CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-68478
7.1 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request …

Dec 19, 2025
CVE-2025-14960
7.3 HIGH

A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation …

Dec 19, 2025
CVE-2025-14959
7.3 HIGH

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of …

Dec 19, 2025
CVE-2025-68477
7.7 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue …

Dec 19, 2025
CVE-2025-58052
8.1 HIGH

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role …

Dec 19, 2025
CVE-2025-14812
7.5 HIGH

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme …

Dec 19, 2025
CVE-2025-14809
7.4 HIGH

ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing …

Dec 19, 2025
CVE-2025-67442
7.6 HIGH

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering …

Dec 19, 2025
CVE-2025-66905
7.5 HIGH

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include …

Dec 19, 2025
CVE-2025-66909
7.5 HIGH

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() …

Dec 19, 2025
CVE-2025-50681
7.5 HIGH

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a …

Dec 19, 2025
CVE-2025-14952
7.3 HIGH

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing a manipulation of the argument …

Dec 19, 2025
CVE-2025-14951
7.3 HIGH

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation …

Dec 19, 2025
CVE-2025-14950
7.3 HIGH

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of …

Dec 19, 2025
CVE-2025-1927
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Cross Site Request Forgery.This issue affects Online Food Delivery System: …

Dec 19, 2025
CVE-2025-14847
7.5 HIGH KEV

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB …

Dec 19, 2025
CVE-2025-66524
8.8 HIGH

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state …

Dec 19, 2025
CVE-2025-14151
7.2 HIGH

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up …

Dec 19, 2025
CVE-2025-66499
7.8 HIGH

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the …

Dec 19, 2025
CVE-2025-66495
7.8 HIGH

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF …

Dec 19, 2025
CVE-2025-66494
7.8 HIGH

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by …

Dec 19, 2025
CVE-2025-66493
7.8 HIGH

A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening …

Dec 19, 2025
CVE-2025-13999
7.2 HIGH

The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions …

Dec 19, 2025
CVE-2025-13307
7.2 HIGH

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under …

Dec 19, 2025
CVE-2025-14940
7.3 HIGH

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the …

Dec 19, 2025
CVE-2025-67843
8.3 HIGH

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline …

Dec 19, 2025
CVE-2025-52692
8.8 HIGH

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without …

Dec 19, 2025
CVE-2025-13941
8.8 HIGH

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used …

Dec 19, 2025
CVE-2025-11774
8.2 HIGH

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") …

Dec 19, 2025
CVE-2025-64675
8.3 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.

Dec 19, 2025
CVE-2025-68385
7.2 HIGH

Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be …

Dec 18, 2025
CVE-2025-68279
7.7 HIGH

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using …

Dec 18, 2025
CVE-2025-64677
8.2 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.

Dec 18, 2025
CVE-2025-64676
7.2 HIGH

'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.

Dec 18, 2025
CVE-2025-34451
7.8 HIGH

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. …

Dec 18, 2025
CVE-2025-34450
7.8 HIGH

merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. …

Dec 18, 2025
CVE-2025-63951
7.5 HIGH

An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that …

Dec 18, 2025
CVE-2025-63950
7.5 HIGH

An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter receives base64-encoded data that …

Dec 18, 2025
CVE-2025-62004
7.5 HIGH

BullWall Server Intrusion Protection (SIP) services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before …

Dec 18, 2025
CVE-2025-62003
7.5 HIGH

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during …

Dec 18, 2025
CVE-2025-62001
8.8 HIGH

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated …

Dec 18, 2025
CVE-2025-62000
7.1 HIGH

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header …

Dec 18, 2025
CVE-2025-53710
7.5 HIGH

Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This …

Dec 18, 2025
CVE-2025-14850
8.1 HIGH

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.

Dec 18, 2025
CVE-2025-14849
8.8 HIGH

Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.

Dec 18, 2025
CVE-2025-65566
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing …

Dec 18, 2025
CVE-2023-53942
8.8 HIGH

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can …

Dec 18, 2025
CVE-2023-53940
7.8 HIGH

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can …

Dec 18, 2025
CVE-2023-53937
7.8 HIGH

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate …

Dec 18, 2025
CVE-2023-53934
7.5 HIGH

A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation …

Dec 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.