| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-34021 | Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery | E | |
| CVE-2025-34022 | Selea Targa IP OCR-ANPR Camera Path Traversal | E | |
| CVE-2025-34023 | Karel IP Phone IP1211 Path Traversal | E | |
| CVE-2025-34024 | Edimax EW-7438RPn Mini OS Command Injection | E | |
| CVE-2025-34025 | Versa Concerto Insecure Docker Mount Container Escape | E M | |
| CVE-2025-34026 | Versa Concerto Actuator Authentication Bypass Information Leak | E M | |
| CVE-2025-34027 | Versa Concerto Authentication Bypass File Write Remote Code Execution | E M | |
| CVE-2025-34028 | Commvault Command Center Innovation Release Unathenticated Install Package Path Traversal | KEV E | |
| CVE-2025-34029 | Edimax EW-7438RPn Mini OS Command Injection | E | |
| CVE-2025-34030 | sar2html OS Command Injection | E | |
| CVE-2025-34031 | Moodle LMS Jmol Plugin Path Traversal | E | |
| CVE-2025-34032 | Moodle LMS Jmol Plugin Cross-site Scripting (XSS) | E | |
| CVE-2025-34033 | 5VTechnologies Blue Angel Software Suite OS Command Injection | E | |
| CVE-2025-34034 | 5VTechnologies Blue Angel Software Suite Hardcoded Credentials | E | |
| CVE-2025-34035 | EnGenius EnShare IoT Gigabit Cloud Service Command Injection | E | |
| CVE-2025-34036 | Shenzhen TVT CCTV-DVR Command Injection | E | |
| CVE-2025-34037 | Linksys Routers E/WAG/WAP/WES/WET/WRT-Series | E | |
| CVE-2025-34038 | Fanwei e-cology SQL Injection | E | |
| CVE-2025-34039 | Yonyou NC BeanShell Command Injection | E | |
| CVE-2025-34040 | Zhiyuan OA System Path Traversal File Upload | E S | |
| CVE-2025-34041 | Sangfor Endpoint Detection and Response OS Command Injection | S | |
| CVE-2025-34042 | Beward N100 IP Camera Remote Command Execution | E | |
| CVE-2025-34043 | Vacron NVR Remote Command Execution | E | |
| CVE-2025-34044 | WIFISKY 7-Layer Flow Control Router Remote Command Execution | | |
| CVE-2025-34045 | WeiPHP Path Traversal Arbitrary File Read | E | |
| CVE-2025-34046 | Fanwei E-Office Unauthenticated File Upload | E | |
| CVE-2025-34047 | Leadsec VPN Path Traversal Arbitrary File Read | E | |
| CVE-2025-34048 | D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read | E | |
| CVE-2025-34049 | OptiLink ONT1GEW GPON Remote Code Execution | E | |
| CVE-2025-34050 | AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery | E | |
| CVE-2025-34051 | AVTECH DVR Devices Server-Side Request Forgery | E | |
| CVE-2025-34052 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure | E | |
| CVE-2025-34053 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation | E | |
| CVE-2025-34054 | AVTECH DVR Devices Unauthenticated Command Injection | E | |
| CVE-2025-34055 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution | E | |
| CVE-2025-34056 | AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution | E | |
| CVE-2025-34057 | Ruijie NBR Router Administrative Credential Disclosure | E | |
| CVE-2025-34058 | Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read | E | |
| CVE-2025-34059 | Dahua Smart Cloud Gateway Registration Management Platform SQL Injection | E | |
| CVE-2025-34060 | Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery | | |
| CVE-2025-34061 | PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability | E | |
| CVE-2025-34062 | OneLogin AD Connector API Credential and Signing Key Exposure | S | |
| CVE-2025-34063 | OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key | S | |
| CVE-2025-34064 | OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage | S | |
| CVE-2025-34065 | AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path | E | |
| CVE-2025-34066 | AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure | E | |
| CVE-2025-34067 | Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson | E | |
| CVE-2025-34068 | Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters | E | |
| CVE-2025-34069 | GFI Kerio Control GFIAgent Authentication Bypass via Proxy Forwarding | E | |
