CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload 12.07.2025 9.8
CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution 12.07.2025 9.8
CVE-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload 12.07.2025 9.8
CVE-2024-38648 12.07.2025 9
CVE-2025-7503 11.07.2025 10
CVE-2025-50121 11.07.2025 9.5
CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution 11.07.2025 9.8
CVE-2025-30023 11.07.2025 9
CVE-2025-7401 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php 11.07.2025 9.8
CVE-2025-52579 Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory 11.07.2025 9.3
CVE-2025-2523 Lack of buffer clearing before reuse may result in incorrect system behavior. 10.07.2025 9.4
CVE-2025-34095 Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp 11.07.2025 9.3
CVE-2025-34096 Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp 11.07.2025 9.3
CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password 10.07.2025 9.3
CVE-2025-34100 BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload 11.07.2025 9.3
CVE-2025-34101 Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter 10.07.2025 9.3
CVE-2025-34102 CryptoLog Unauthenticated RCE via SQL Injection and Command Injection 11.07.2025 9.3
CVE-2025-53371 DiscordNotifications allows DOS, SSRF, and possible RCE through requests to user-controlled URLs 10.07.2025 9.1
CVE-2025-47812 11.07.2025 10
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token 10.07.2025 10
CVE-2025-53620 Crashing any Qwik Server 09.07.2025 9.2
CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target` 09.07.2025 9.1
CVE-2025-6514 OS command injection in mcp-remote when connecting to untrusted MCP servers 09.07.2025 9.6
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration 09.07.2025 9.9
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector 09.07.2025 10
CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover 09.07.2025 9.8
CVE-2025-34077 WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE 09.07.2025 10
CVE-2025-34083 WordPress AIT CSV Import/Export Plugin ≤ 3.0.3 Unauthenticated RCE 11.07.2025 10
CVE-2025-34084 WordPress Total Upkeep (BoldGrid Backup) Plugin < 1.14.10 Unauthenticated Backup Disclosure 09.07.2025 9.2
CVE-2025-34085 WordPress Simple File List Plugin < 4.2.3 Unauthenticated Remote Code Execution 09.07.2025 10
CVE-2025-7206 D-Link DIR-825 httpd switch_language.cgi sub_410DDC stack-based overflow 09.07.2025 9.3
CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion 09.07.2025 9.8
CVE-2025-4855 Support Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key 09.07.2025 9.8
CVE-2025-49533 Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502) 10.07.2025 9.8
CVE-2025-27203 Adobe Connect | Deserialization of Untrusted Data (CWE-502) 10.07.2025 9.6
CVE-2025-49535 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) 09.07.2025 9.3
CVE-2025-37103 Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface 08.07.2025 9.8
CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability 11.07.2025 9.8
CVE-2025-21450 Improper Authentication in GPS_GNSS 08.07.2025 9.1
CVE-2025-40711 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40712 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40713 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40714 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40715 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40716 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40717 SQL injection vulnerability in Quiter Gateway 10.07.2025 9.3
CVE-2025-40736 08.07.2025 9.3
CVE-2025-25270 Remote Code Execution via Unauthenticated Configuration Manipulation 08.07.2025 9.8
CVE-2025-42963 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer ) 09.07.2025 9.1
CVE-2025-42964 Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration 09.07.2025 9.1
CVE-2025-42966 Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service) 09.07.2025 9.1
CVE-2025-42967 Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation) 09.07.2025 9.9
