CVE Database

9262+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-13742
9.8 CRITICAL

The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via …

Jan 30, 2025
CVE-2024-12822
9.8 CRITICAL

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing …

Jan 30, 2025
CVE-2025-21415
9.9 CRITICAL

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

Jan 29, 2025
CVE-2024-57665
9.8 CRITICAL

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly …

Jan 29, 2025
CVE-2025-0851
9.8 CRITICAL

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary …

Jan 29, 2025
CVE-2024-57395
9.8 CRITICAL

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the …

Jan 29, 2025
CVE-2024-54852
9.8 CRITICAL

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due …

Jan 29, 2025
CVE-2025-20061
9.8 CRITICAL

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to …

Jan 29, 2025
CVE-2025-20014
9.8 CRITICAL

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to …

Jan 29, 2025
CVE-2024-48852
9.4 CRITICAL

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through …

Jan 29, 2025
CVE-2024-48849
9.4 CRITICAL

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.

Jan 29, 2025
CVE-2025-23211
9.9 CRITICAL

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on …

Jan 28, 2025
CVE-2025-23045
9.8 CRITICAL

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT …

Jan 28, 2025
CVE-2024-13448
9.8 CRITICAL

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions …

Jan 28, 2025
CVE-2024-12649
9.8 CRITICAL

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to …

Jan 28, 2025
CVE-2024-12648
9.8 CRITICAL

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment …

Jan 28, 2025
CVE-2024-12647
9.8 CRITICAL

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to …

Jan 28, 2025
CVE-2022-3365
9.8 CRITICAL

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a …

Jan 28, 2025
CVE-2024-57548
9.1 CRITICAL

CMSimple 5.16 allows the user to edit log.php file via print page.

Jan 27, 2025
CVE-2024-57052
9.8 CRITICAL

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.

Jan 27, 2025
CVE-2025-24154
9.1 CRITICAL

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, …

Jan 27, 2025
CVE-2025-24146
9.8 CRITICAL

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. Deleting …

Jan 27, 2025
CVE-2025-24102
9.8 CRITICAL

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app …

Jan 27, 2025
CVE-2025-24093
9.8 CRITICAL

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may …

Jan 27, 2025
CVE-2025-24085
10.0 CRITICAL KEV

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia …

Jan 27, 2025
CVE-2024-54542
9.1 CRITICAL

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS …

Jan 27, 2025
CVE-2024-54530
9.1 CRITICAL

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password …

Jan 27, 2025
CVE-2024-54512
9.1 CRITICAL

The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could …

Jan 27, 2025
CVE-2024-48841
10.0 CRITICAL

Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

Jan 27, 2025
CVE-2025-22604
9.1 CRITICAL

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs …

Jan 27, 2025
CVE-2024-55228
9.0 CRITICAL

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload …

Jan 27, 2025
CVE-2024-55227
9.0 CRITICAL

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload …

Jan 27, 2025
CVE-2025-24671
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Object Injection.This issue affects Save as PDF: from n/a through <= …

Jan 27, 2025
CVE-2025-24667
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows SQL …

Jan 27, 2025
CVE-2025-24665
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows SQL Injection.This …

Jan 27, 2025
CVE-2024-57595
9.8 CRITICAL

DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via …

Jan 27, 2025
CVE-2024-57590
9.8 CRITICAL

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" …

Jan 27, 2025
CVE-2025-24664
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows SQL …

Jan 27, 2025
CVE-2025-24612
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ihor Kit Shipping for Nova Poshta nova-poshta-ttn allows SQL Injection.This issue …

Jan 27, 2025
CVE-2025-24601
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in ThimPress FundPress fundpress allows Object Injection.This issue affects FundPress: from n/a through <= 2.0.6.

Jan 27, 2025
CVE-2025-0357
9.8 CRITICAL

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, …

Jan 25, 2025
CVE-2024-50698
9.8 CRITICAL

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.

Jan 24, 2025
CVE-2024-50695
9.8 CRITICAL

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.

Jan 24, 2025
CVE-2024-50694
9.8 CRITICAL

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the …

Jan 24, 2025
CVE-2025-24650
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from …

Jan 24, 2025
CVE-2024-56404
9.9 CRITICAL

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

Jan 24, 2025
CVE-2025-22612
10.0 CRITICAL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to …

Jan 24, 2025
CVE-2025-22611
9.9 CRITICAL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to …

Jan 24, 2025
CVE-2025-22609
10.0 CRITICAL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to …

Jan 24, 2025
CVE-2024-13545
9.8 CRITICAL

The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This …

Jan 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.