CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-24989
8.2 HIGH KEV

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This …

Feb 19, 2025
CVE-2025-0111
6.5 MEDIUM KEV

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to …

Feb 12, 2025
CVE-2025-0108
9.1 CRITICAL KEV

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the …

Feb 12, 2025
CVE-2025-21418
7.8 HIGH KEV

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-21391
7.1 HIGH KEV

Windows Storage Elevation of Privilege Vulnerability

Feb 11, 2025
CVE-2025-24472
8.1 HIGH KEV

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may …

Feb 11, 2025
CVE-2025-24016
9.9 CRITICAL KEV

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an …

Feb 10, 2025
CVE-2025-24200
6.1 MEDIUM KEV

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS …

Feb 10, 2025
CVE-2025-0994
8.8 HIGH KEV

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an …

Feb 6, 2025
CVE-2024-40891
8.8 HIGH KEV

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an …

Feb 4, 2025
CVE-2024-40890
8.8 HIGH KEV

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an …

Feb 4, 2025
CVE-2023-52163
8.8 HIGH KEV

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Feb 3, 2025
CVE-2025-25181
5.8 MEDIUM KEV

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

Feb 3, 2025
CVE-2024-57968
9.9 CRITICAL KEV

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). …

Feb 3, 2025
CVE-2025-24085
10.0 CRITICAL KEV

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia …

Jan 27, 2025
CVE-2025-0411
7.0 HIGH KEV

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to …

Jan 25, 2025
CVE-2025-23006
9.8 CRITICAL KEV

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions …

Jan 23, 2025
CVE-2025-23209
8.0 HIGH KEV

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that …

Jan 18, 2025
CVE-2024-57728
7.2 HIGH KEV

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file …

Jan 15, 2025
CVE-2024-57727
7.5 HIGH KEV

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the …

Jan 15, 2025
CVE-2024-57726
9.9 CRITICAL KEV

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can …

Jan 15, 2025
CVE-2025-21335
7.8 HIGH KEV

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Jan 14, 2025
CVE-2025-21334
7.8 HIGH KEV

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Jan 14, 2025
CVE-2025-21333
7.8 HIGH KEV

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Jan 14, 2025
CVE-2024-13161
9.8 CRITICAL KEV

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-13160
9.8 CRITICAL KEV

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-13159
9.8 CRITICAL KEV

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak …

Jan 14, 2025
CVE-2024-55591
9.8 CRITICAL KEV

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 …

Jan 14, 2025
CVE-2024-53704
9.8 CRITICAL KEV

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Jan 9, 2025
CVE-2025-0282
9.0 CRITICAL KEV

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version …

Jan 8, 2025
CVE-2024-50603
10.0 CRITICAL KEV

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS …

Jan 8, 2025
CVE-2024-12987
7.3 HIGH KEV

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of …

Dec 27, 2024
CVE-2024-53197
7.8 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can …

Dec 27, 2024
CVE-2024-3393
7.5 HIGH KEV

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet …

Dec 27, 2024
CVE-2024-53150
7.1 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver …

Dec 24, 2024
CVE-2024-56145
9.8 CRITICAL KEV

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability …

Dec 18, 2024
CVE-2024-12686
6.6 MEDIUM KEV

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject …

Dec 18, 2024
CVE-2024-12356
9.8 CRITICAL KEV

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands …

Dec 17, 2024
CVE-2024-55956
9.8 CRITICAL KEV

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on …

Dec 13, 2024
CVE-2024-49138
7.8 HIGH KEV

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Dec 12, 2024
CVE-2024-55550
2.7 LOW KEV

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A …

Dec 10, 2024
CVE-2024-53104
7.8 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out …

Dec 2, 2024
CVE-2024-11667
7.5 HIGH KEV

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through …

Nov 27, 2024
CVE-2024-49035
8.7 HIGH KEV

An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

Nov 26, 2024
CVE-2024-11680
9.8 CRITICAL KEV

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to …

Nov 26, 2024
CVE-2024-44309
6.3 MEDIUM KEV

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and …

Nov 20, 2024
CVE-2024-44308
8.8 HIGH KEV

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS …

Nov 20, 2024
CVE-2024-50302
5.5 MEDIUM KEV

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds …

Nov 19, 2024
CVE-2024-21287
7.5 HIGH KEV

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is …

Nov 18, 2024
CVE-2024-9474
7.2 HIGH KEV

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on …

Nov 18, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.