CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14611
9.8 CRITICAL KEV

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints …

Dec 12, 2025
CVE-2025-14174
8.8 HIGH KEV

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory …

Dec 12, 2025
CVE-2025-8110
8.8 HIGH KEV

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Dec 10, 2025
CVE-2025-62221
7.8 HIGH KEV

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-59718
9.8 CRITICAL KEV

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, …

Dec 9, 2025
CVE-2025-48633
5.5 MEDIUM KEV

In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48572
7.8 HIGH KEV

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation …

Dec 8, 2025
CVE-2025-34291
8.8 HIGH KEV

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' …

Dec 5, 2025
CVE-2025-66644
7.2 HIGH KEV

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

Dec 5, 2025
CVE-2025-55182
10.0 CRITICAL KEV

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. …

Dec 3, 2025
CVE-2025-58360
8.2 HIGH KEV

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an …

Nov 25, 2025
CVE-2025-58034
7.2 HIGH KEV

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 …

Nov 18, 2025
CVE-2025-13223
8.8 HIGH KEV

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 17, 2025
CVE-2025-64446
9.8 CRITICAL KEV

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 …

Nov 14, 2025
CVE-2025-62215
7.0 HIGH KEV

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Nov 11, 2025
CVE-2025-60710
7.8 HIGH KEV

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Nov 11, 2025
CVE-2025-12480
9.1 CRITICAL KEV

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Nov 10, 2025
CVE-2025-64328
7.2 HIGH KEV

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the …

Nov 7, 2025
CVE-2023-43000
8.8 HIGH KEV

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS …

Nov 5, 2025
CVE-2025-11953
9.8 CRITICAL KEV

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that …

Nov 3, 2025
CVE-2025-61757
9.8 CRITICAL KEV

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability …

Oct 21, 2025
CVE-2025-61932
9.8 CRITICAL KEV

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code …

Oct 20, 2025
CVE-2025-53521
9.8 CRITICAL KEV

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions …

Oct 15, 2025
CVE-2025-59287
9.8 CRITICAL KEV

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Oct 14, 2025
CVE-2025-59230
7.8 HIGH KEV

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Oct 14, 2025
CVE-2025-24990
7.8 HIGH KEV

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of …

Oct 14, 2025
CVE-2025-61884
7.5 HIGH KEV

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated …

Oct 12, 2025
CVE-2025-11371
7.5 HIGH KEV

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system …

Oct 9, 2025
CVE-2025-61882
9.8 CRITICAL KEV

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability …

Oct 5, 2025
CVE-2025-41244
7.8 HIGH KEV

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with …

Sep 29, 2025
CVE-2025-20362
6.5 MEDIUM KEV

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software …

Sep 25, 2025
CVE-2025-20333
9.9 CRITICAL KEV

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could …

Sep 25, 2025
CVE-2025-20352
7.7 HIGH KEV

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, …

Sep 24, 2025
CVE-2025-10585
9.8 CRITICAL KEV

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Sep 24, 2025
CVE-2025-26399
9.8 CRITICAL KEV

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker …

Sep 23, 2025
CVE-2025-59689
6.1 MEDIUM KEV

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. …

Sep 19, 2025
CVE-2025-48703
9.0 CRITICAL KEV

CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a …

Sep 19, 2025
CVE-2025-10035
10.0 CRITICAL KEV

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary …

Sep 18, 2025
CVE-2025-9242
9.8 CRITICAL KEV

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User …

Sep 17, 2025
CVE-2025-21043
8.8 HIGH KEV

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Sep 12, 2025
CVE-2025-21042
8.8 HIGH KEV

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Sep 12, 2025
CVE-2025-54236
9.1 CRITICAL KEV

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this …

Sep 9, 2025
CVE-2025-48543
8.8 HIGH KEV

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead …

Sep 4, 2025
CVE-2025-53690
9.0 CRITICAL KEV

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience …

Sep 3, 2025
CVE-2025-9377
7.2 HIGH KEV

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer …

Aug 29, 2025
CVE-2025-55177
5.4 MEDIUM KEV

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could …

Aug 29, 2025
CVE-2025-57819
9.8 CRITICAL KEV

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access …

Aug 28, 2025
CVE-2025-7775
9.8 CRITICAL KEV

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN …

Aug 26, 2025
CVE-2025-43300
10.0 CRITICAL KEV

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, …

Aug 21, 2025
CVE-2025-8876
8.8 HIGH KEV

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Aug 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.