CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-15142
7.3 HIGH

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID …

Dec 28, 2025
CVE-2025-15140
7.3 HIGH

A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 …

Dec 28, 2025
CVE-2025-15137
8.8 HIGH

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command …

Dec 28, 2025
CVE-2025-15136
8.8 HIGH

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The …

Dec 28, 2025
CVE-2025-15127
7.3 HIGH

A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such …

Dec 28, 2025
CVE-2025-14180
7.5 HIGH

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with …

Dec 27, 2025
CVE-2025-14177
7.5 HIGH

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory …

Dec 27, 2025
CVE-2025-15109
7.3 HIGH

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. …

Dec 27, 2025
CVE-2025-68948
8.1 HIGH

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its …

Dec 27, 2025
CVE-2025-59946
7.5 HIGH

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which …

Dec 27, 2025
CVE-2025-68474
7.6 HIGH

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the …

Dec 27, 2025
CVE-2025-68473
8.6 HIGH

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack …

Dec 27, 2025
CVE-2025-68697
7.1 HIGH

n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript …

Dec 26, 2025
CVE-2025-67729
8.8 HIGH

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called …

Dec 26, 2025
CVE-2025-61914
7.3 HIGH

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the …

Dec 26, 2025
CVE-2025-67015
7.5 HIGH

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate …

Dec 26, 2025
CVE-2025-67014
7.5 HIGH

Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.

Dec 26, 2025
CVE-2025-66738
8.8 HIGH

An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of …

Dec 26, 2025
CVE-2025-57403
7.5 HIGH

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or …

Dec 26, 2025
CVE-2025-64645
7.7 HIGH

IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.

Dec 26, 2025
CVE-2025-25341
7.5 HIGH

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes …

Dec 26, 2025
CVE-2025-12771
7.8 HIGH

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and …

Dec 26, 2025
CVE-2025-67450
7.8 HIGH

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution …

Dec 26, 2025
CVE-2025-59887
8.6 HIGH

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to …

Dec 26, 2025
CVE-2025-62578
7.5 HIGH

DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

Dec 26, 2025
CVE-2025-52601
7.8 HIGH

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that …

Dec 26, 2025
CVE-2025-52600
7.2 HIGH

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics …

Dec 26, 2025
CVE-2025-15099
7.3 HIGH

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. …

Dec 26, 2025
CVE-2025-68939
8.2 HIGH

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Dec 26, 2025
CVE-2025-15097
7.3 HIGH

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. …

Dec 26, 2025
CVE-2025-15092
8.8 HIGH

A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument …

Dec 26, 2025
CVE-2025-15091
8.8 HIGH

A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the …

Dec 26, 2025
CVE-2025-15090
8.8 HIGH

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the …

Dec 25, 2025
CVE-2025-15089
8.8 HIGH

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the …

Dec 25, 2025
CVE-2025-2406
7.6 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi …

Dec 25, 2025
CVE-2025-2405
7.6 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus …

Dec 25, 2025
CVE-2025-2307
7.6 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango …

Dec 25, 2025
CVE-2025-66443
7.5 HIGH

Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an …

Dec 25, 2025
CVE-2025-66379
7.5 HIGH

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media …

Dec 25, 2025
CVE-2025-66377
7.5 HIGH

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code …

Dec 25, 2025
CVE-2025-59683
8.2 HIGH

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange …

Dec 25, 2025
CVE-2025-48704
7.5 HIGH

Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a …

Dec 25, 2025
CVE-2025-32096
7.5 HIGH

Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a …

Dec 25, 2025
CVE-2025-32095
7.5 HIGH

Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, …

Dec 25, 2025
CVE-2025-15078
7.3 HIGH

A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the …

Dec 25, 2025
CVE-2025-15077
7.3 HIGH

A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation …

Dec 25, 2025
CVE-2025-15076
7.3 HIGH

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path …

Dec 25, 2025
CVE-2025-15075
7.3 HIGH

A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of …

Dec 25, 2025
CVE-2025-15074
7.3 HIGH

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to …

Dec 25, 2025
CVE-2025-68922
7.4 HIGH

OpenOps before 0.6.11 allows remote code execution in the Terraform block.

Dec 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.