CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-8875
7.8 HIGH KEV

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Aug 14, 2025
CVE-2025-8088
8.8 HIGH KEV

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was …

Aug 8, 2025
CVE-2025-54253
10.0 CRITICAL KEV

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this …

Aug 5, 2025
CVE-2025-54948
9.4 CRITICAL KEV

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected …

Aug 5, 2025
CVE-2025-6205
9.1 CRITICAL KEV

A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

Aug 4, 2025
CVE-2025-6204
8.0 HIGH KEV

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute …

Aug 4, 2025
CVE-2025-31277
8.8 HIGH KEV

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, …

Jul 30, 2025
CVE-2025-38352
7.4 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed …

Jul 22, 2025
CVE-2025-53770
9.8 CRITICAL KEV

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit …

Jul 20, 2025
CVE-2025-54313
7.5 HIGH KEV

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches …

Jul 19, 2025
CVE-2025-54309
9.0 CRITICAL KEV

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to …

Jul 18, 2025
CVE-2025-54068
9.8 CRITICAL KEV

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution …

Jul 17, 2025
CVE-2025-25257
9.8 CRITICAL KEV

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through …

Jul 17, 2025
CVE-2025-20337
10.0 CRITICAL KEV

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying …

Jul 16, 2025
CVE-2025-6558
8.8 HIGH KEV

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape …

Jul 15, 2025
CVE-2025-47813
4.3 MEDIUM KEV

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

Jul 10, 2025
CVE-2025-47812
10.0 CRITICAL KEV

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session …

Jul 10, 2025
CVE-2025-48384
8.0 HIGH KEV

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. …

Jul 8, 2025
CVE-2025-49706
6.5 MEDIUM KEV

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Jul 8, 2025
CVE-2025-49704
8.8 HIGH KEV

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Jul 8, 2025
CVE-2025-6554
8.1 HIGH KEV

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security …

Jun 30, 2025
CVE-2025-32463
9.3 CRITICAL KEV

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Jun 30, 2025
CVE-2025-20281
10.0 CRITICAL KEV

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying …

Jun 25, 2025
CVE-2025-6543
9.8 CRITICAL KEV

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, …

Jun 25, 2025
CVE-2025-32975
10.0 CRITICAL KEV

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch …

Jun 24, 2025
CVE-2025-48700
6.1 MEDIUM KEV

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI …

Jun 23, 2025
CVE-2025-6218
7.8 HIGH KEV

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction …

Jun 21, 2025
CVE-2025-5777
7.5 HIGH KEV

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA …

Jun 17, 2025
CVE-2025-43200
4.2 MEDIUM KEV

This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and …

Jun 16, 2025
CVE-2025-33073
8.8 HIGH KEV

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Jun 10, 2025
CVE-2025-33053
8.8 HIGH KEV

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

Jun 10, 2025
CVE-2025-47827
4.6 MEDIUM KEV

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can …

Jun 5, 2025
CVE-2025-21479
8.6 HIGH KEV

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Jun 3, 2025
CVE-2025-27038
7.5 HIGH KEV

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Jun 3, 2025
CVE-2025-21480
8.6 HIGH KEV

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Jun 3, 2025
CVE-2025-5419
8.8 HIGH KEV

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a …

Jun 3, 2025
CVE-2025-5086
9.0 CRITICAL KEV

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

Jun 2, 2025
CVE-2025-49113
9.9 CRITICAL KEV

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated …

Jun 2, 2025
CVE-2025-48928
4.0 MEDIUM KEV

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which …

May 28, 2025
CVE-2025-48927
5.3 MEDIUM KEV

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in …

May 28, 2025
CVE-2025-34026
7.5 HIGH KEV

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. …

May 21, 2025
CVE-2025-4008
8.8 HIGH KEV

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI …

May 21, 2025
CVE-2025-32709
7.8 HIGH KEV

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-32706
7.8 HIGH KEV

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-32701
7.8 HIGH KEV

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-30400
7.8 HIGH KEV

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

May 13, 2025
CVE-2025-30397
7.5 HIGH KEV

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

May 13, 2025
CVE-2025-4428
7.2 HIGH KEV

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via …

May 13, 2025
CVE-2025-4427
5.3 MEDIUM KEV

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via …

May 13, 2025
CVE-2025-32756
9.8 CRITICAL KEV

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, …

May 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.