CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-6693	High	72.2%	FortinetFortiOS	Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.	Jun 25, 2025	KEV
CVE-2024-54085	High	8.2%	AMIMegaRAC SPx	AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.	Jun 25, 2025	KEV
CVE-2023-0386	High	59.2%	LinuxKernel	Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.	Jun 17, 2025	KEV
CVE-2023-33538	High	91.3%	TP-LinkMultiple Routers	TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Jun 16, 2025	KEV
CVE-2025-43200	High	0.4%	AppleMultiple Products	Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.	Jun 16, 2025	KEV
CVE-2025-33053	High	48.5%	MicrosoftWindows	Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.	Jun 10, 2025	KEV
CVE-2025-24016	High	93.4%	WazuhWazuh Server	Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.	Jun 10, 2025	KEV
CVE-2024-42009	High	91.2%	RoundcubeWebmail	RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.	Jun 9, 2025	KEV
CVE-2025-32433	High	50.3%	ErlangErlang/OTP	Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.	Jun 9, 2025	KEV
CVE-2025-5419	High	3.0%	GoogleChromium V8	Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Jun 5, 2025	KEV
CVE-2025-21479	High	0.1%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.	Jun 3, 2025	KEV
CVE-2025-27038	High	1.1%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.	Jun 3, 2025	KEV
CVE-2025-21480	High	1.5%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.	Jun 3, 2025	KEV
CVE-2025-35939	High	30.1%	Craft CMSCraft CMS	Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.	Jun 2, 2025	KEV
CVE-2023-39780	High	42.7%	ASUSRT-AX55 Routers	ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.	Jun 2, 2025	KEV
CVE-2024-56145	High	93.8%	Craft CMSCraft CMS	Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.	Jun 2, 2025	KEV
CVE-2025-3935(1)	High	15.5%	ConnectWiseScreenConnect	ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.	Jun 2, 2025	KEV
CVE-2021-32030	High	94.2%	ASUSRouters	ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Jun 2, 2025	KEV
CVE-2025-4632	High	49.2%	SamsungMagicINFO 9 Server	Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.	May 22, 2025	KEV
CVE-2024-27443	High	32.4%	SynacorZimbra Collaboration Suite (ZCS)	Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.	May 19, 2025	KEV

CVE-2019-6693KEV

High

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.

FortinetEPSS 72.2%

CVE-2024-54085KEV

High

AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

AMIEPSS 8.2%

CVE-2023-0386KEV

High

Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

LinuxEPSS 59.2%

CVE-2023-33538KEV

High

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 91.3%

CVE-2025-43200KEV

High

Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.

AppleEPSS 0.4%

CVE-2025-33053KEV

High

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.

MicrosoftEPSS 48.5%

CVE-2025-24016KEV

High

Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.

WazuhEPSS 93.4%

CVE-2024-42009KEV

High

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

RoundcubeEPSS 91.2%

CVE-2025-32433KEV

High

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including—but not limited to—Cisco, NetApp, and SUSE.

ErlangEPSS 50.3%

CVE-2025-5419KEV

High

Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 3.0%

CVE-2025-21479KEV

High

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

QualcommEPSS 0.1%

CVE-2025-27038KEV

High

Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.

Craft CMSEPSS 30.1%

CVE-2023-39780KEV

High

ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.

ASUSEPSS 42.7%

CVE-2024-56145KEV

High

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

Craft CMSEPSS 93.8%

CVE-2025-3935KEV

High

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

ConnectWiseEPSS 15.5%

CVE-2021-32030KEV

High

ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

ASUSEPSS 94.2%

CVE-2025-4632KEV

High

Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

SamsungEPSS 49.2%

CVE-2024-27443KEV

High

Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.

SynacorEPSS 32.4%

9 10 11 12 13 14 15