CVE-2025-42980 Insecure Deserialization in SAP NetWeaver Enterprise Portal Federated Portal Network 08.07.2025 9.1
CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter) 07.07.2025 9.8
CVE-2025-6793 Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability 07.07.2025 9.4
CVE-2025-6794 Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability 07.07.2025 9.8
CVE-2025-6802 Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability 07.07.2025 9.8
CVE-2025-6810 Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability 07.07.2025 9.8
CVE-2025-6811 Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability 07.07.2025 9.8
CVE-2025-3466 Unsanitized Input in langgenius/dify 07.07.2025 9.8
CVE-2025-4779 Stored Cross-site Scripting (XSS) in lunary-ai/lunary 07.07.2025 9.1
CVE-2025-3626 OS Command Injection via Config Upload in WebUI 07.07.2025 9.1
CVE-2025-41672 WAGO: Vulnerability in WAGO Device Sphere 07.07.2025 10
CVE-2025-48501 07.07.2025 9.3
CVE-2025-7097 Comodo Internet Security Premium Manifest File cis_update_x64.xml os command injection 07.07.2025 9.2
CVE-2025-7096 Comodo Internet Security Premium Manifest File cis_update_x64.xml integrity check 07.07.2025 9.2
CVE-2025-5333 Unauthenticated Remote Code Execution in IT Management Suite 07.07.2025 9.5

Latest Updates

CVE Title Updated Score
CVE-2025-7479 PHPGurukul Vehicle Parking Management System view--detail.php sql injection 12.07.2025
CVE-2025-7478 code-projects Modern Bag category-list.php sql injection 12.07.2025
CVE-2025-7477 code-projects Simple Car Rental System add_cars.php unrestricted upload 12.07.2025
CVE-2025-7476 code-projects Simple Car Rental System approve.php sql injection 12.07.2025
CVE-2025-7475 code-projects Simple Car Rental System pay.php sql injection 12.07.2025
CVE-2025-7474 code-projects Job Diary search.php sql injection 12.07.2025
CVE-2025-36104 IBM Storage Scale information disclosure 12.07.2025 6.5
CVE-2025-7471 code-projects Modern Bag login-back.php sql injection 12.07.2025
CVE-2020-36848 Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download 12.07.2025 7.5
CVE-2020-36849 AIT CSV import/export <= 3.0.3 - Unauthenticated Arbitrary File Upload 12.07.2025 9.8
CVE-2021-4458 Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection 12.07.2025 5.9
CVE-2025-7470 Campcodes Sales and Inventory System product_add.php unrestricted upload 12.07.2025
CVE-2025-7469 Campcodes Sales and Inventory System product_add.php sql injection 12.07.2025
CVE-2020-36847 Simple File List < 4.2.3 - Remote Code Execution 12.07.2025 9.8
CVE-2025-7518 RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read 12.07.2025 4.9
CVE-2025-7468 Tenda FH1201 HTTP POST Request fromSafeUrlFilter buffer overflow 12.07.2025
CVE-2025-7467 code-projects Modern Bag product-detail.php sql injection 12.07.2025
CVE-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection 12.07.2025 7.5
CVE-2025-7466 1000projects ABC Courier Management add_dealerrequest.php sql injection 12.07.2025
CVE-2025-6423 BeeTeam368 Extensions <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload 12.07.2025 8.8
CVE-2025-7465 Tenda FH1201 HTTP POST Request fromRouteStatic buffer overflow 12.07.2025
CVE-2025-7464 osrg GoBGP rtr.go SplitRTR out-of-bounds 12.07.2025
CVE-2025-7463 Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow 12.07.2025
CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover 12.07.2025 8.8
CVE-2025-7462 Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference 12.07.2025
CVE-2025-6057 WPBookit <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload 12.07.2025 8.8
CVE-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload 12.07.2025 9.8
CVE-2025-7461 code-projects Modern Bag action.php sql injection 12.07.2025
CVE-2023-38036 12.07.2025
CVE-2023-39338 12.07.2025
CVE-2023-39339 12.07.2025
CVE-2024-38648 12.07.2025
CVE-2025-24294 12.07.2025
CVE-2025-53871 12.07.2025
CVE-2025-53872 12.07.2025
CVE-2025-53873 12.07.2025
CVE-2025-53874 12.07.2025
CVE-2025-53875 12.07.2025
CVE-2025-53876 12.07.2025
CVE-2025-53877 12.07.2025
CVE-2025-53878 12.07.2025
CVE-2025-53879 12.07.2025