CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-25513
9.8 CRITICAL

Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.

Feb 24, 2025
CVE-2025-27364
10.0 CRITICAL

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of …

Feb 24, 2025
CVE-2024-54820
9.8 CRITICAL

XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all …

Feb 24, 2025
CVE-2025-26201
9.1 CRITICAL

Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

Feb 24, 2025
CVE-2024-56897
9.8 CRITICAL

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be …

Feb 24, 2025
CVE-2025-25279
9.9 CRITICAL

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows …

Feb 24, 2025
CVE-2025-24490
9.6 CRITICAL

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards …

Feb 24, 2025
CVE-2025-20051
9.9 CRITICAL

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, …

Feb 24, 2025
CVE-2025-26776
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty …

Feb 22, 2025
CVE-2025-26763
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through <= …

Feb 22, 2025
CVE-2025-27105
9.1 CRITICAL

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, …

Feb 21, 2025
CVE-2025-26014
9.8 CRITICAL

A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.

Feb 21, 2025
CVE-2025-0838
9.8 CRITICAL

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on …

Feb 21, 2025
CVE-2025-25678
9.8 CRITICAL

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.

Feb 20, 2025
CVE-2025-25676
9.8 CRITICAL

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.

Feb 20, 2025
CVE-2025-25675
9.8 CRITICAL

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request …

Feb 20, 2025
CVE-2025-25674
9.8 CRITICAL

Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.

Feb 20, 2025
CVE-2025-25668
9.8 CRITICAL

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.

Feb 20, 2025
CVE-2025-25667
9.8 CRITICAL

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.

Feb 20, 2025
CVE-2025-25664
9.8 CRITICAL

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.

Feb 20, 2025
CVE-2025-25663
9.8 CRITICAL

A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to …

Feb 20, 2025
CVE-2025-25662
9.8 CRITICAL

Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.

Feb 20, 2025
CVE-2024-54756
9.8 CRITICAL

A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted …

Feb 20, 2025
CVE-2025-24893
9.8 CRITICAL KEV

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution …

Feb 20, 2025
CVE-2025-1265
9.9 CRITICAL

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system.

Feb 20, 2025
CVE-2025-27096
9.8 CRITICAL

WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. …

Feb 20, 2025
CVE-2025-20059
9.1 CRITICAL

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through …

Feb 20, 2025
CVE-2024-57401
9.8 CRITICAL

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function.

Feb 20, 2025
CVE-2024-13789
9.8 CRITICAL

The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from …

Feb 20, 2025
CVE-2024-37361
9.9 CRITICAL

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 …

Feb 20, 2025
CVE-2025-25196
9.8 CRITICAL

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA < v1.8.4 (Helm chart < openfga-0.2.22, docker < …

Feb 19, 2025
CVE-2023-46271
9.8 CRITICAL

Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on …

Feb 19, 2025
CVE-2020-35546
9.1 CRITICAL

Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.

Feb 19, 2025
CVE-2025-25467
9.8 CRITICAL

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file.

Feb 18, 2025
CVE-2025-26617
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26615
10.0 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26613
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the …

Feb 18, 2025
CVE-2025-26612
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26611
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26610
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26609
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26608
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26607
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26606
9.8 CRITICAL

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA …

Feb 18, 2025
CVE-2025-26623
9.8 CRITICAL

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer …

Feb 18, 2025
CVE-2025-22654
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified simplified allows Using Malicious Files.This issue affects Simplified: from n/a through <= 1.0.6.

Feb 18, 2025
CVE-2024-56000
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0.

Feb 18, 2025
CVE-2025-24895
9.1 CRITICAL

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. …

Feb 18, 2025
CVE-2025-24894
9.1 CRITICAL

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider …

Feb 18, 2025
CVE-2024-55460
9.8 CRITICAL

A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code …

Feb 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.