| CVE-2025-34070 | GFI Kerio Control GFIAgent Missing Authentication on Administrative Interfaces | E | |
| CVE-2025-34071 | GFI Kerio Control Unsigned System Image Upload Root Code Execution | E | |
| CVE-2025-34072 | Anthropic Slack MCP Server Data Exfiltration via Link Unfurling | E | |
| CVE-2025-34073 | stamparm/maltrail <=0.54 Remote Command Execution | E | |
| CVE-2025-34074 | Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write | E | |
| CVE-2025-34075 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initial... | R | |
| CVE-2025-34076 | Microweber CMS Authenticated Local File Inclusion via Backup API | E S | |
| CVE-2025-34077 | WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE | E | |
| CVE-2025-34078 | NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface | E | |
| CVE-2025-34079 | NSClient++ Authenticated Remote Code Execution via ExternalScripts API | E | |
| CVE-2025-34080 | CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting | | |
| CVE-2025-34081 | CONPROSYS HMI System (CHS) < 3.7.7 Exposed PHP Debug Info | | |
| CVE-2025-34082 | IGEL OS Secure Terminal and Secure Shadow Remote Code Execution | E | |
| CVE-2025-34083 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is ... | R | |
| CVE-2025-34084 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is ... | R | |
| CVE-2025-34085 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is ... | R | |
| CVE-2025-34086 | Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename | E S | |
| CVE-2025-34087 | Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution | E S | |
| CVE-2025-34088 | Pandora FMS Authenticated Remote Code Execution via Ping Module | E | |
| CVE-2025-34089 | Remote for Mac Unauthenticated Remote Code Execution via AppleScript Injection | E | |
| CVE-2025-34090 | A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to ... | R | |
| CVE-2025-34091 | A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to... | R | |
| CVE-2025-34092 | A cookie encryption bypass vulnerability exists in Google Chrome’s AppBound mechanism due to weak pa... | R | |
| CVE-2025-34093 | Polycom HDX Series Telnet Command Injection via lan traceroute | E S | |
| CVE-2025-34095 | Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp | E | |
| CVE-2025-34096 | Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp | E | |
| CVE-2025-34097 | ProcessMaker < 3.5.4 Authenticated Plugin Upload RCE | E | |
| CVE-2025-34098 | Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection | E | |
| CVE-2025-34099 | VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password | E | |
| CVE-2025-34100 | BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload | E | |
| CVE-2025-34101 | Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter | E | |
| CVE-2025-34102 | CryptoLog Unauthenticated RCE via SQL Injection and Command Injection | E | |
| CVE-2025-34103 | WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi | E | |
| CVE-2025-34104 | Piwik Authenticated RCE via Custom Plugin Upload | E | |
| CVE-2025-34105 | DiskBoss Enterprise Stack-Based Buffer Overflow RCE | E | |
| CVE-2025-34106 | PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature | E | |
| CVE-2025-34107 | WinaXe 7.7 FTP Client Remote Buffer Overflow | E | |
| CVE-2025-34108 | Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow | E | |
| CVE-2025-34109 | Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation | E S | |
| CVE-2025-34110 | ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure | E S | |
| CVE-2025-34111 | Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE | E S | |
| CVE-2025-34112 | Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE | E | |
| CVE-2025-34113 | Tiki Wiki CMS Authenticated Command Injection in Calendar Module | E S | |
| CVE-2025-34114 | OpenBlow Missing Critical Security Headers | E | |
| CVE-2025-34115 | OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php | E | |
| CVE-2025-34116 | IPFire < 2.19 Core Update 101 proxy.cgi RCE | E S | |
| CVE-2025-34117 | Netcore / Netis Routers RCE via UDP Port 53413 Backdoor | E | |
