CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-27638
9.8 CRITICAL

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.

Mar 5, 2025
CVE-2025-24924
9.8 CRITICAL

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

Mar 5, 2025
CVE-2025-23410
9.8 CRITICAL

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal …

Mar 5, 2025
CVE-2025-1316
9.8 CRITICAL KEV

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

Mar 5, 2025
CVE-2025-26319
9.8 CRITICAL

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

Mar 4, 2025
CVE-2025-26136
9.8 CRITICAL

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Mar 4, 2025
CVE-2025-1260
9.1 CRITICAL

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result …

Mar 4, 2025
CVE-2025-27507
9.0 CRITICAL

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow …

Mar 4, 2025
CVE-2024-50707
10.0 CRITICAL

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET …

Mar 4, 2025
CVE-2024-50704
10.0 CRITICAL

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.

Mar 4, 2025
CVE-2024-50706
9.8 CRITICAL

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.

Mar 4, 2025
CVE-2025-1942
9.8 CRITICAL

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed …

Mar 4, 2025
CVE-2025-1941
9.1 CRITICAL

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was …

Mar 4, 2025
CVE-2025-22224
9.3 CRITICAL KEV

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a …

Mar 4, 2025
CVE-2025-1307
9.8 CRITICAL

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up …

Mar 4, 2025
CVE-2025-0912
9.8 CRITICAL

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input …

Mar 4, 2025
CVE-2025-26206
9.0 CRITICAL

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component

Mar 3, 2025
CVE-2025-1889
9.8 CRITICAL

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses …

Mar 3, 2025
CVE-2024-55532
9.8 CRITICAL

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version …

Mar 3, 2025
CVE-2024-8262
9.8 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.This issue affects OBS: before 24.0927.

Mar 3, 2025
CVE-2025-27270
9.8 CRITICAL

Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4.

Mar 3, 2025
CVE-2025-27268
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows SQL …

Mar 3, 2025
CVE-2025-26988
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue …

Mar 3, 2025
CVE-2025-26970
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a …

Mar 3, 2025
CVE-2025-26535
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Blind …

Mar 3, 2025
CVE-2025-25150
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from …

Mar 3, 2025
CVE-2024-47092
9.8 CRITICAL

Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1

Mar 3, 2025
CVE-2025-1875
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.

Mar 3, 2025
CVE-2025-1874
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.

Mar 3, 2025
CVE-2025-1873
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.

Mar 3, 2025
CVE-2025-1872
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php.

Mar 3, 2025
CVE-2025-1871
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.

Mar 3, 2025
CVE-2025-1870
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php.

Mar 3, 2025
CVE-2025-1869
9.8 CRITICAL

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php.

Mar 3, 2025
CVE-2025-1864
9.8 CRITICAL

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

Mar 3, 2025
CVE-2025-27590
9.0 CRITICAL

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is …

Mar 3, 2025
CVE-2025-20646
9.8 CRITICAL

In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege …

Mar 3, 2025
CVE-2025-27583
9.1 CRITICAL

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, …

Mar 3, 2025
CVE-2025-25948
9.1 CRITICAL

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, …

Mar 3, 2025
CVE-2025-1671
9.8 CRITICAL

The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() …

Mar 1, 2025
CVE-2025-1638
9.8 CRITICAL

The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin …

Mar 1, 2025
CVE-2025-1564
9.8 CRITICAL

The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly …

Mar 1, 2025
CVE-2024-12824
9.8 CRITICAL

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …

Mar 1, 2025
CVE-2025-27554
9.9 CRITICAL

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read …

Mar 1, 2025
CVE-2025-23116
9.6 CRITICAL

An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent …

Mar 1, 2025
CVE-2025-23115
9.0 CRITICAL

A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect …

Mar 1, 2025
CVE-2025-25379
9.6 CRITICAL

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.

Feb 28, 2025
CVE-2024-1509
9.1 CRITICAL

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured …

Feb 28, 2025
CVE-2025-0159
9.1 CRITICAL

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 …

Feb 28, 2025
CVE-2024-9193
9.8 CRITICAL

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via …

Feb 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.