| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-34021 | Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery | E | |
| CVE-2025-34022 | Selea Targa IP OCR-ANPR Camera Path Traversal | E | |
| CVE-2025-34023 | Karel IP Phone IP1211 Path Traversal | E | |
| CVE-2025-34024 | Edimax EW-7438RPn Mini OS Command Injection | E | |
| CVE-2025-34025 | Versa Concerto Insecure Docker Mount Container Escape | E M | |
| CVE-2025-34026 | Versa Concerto Actuator Authentication Bypass Information Leak | E M | |
| CVE-2025-34027 | Versa Concerto Authentication Bypass File Write Remote Code Execution | E M | |
| CVE-2025-34028 | Commvault Command Center Innovation Release Unathenticated Install Package Path Traversal | KEV E | |
| CVE-2025-34029 | Edimax EW-7438RPn Mini OS Command Injection | E | |
| CVE-2025-34030 | sar2html OS Command Injection | E | |
| CVE-2025-34031 | Moodle LMS Jmol Plugin Path Traversal | E | |
| CVE-2025-34032 | Moodle LMS Jmol Plugin Cross-site Scripting (XSS) | E | |
| CVE-2025-34033 | 5VTechnologies Blue Angel Software Suite OS Command Injection | E | |
| CVE-2025-34034 | 5VTechnologies Blue Angel Software Suite Hardcoded Credentials | E | |
| CVE-2025-34035 | EnGenius EnShare IoT Gigabit Cloud Service Command Injection | E | |
| CVE-2025-34036 | Shenzhen TVT CCTV-DVR Command Injection | E | |
| CVE-2025-34037 | Linksys Routers E/WAG/WAP/WES/WET/WRT-Series | E | |
| CVE-2025-34038 | Fanwei e-cology SQL Injection | E | |
| CVE-2025-34039 | Yonyou NC BeanShell Command Injection | E | |
| CVE-2025-34040 | Zhiyuan OA System Path Traversal File Upload | E S | |
| CVE-2025-34041 | Sangfor Endpoint Detection and Response OS Command Injection | S | |
| CVE-2025-34042 | Beward N100 IP Camera Remote Command Execution | E | |
| CVE-2025-34043 | Vacron NVR Remote Command Execution | E | |
| CVE-2025-34044 | WIFISKY 7-Layer Flow Control Router Remote Command Execution | | |
| CVE-2025-34045 | WeiPHP Path Traversal Arbitrary File Read | E | |
| CVE-2025-34046 | Fanwei E-Office Unauthenticated File Upload | E | |
| CVE-2025-34047 | Leadsec VPN Path Traversal Arbitrary File Read | E | |
| CVE-2025-34048 | D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read | E | |
| CVE-2025-34049 | OptiLink ONT1GEW GPON Remote Code Execution | E | |
| CVE-2025-34050 | AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery | E | |
| CVE-2025-34051 | AVTECH DVR Devices Server-Side Request Forgery | E | |
| CVE-2025-34052 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure | E | |
| CVE-2025-34053 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation | E | |
| CVE-2025-34054 | AVTECH DVR Devices Unauthenticated Command Injection | E | |
| CVE-2025-34055 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution | E | |
| CVE-2025-34056 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution | E | |
| CVE-2025-34057 | Ruijie NBR Router Administrative Credential Disclosure | E | |
| CVE-2025-34058 | Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read | E | |
| CVE-2025-34059 | Dahua Smart Cloud Gateway Registration Management Platform SQL Injection | E | |
| CVE-2025-34060 | Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery | | |
| CVE-2025-34061 | PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability | E | |
| CVE-2025-34062 | OneLogin AD Connector API Credential and Signing Key Exposure | S | |
| CVE-2025-34063 | OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key | S | |
| CVE-2025-34064 | OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage | S | |
| CVE-2025-34065 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path | E | |
| CVE-2025-34066 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure | E | |
| CVE-2025-34067 | Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson | E | |
| CVE-2025-34069 | GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding | E | |
| CVE-2025-34070 | GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces | E | |
| CVE-2025-34071 | GFI Kerio Control Unsigned System Image Upload Root Code Execution | E | |
| CVE-2025-34072 | Anthropic Slack MCP Server Data Exfiltration via Link Unfurling | E | |
| CVE-2025-34073 | stamparm/maltrail <=0.54 Remote Command Execution | E | |
| CVE-2025-34074 | Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write | E | |
| CVE-2025-34075 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-34076 | Microweber CMS Authenticated Local File Inclusion via Backup API | E S | |
| CVE-2025-34077 | WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE | E | |
| CVE-2025-34078 | NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface | E | |
| CVE-2025-34079 | NSClient++ Authenticated Remote Code Execution via ExternalScripts API | E | |
| CVE-2025-34080 | CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting | | |
| CVE-2025-34081 | CONPROSYS HMI System (CHS) < 3.7.7 Exposed PHP Debug Info | | |
| CVE-2025-34082 | IGEL OS Secure Terminal and Secure Shadow Remote Code Execution | E | |
| CVE-2025-34083 | WordPress AIT CSV Import/Export Plugin ≤ 3.0.3 Unauthenticated RCE | E | |
| CVE-2025-34084 | WordPress Total Upkeep (BoldGrid Backup) Plugin < 1.14.10 Unauthenticated Backup Disclosure | E S | |
| CVE-2025-34085 | WordPress Simple File List Plugin < 4.2.3 Unauthenticated Remote Code Execution | E S | |
| CVE-2025-34086 | Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename | E S | |
| CVE-2025-34087 | Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution | E S | |
| CVE-2025-34088 | Pandora FMS Authenticated Remote Code Execution via Ping Module | E | |
| CVE-2025-34089 | Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection | E | |
| CVE-2025-34090 | Google Chrome AppBound Cookie Encryption Bypass via COM Hijacking | | |
| CVE-2025-34091 | Chrome Cookie Encryption Bypass via Padding Oracle Attack on AppBound Encryption | | |
| CVE-2025-34092 | Chrome Cookie Key Exposure via AppBound COM Path Validation Weakness | | |
| CVE-2025-34093 | Polycom HDX Series Telnet Command Injection via lan traceroute | E S | |
| CVE-2025-34095 | Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp | E | |
| CVE-2025-34096 | Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp | E | |
| CVE-2025-34097 | ProcessMaker < 3.5.4 Authenticated Plugin Upload RCE | E | |
| CVE-2025-34098 | Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection | E | |
| CVE-2025-34099 | VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password | E | |
| CVE-2025-34100 | BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload | E | |
| CVE-2025-34101 | Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter | E | |
| CVE-2025-34102 | CryptoLog Unauthenticated RCE via SQL Injection and Command Injection | E | |
| CVE-2025-34489 | GFI MailEssentials Local Privilege Escalation | E | |
| CVE-2025-34490 | GFI MailEssentials XXE Vulnerability | E | |
| CVE-2025-34491 | GFI MailEssentials MultiNode Insecure Deserialization | E | |
| CVE-2025-34508 | ZendTo Path Traversal Vulnerability | E S | |
| CVE-2025-34509 | Sitecore XM and XP Hardcoded Credentials | E S | |
| CVE-2025-34510 | Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip | E S | |
| CVE-2025-34511 | Sitecore PowerShell Extension RCE via Unrestricted Upload | E |