CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-53969
7.5 HIGH

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers …

Dec 22, 2025
CVE-2023-53967
7.5 HIGH

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers …

Dec 22, 2025
CVE-2023-53965
8.4 HIGH

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can …

Dec 22, 2025
CVE-2023-53962
7.5 HIGH

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can …

Dec 22, 2025
CVE-2022-50690
8.4 HIGH

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with …

Dec 22, 2025
CVE-2022-50688
8.4 HIGH

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can …

Dec 22, 2025
CVE-2021-47713
7.5 HIGH

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. …

Dec 22, 2025
CVE-2025-66736
7.1 HIGH

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which …

Dec 22, 2025
CVE-2025-66735
7.5 HIGH

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly …

Dec 22, 2025
CVE-2025-65817
8.8 HIGH

LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.

Dec 22, 2025
CVE-2025-63664
7.5 HIGH

Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI …

Dec 22, 2025
CVE-2025-63663
7.5 HIGH

Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.

Dec 22, 2025
CVE-2025-63662
7.5 HIGH

Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.

Dec 22, 2025
CVE-2025-68645
8.8 HIGH KEV

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied …

Dec 22, 2025
CVE-2025-67826
7.7 HIGH

An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by …

Dec 22, 2025
CVE-2025-14018
7.3 HIGH

Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries.This issue affects e-Fatura: …

Dec 22, 2025
CVE-2025-14273
7.2 HIGH

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 …

Dec 22, 2025
CVE-2025-12514
7.2 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets …

Dec 22, 2025
CVE-2025-15012
7.3 HIGH

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of …

Dec 22, 2025
CVE-2025-11540
7.5 HIGH

Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.

Dec 22, 2025
CVE-2025-15015
7.5 HIGH

Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system …

Dec 22, 2025
CVE-2025-15011
7.3 HIGH

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname …

Dec 22, 2025
CVE-2025-15008
7.3 HIGH

A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a …

Dec 22, 2025
CVE-2025-15002
7.3 HIGH

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the …

Dec 21, 2025
CVE-2025-14995
8.8 HIGH

A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads …

Dec 21, 2025
CVE-2025-14994
8.8 HIGH

A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request …

Dec 21, 2025
CVE-2025-14855
7.2 HIGH

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due …

Dec 21, 2025
CVE-2025-14800
8.1 HIGH

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function …

Dec 21, 2025
CVE-2025-14993
8.8 HIGH

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation …

Dec 21, 2025
CVE-2025-9343
7.2 HIGH

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, …

Dec 21, 2025
CVE-2025-68644
7.4 HIGH

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security …

Dec 21, 2025
CVE-2025-14992
8.8 HIGH

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP …

Dec 21, 2025
CVE-2025-14990
7.3 HIGH

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing …

Dec 21, 2025
CVE-2025-14071
7.5 HIGH

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 …

Dec 21, 2025
CVE-2025-12980
7.5 HIGH

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a …

Dec 21, 2025
CVE-2023-25446
7.7 HIGH

Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.

Dec 21, 2025
CVE-2025-14989
7.3 HIGH

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation …

Dec 21, 2025
CVE-2025-7782
7.6 HIGH

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on …

Dec 20, 2025
CVE-2025-14591
7.5 HIGH

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited …

Dec 20, 2025
CVE-2025-14300
8.1 HIGH

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit …

Dec 20, 2025
CVE-2023-53958
7.5 HIGH

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can …

Dec 19, 2025
CVE-2023-53956
8.8 HIGH

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials …

Dec 19, 2025
CVE-2023-53952
8.8 HIGH

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation …

Dec 19, 2025
CVE-2023-53949
8.4 HIGH

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write …

Dec 19, 2025
CVE-2023-53947
8.4 HIGH

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious …

Dec 19, 2025
CVE-2023-53946
8.4 HIGH

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a …

Dec 19, 2025
CVE-2023-53945
8.8 HIGH

BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit …

Dec 19, 2025
CVE-2025-14968
7.3 HIGH

A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The …

Dec 19, 2025
CVE-2025-14967
7.3 HIGH

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of …

Dec 19, 2025
CVE-2025-14961
7.3 HIGH

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation …

Dec 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.