| CVE-2025-34118 | Linknat VOS Manager Path Traversal File Disclosure | E | |
| CVE-2025-34119 | EasyCafe Server 2.2.14 Remote File Disclosure via Opcode 0x43 | E | |
| CVE-2025-34120 | LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload | E S | |
| CVE-2025-34121 | Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE | E | |
| CVE-2025-34123 | VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File | E | |
| CVE-2025-34124 | Heroes of Might and Magic III .h3m Map File Buffer Overflow | E | |
| CVE-2025-34125 | D-Link DSP-W110A1 Cookie Command Injection | E | |
| CVE-2025-34126 | RIPS Scanner v0.54 Path Traversal | E | |
| CVE-2025-34127 | Achat v0.150 SEH Buffer Overflow via UDP | E | |
| CVE-2025-34128 | X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile() | E | |
| CVE-2025-34129 | LILIN DVR RCE via Malicious FTP/NTP Configuration | S | |
| CVE-2025-34130 | LILIN DVR Arbitrary File Read via net_html.cgi | S | |
| CVE-2025-34132 | LILIN DVR Command Injection via NTPUpdate in dvr_box | S | |
| CVE-2025-34136 | Commvault CommServe Web Server Unauthenticated SQL Injection | S | |
| CVE-2025-34138 | Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE | S | |
| CVE-2025-34139 | Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read | S | |
| CVE-2025-34140 | ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix | S | |
| CVE-2025-34141 | ETQ Reliance CG Reflected Cross-Site Scripting in `SQLConverterServlet` | S | |
| CVE-2025-34142 | ETQ Reliance CG XML External Entity (XXE) Injection in SSO SAML Handler | S | |
| CVE-2025-34143 | ETQ Reliance CG Authentication Bypass via Trailing Space RCE | S | |
| CVE-2025-34146 | nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS | E S | |
| CVE-2025-34147 | Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via SSID | E | |
| CVE-2025-34148 | Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID | E | |
| CVE-2025-34149 | Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key | E | |
| CVE-2025-34150 | Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection | E | |
| CVE-2025-34151 | Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection | E | |
| CVE-2025-34152 | Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter | E | |
| CVE-2025-34153 | Hyland OnBase .NET Remoting TCP Channel Unauthenticated RCE | E S | |
| CVE-2025-34154 | UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read | E S | |
| CVE-2025-34157 | Coolify Stored Cross-Site Scripting (XSS) in Project Name Field | E S | |
| CVE-2025-34158 | Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource tr... | | |
| CVE-2025-34159 | Coolify Docker Compose Directive Injection in Application Deployment Workflow | E S | |
| CVE-2025-34160 | AnyShare ServiceAgent API Unauthenticated RCE | E S | |
| CVE-2025-34161 | Coolify Git Repository Field Command Injection in Project Deployment Workflow | E S | |
| CVE-2025-34162 | Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams | E S | |
| CVE-2025-34163 | Dongsheng Logistics Software Unauthenticated Arbitrary File Upload | E S | |
| CVE-2025-34300 | Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE | E S | |
| CVE-2025-34489 | GFI MailEssentials Local Privilege Escalation | E | |
| CVE-2025-34490 | GFI MailEssentials XXE Vulnerability | E | |
| CVE-2025-34491 | GFI MailEssentials MultiNode Insecure Deserialization | E | |
| CVE-2025-34508 | ZendTo Path Traversal Vulnerability | E S | |
| CVE-2025-34509 | Sitecore XM and XP Hardcoded Credentials | E S | |
| CVE-2025-34510 | Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip | E S | |
| CVE-2025-34511 | Sitecore PowerShell Extension RCE via Unrestricted Upload | E | |
| CVE-2025-34520 | Arcserve UDP < 10.2 Authentication Bypass | S | |
| CVE-2025-34521 | Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS) | S | |
| CVE-2025-34522 | Arcserve UDP < 10.2 Pre-Authentication Heap Overflow | S | |
| CVE-2025-34523 | Arcserve UDP < 10.2 Pre-Authentication Heap Overflow | S |