CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-67254
7.5 HIGH

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

Dec 29, 2025
CVE-2025-13592
7.2 HIGH

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This …

Dec 29, 2025
CVE-2025-68861
7.1 HIGH

Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.

Dec 29, 2025
CVE-2025-66877
7.5 HIGH

Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.

Dec 29, 2025
CVE-2025-55061
8.8 HIGH

CWE-434 Unrestricted Upload of File with Dangerous Type

Dec 29, 2025
CVE-2025-15198
7.3 HIGH

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation …

Dec 29, 2025
CVE-2025-68870
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows PHP Local File …

Dec 29, 2025
CVE-2025-66869
7.5 HIGH

Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.

Dec 29, 2025
CVE-2025-66866
7.5 HIGH

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Dec 29, 2025
CVE-2025-66865
7.5 HIGH

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Dec 29, 2025
CVE-2025-66864
7.5 HIGH

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Dec 29, 2025
CVE-2025-66863
7.5 HIGH

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Dec 29, 2025
CVE-2025-66862
7.5 HIGH

A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Dec 29, 2025
CVE-2025-15196
7.3 HIGH

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads …

Dec 29, 2025
CVE-2025-69211
7.4 HIGH

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is …

Dec 29, 2025
CVE-2025-69200
7.5 HIGH

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP …

Dec 29, 2025
CVE-2025-68879
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: …

Dec 29, 2025
CVE-2025-68878
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: …

Dec 29, 2025
CVE-2025-68877
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce CedCommerce Integration for Good Market ced-good-market-integration allows PHP …

Dec 29, 2025
CVE-2025-68876
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: …

Dec 29, 2025
CVE-2025-15195
7.3 HIGH

A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the …

Dec 29, 2025
CVE-2025-15193
8.8 HIGH

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url …

Dec 29, 2025
CVE-2025-15190
8.8 HIGH

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the …

Dec 29, 2025
CVE-2025-15189
8.8 HIGH

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument …

Dec 29, 2025
CVE-2025-15186
7.3 HIGH

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such …

Dec 29, 2025
CVE-2025-15185
7.3 HIGH

A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This …

Dec 29, 2025
CVE-2025-15184
7.3 HIGH

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument …

Dec 29, 2025
CVE-2025-15183
7.3 HIGH

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of …

Dec 29, 2025
CVE-2025-15182
7.3 HIGH

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the …

Dec 29, 2025
CVE-2025-15181
7.3 HIGH

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing …

Dec 29, 2025
CVE-2025-15180
7.2 HIGH

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. …

Dec 29, 2025
CVE-2025-15227
7.5 HIGH

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Dec 29, 2025
CVE-2025-15179
7.2 HIGH

A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based …

Dec 29, 2025
CVE-2025-15178
7.2 HIGH

A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The …

Dec 29, 2025
CVE-2025-15225
7.5 HIGH

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.

Dec 29, 2025
CVE-2025-15177
7.2 HIGH

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The …

Dec 29, 2025
CVE-2025-15069
7.1 HIGH

Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1

Dec 29, 2025
CVE-2025-15068
7.7 HIGH

Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 3.0.1

Dec 29, 2025
CVE-2025-13417
8.6 HIGH

The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform …

Dec 29, 2025
CVE-2025-15168
7.3 HIGH

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID …

Dec 29, 2025
CVE-2025-15167
7.3 HIGH

A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument …

Dec 29, 2025
CVE-2025-15166
7.3 HIGH

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument …

Dec 29, 2025
CVE-2025-15165
7.3 HIGH

A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation …

Dec 29, 2025
CVE-2025-15164
7.2 HIGH

A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page …

Dec 29, 2025
CVE-2025-15163
7.2 HIGH

A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument …

Dec 29, 2025
CVE-2025-15067
7.7 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP …

Dec 29, 2025
CVE-2025-15162
7.2 HIGH

A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the …

Dec 29, 2025
CVE-2025-15161
7.2 HIGH

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results …

Dec 28, 2025
CVE-2025-15160
7.2 HIGH

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads …

Dec 28, 2025
CVE-2025-68973
7.8 HIGH

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted …

Dec 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.