CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-39327
9.9 CRITICAL

Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way.

Feb 18, 2025
CVE-2024-57049
9.8 CRITICAL

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under …

Feb 18, 2025
CVE-2024-57045
9.8 CRITICAL

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain …

Feb 18, 2025
CVE-2025-1023
9.8 CRITICAL

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability …

Feb 18, 2025
CVE-2024-12860
9.8 CRITICAL

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …

Feb 18, 2025
CVE-2024-13725
9.8 CRITICAL

The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service …

Feb 18, 2025
CVE-2025-25222
9.8 CRITICAL

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability …

Feb 18, 2025
CVE-2025-25221
9.8 CRITICAL

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability …

Feb 18, 2025
CVE-2021-46686
9.8 CRITICAL

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 …

Feb 18, 2025
CVE-2025-1387
9.8 CRITICAL

Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.

Feb 17, 2025
CVE-2025-22290
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows SQL Injection.This …

Feb 16, 2025
CVE-2024-57971
9.1 CRITICAL

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI …

Feb 16, 2025
CVE-2024-12562
9.8 CRITICAL

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input …

Feb 15, 2025
CVE-2024-13513
9.8 CRITICAL

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and …

Feb 15, 2025
CVE-2025-1302
9.8 CRITICAL

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code …

Feb 15, 2025
CVE-2024-4282
9.8 CRITICAL

Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.

Feb 15, 2025
CVE-2025-26508
9.8 CRITICAL

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when …

Feb 14, 2025
CVE-2025-26507
9.8 CRITICAL

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when …

Feb 14, 2025
CVE-2025-26506
9.8 CRITICAL

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when …

Feb 14, 2025
CVE-2024-56973
9.8 CRITICAL

Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename …

Feb 14, 2025
CVE-2024-56180
9.8 CRITICAL

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers …

Feb 14, 2025
CVE-2025-0867
9.9 CRITICAL

The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its …

Feb 14, 2025
CVE-2024-13152
10.0 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue …

Feb 14, 2025
CVE-2024-52577
9.0 CRITICAL

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if …

Feb 14, 2025
CVE-2025-1298
9.8 CRITICAL

Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.

Feb 14, 2025
CVE-2025-22630
9.9 CRITICAL

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Marketing Fire Widget Options widget-options allows OS Command Injection.This issue affects Widget …

Feb 14, 2025
CVE-2025-25067
9.8 CRITICAL

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.

Feb 13, 2025
CVE-2025-24865
10.0 CRITICAL

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload …

Feb 13, 2025
CVE-2025-1283
9.8 CRITICAL

The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.

Feb 13, 2025
CVE-2023-34399
9.8 CRITICAL

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The …

Feb 13, 2025
CVE-2025-1127
9.1 CRITICAL

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the …

Feb 13, 2025
CVE-2025-25389
9.8 CRITICAL

A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno …

Feb 13, 2025
CVE-2025-25388
9.8 CRITICAL

A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid …

Feb 13, 2025
CVE-2025-1270
9.1 CRITICAL

Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and …

Feb 13, 2025
CVE-2024-13182
9.8 CRITICAL

The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect …

Feb 13, 2025
CVE-2024-10763
9.8 CRITICAL

The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes …

Feb 13, 2025
CVE-2025-0896
9.8 CRITICAL

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by …

Feb 13, 2025
CVE-2025-25286
9.8 CRITICAL

Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution …

Feb 13, 2025
CVE-2024-7102
9.6 CRITICAL

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as …

Feb 13, 2025
CVE-2024-57604
9.8 CRITICAL

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.

Feb 12, 2025
CVE-2024-57602
9.8 CRITICAL

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.

Feb 12, 2025
CVE-2022-31631
9.1 CRITICAL

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly …

Feb 12, 2025
CVE-2025-0108
9.1 CRITICAL KEV

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the …

Feb 12, 2025
CVE-2025-25343
9.8 CRITICAL

Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.

Feb 12, 2025
CVE-2025-25746
9.8 CRITICAL

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.

Feb 12, 2025
CVE-2025-25744
9.8 CRITICAL

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.

Feb 12, 2025
CVE-2025-25742
9.8 CRITICAL

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.

Feb 12, 2025
CVE-2025-25182
9.4 CRITICAL

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 …

Feb 12, 2025
CVE-2025-25351
9.8 CRITICAL

PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.

Feb 12, 2025
CVE-2025-25349
9.8 CRITICAL

PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.

Feb 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.