CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures 21.06.2025 9.3
CVE-2025-6216 Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability 21.06.2025 9.8
CVE-2025-25034 SugarCRM PHP Deserialization RCE 20.06.2025 9.3
CVE-2025-25037 Aquatronica Controller System Complete Information Disclosure 20.06.2025 9.3
CVE-2025-25038 MiniDVBLinux Root Command Injection 20.06.2025 9.3
CVE-2025-34022 Selea Targa IP OCR-ANPR Camera Path Traversal 20.06.2025 9.3
CVE-2025-34024 Edimax EW-7438RPn Mini OS Command Injection 20.06.2025 9.4
CVE-2025-34029 Edimax EW-7438RPn Mini OS Command Injection 20.06.2025 9.4
CVE-2025-34030 sar2html OS Command Injection 20.06.2025 10
CVE-2025-49132 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution 20.06.2025 10
CVE-2024-53298 20.06.2025 9.8
CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User 20.06.2025 9.9
CVE-2025-33117 IBM QRadar SIEM command execution 20.06.2025 9.1
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs 19.06.2025 9.5
CVE-2025-4738 Authenticated SQLi in Yirmibes Software's MY ERP 20.06.2025 9.8
CVE-2025-50201 WeGIA OS Command Injection in debug_info.php parameter 'branch' 19.06.2025 9.8
CVE-2025-52467 pgai secrets exfiltration via `pull_request_target` 19.06.2025 9.1
CVE-2024-45208 18.06.2025 9.8
CVE-2025-23121 18.06.2025 9.9
CVE-2025-24288 18.06.2025 9.8
CVE-2025-20260 ClamAV PDF Scanning Buffer Overflow Vulnerability 19.06.2025 9.8
CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation 18.06.2025 9.8
CVE-2025-51381 18.06.2025 9.3
CVE-2025-49825 Teleport allows remote authentication bypass 18.06.2025 9.8
CVE-2025-49212 18.06.2025 9.8
CVE-2025-49213 18.06.2025 9.8
CVE-2025-49216 18.06.2025 9.8
CVE-2025-49217 18.06.2025 9.8
CVE-2025-49219 18.06.2025 9.8
CVE-2025-49220 18.06.2025 9.8
CVE-2025-24773 WordPress WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - SQL Injection Vulnerability 17.06.2025 9.3
CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability 17.06.2025 9.8
CVE-2025-31919 WordPress Spare <= 1.7 - PHP Object Injection Vulnerability 17.06.2025 9.8
CVE-2025-32510 WordPress Ovatheme Events Manager plugin <= 1.7.5 - Arbitrary File Upload vulnerability 17.06.2025 10
CVE-2025-39479 WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability 17.06.2025 9.3
CVE-2025-47452 WordPress WP VR <= 8.5.26 - Arbitrary File Upload Vulnerability 17.06.2025 9.9
CVE-2025-47559 WordPress MapSVG plugin <= 8.5.32 - Arbitrary File Upload vulnerability 17.06.2025 9.9
CVE-2025-47573 WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability 17.06.2025 9.3
CVE-2025-48274 WordPress WP Job Portal <= 2.3.2 - SQL Injection Vulnerability 17.06.2025 9.3
CVE-2025-49071 WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability 17.06.2025 10
CVE-2025-49330 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.3.0 - PHP Object Injection Vulnerability 20.06.2025 9.8
CVE-2025-49444 WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability 17.06.2025 10
CVE-2025-49447 WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability 17.06.2025 10
CVE-2025-49452 WordPress PostaPanduri <= 2.1.3 - SQL Injection Vulnerability 17.06.2025 9.3
CVE-2025-4404 Freeipa: idm: privilege escalation from host to domain admin in freeipa 17.06.2025 9.1
CVE-2025-5777 NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread 18.06.2025 9.3
CVE-2025-49794 Libxml: heap use after free (uaf) leads to denial of service (dos) 16.06.2025 9.1
CVE-2025-49796 Libxml: type confusion leads to denial of service (dos) 16.06.2025 9.1
CVE-2025-6121 D-Link DIR-632 HTTP POST Request get_pure_content stack-based overflow 16.06.2025 9.3
CVE-2025-6169 HAMASTAR Technology WIMP website co-construction management platform - SQL Injection 16.06.2025 9.3
CVE-2025-6098 UTT 进取 750W API setSysAdm strcpy buffer overflow 16.06.2025 9.3

Latest Updates

CVE Title Updated Score
CVE-2025-6408 Campcodes Online Hospital Management System search.php sql injection 21.06.2025
CVE-2025-6407 Campcodes Online Hospital Management System user-login.php sql injection 21.06.2025
CVE-2025-6406 Campcodes Online Hospital Management System forgot-password.php sql injection 21.06.2025
CVE-2025-6405 Campcodes Online Teacher Record Management System edit-teacher-detail.php sql injection 21.06.2025
CVE-2025-36016 IBM Process Mining HTTP open redirect 21.06.2025 6.8
CVE-2025-3221 IBM InfoSphere Information Server denial of service 21.06.2025 7.5
CVE-2025-3629 IBM InfoSphere Information Server file manipulation 21.06.2025 4.3
CVE-2025-6404 Campcodes Online Teacher Record Management System search.php sql injection 21.06.2025
CVE-2025-5289 3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters 21.06.2025 6.4
CVE-2025-6403 code-projects School Fees Payment System student.php sql injection 21.06.2025
CVE-2025-6402 TOTOLINK X15 HTTP POST Request formIpv6Setup buffer overflow 21.06.2025
CVE-2025-5143 TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode 21.06.2025 6.4
CVE-2025-6401 TOTOLINK N300RH HTTP POST Message formFilter denial of service 21.06.2025
CVE-2025-5034 WP File Download < 6.2.6 - Reflected XSS 21.06.2025
CVE-2025-6400 TOTOLINK N300RH HTTP POST Message formPortFw buffer overflow 21.06.2025
CVE-2025-6399 TOTOLINK X15 HTTP POST Request formIPv6Addr buffer overflow 21.06.2025
CVE-2025-52485 DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed 21.06.2025
CVE-2025-52486 DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects 21.06.2025
CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters 21.06.2025
CVE-2025-52488 DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input 21.06.2025 8.6
CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS 21.06.2025
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures 21.06.2025
CVE-2025-52557 Mail-0 Zero Session Hijacking Via Email 21.06.2025
CVE-2025-6394 code-projects Simple Online Hotel Reservation System add_reserve.php sql injection 21.06.2025
CVE-2025-6393 TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request formIPv6Addr buffer overflow 21.06.2025
CVE-2025-6375 poco MultipartReader.cpp MultipartInputStream null pointer dereference 21.06.2025