
Analyzed
8.8
HP Multiple Products

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1

2026-01-16
CVE-2025-70892
Analyzed
9.8
HP Multiple Products

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly v...

2026-01-16
CVE-2025-70886
7.5
Unknown Multiple Products

An issue in halo v

2026-02-14
CVE-2025-70841
Analyzed
10
Apache Multi-Tenancy Based eCommerce Platform SaaS

Dokans SaaS platform allows unauthenticated attackers to download the `.env` file, exposing encryption keys, database credentials, and API keys, leadi...

2026-02-04
CVE-2025-70830
Analyzed
9.9
Unknown Datart (using Freemarker engine)

Datart v1.0.0-rc.3 is vulnerable to Server-Side Template Injection (SSTI) in its Freemarker engine, allowing authenticated attackers to execute arbitr...

2026-02-18
CVE-2025-70828
8.8
Unknown Multiple Products

An issue in Datart v1

2026-02-18
CVE-2025-7077
8.8
Unknown Multiple Products

A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2

2025-07-06
CVE-2025-70747
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-16
CVE-2025-70746
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-18
CVE-2025-70744
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-16
CVE-2025-70656
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-16
CVE-2025-70651
7.5
Tenda Multiple Products

Tenda AX-1803 v1

2026-01-22
CVE-2025-70650
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-22
CVE-2025-70648
7.5
Tenda Multiple Products

Tenda AX1803 v1

2026-01-23
CVE-2025-70646
7.5
Tenda Multiple Products

Tenda AX1803 v1

2026-01-23
CVE-2025-70645
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-22
CVE-2025-70644
7.5
Tenda Multiple Products

Tenda AX-1806 v1

2026-01-23
CVE-2025-70616
Analyzed
7.8
Diebold Nixdorf wnBios64

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64

2026-03-07
CVE-2025-70614
8.1
USSD Multiple Products

OpenCode Systems OC Messaging / USSD Gateway OC Release 6

2026-03-07
CVE-2025-70560
Analyzed
8.4
Unknown Boltz

Boltz 2

2026-02-05
CVE-2025-7052
Analyzed
8.8
WordPress Multiple Products

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5

2025-09-30
CVE-2025-7051
8.3
Unknown Multiple Products

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server

2025-08-21
CVE-2025-7050
Analyzed
7.2
Google Multiple Products

The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in...

2025-08-05
CVE-2025-7049
Analyzed
8.8
WordPress Multiple Products

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67

2025-09-10
CVE-2025-7044
7.7
Unknown Multiple Products

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS

2025-12-03
CVE-2025-70420
8.8
Unknown Multiple Products

A SQL injection vulnerability exists in Genesys Latitude v25

2026-04-23
CVE-2025-7042
7.8
SOLIDWORKS Multiple Products

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

2025-07-15
CVE-2025-7040
Analyzed
8.2
WordPress Multiple Products

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_...

2025-09-07
CVE-2025-70397
8.8
Unknown Multiple Products

jizhicms 2

2026-02-18
CVE-2025-7038
Analyzed
8.2
WordPress Multiple Products

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route...

2025-09-30
CVE-2025-7036
Analyzed
7.5
WordPress Multiple Products

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1

2025-08-07
CVE-2025-70341
7.8
Insecure Multiple Products

Insecure permissions in App-Auto-Patch v3

2026-03-05
CVE-2025-70329
8
TOTOLINK Multiple Products

TOTOLink X5000R v9

2026-02-24
CVE-2025-70314
Analyzed
9.8
Unknown webfsd

webfsd 1.21 is vulnerable to a buffer overflow through the 'filename' variable in crafted requests, potentially allowing remote attackers to execute a...

2026-02-13
CVE-2025-70308
7.5
Unknown Multiple Products

An out-of-bounds read in the GSF demuxer filter component of GPAC v2

2026-01-16
CVE-2025-70307
7.5
Unknown Multiple Products

A stack overflow in the dump_ttxt_sample function of GPAC v2

2026-01-16