CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2022-50686
7.5 HIGH

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages …

Dec 18, 2025
CVE-2021-47712
7.5 HIGH

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer …

Dec 18, 2025
CVE-2021-47711
8.8 HIGH

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database …

Dec 18, 2025
CVE-2020-36890
7.2 HIGH

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator …

Dec 18, 2025
CVE-2019-25229
8.8 HIGH

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader …

Dec 18, 2025
CVE-2025-67745
7.1 HIGH

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs …

Dec 18, 2025
CVE-2025-65568
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR …

Dec 18, 2025
CVE-2025-65567
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a …

Dec 18, 2025
CVE-2025-65565
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is …

Dec 18, 2025
CVE-2025-65564
7.5 HIGH

A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory …

Dec 18, 2025
CVE-2025-65563
7.5 HIGH

A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request …

Dec 18, 2025
CVE-2025-65562
7.5 HIGH

The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send …

Dec 18, 2025
CVE-2025-65561
7.5 HIGH

An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header …

Dec 18, 2025
CVE-2025-65559
7.5 HIGH

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) …

Dec 18, 2025
CVE-2025-63387
7.5 HIGH

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or …

Dec 18, 2025
CVE-2025-14738
7.5 HIGH

Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Dec 18, 2025
CVE-2025-14737
8.0 HIGH

Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Dec 18, 2025
CVE-2025-14896
7.5 HIGH

due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious …

Dec 18, 2025
CVE-2025-14884
7.2 HIGH

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results …

Dec 18, 2025
CVE-2025-68278
8.8 HIGH

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that …

Dec 18, 2025
CVE-2025-64724
7.3 HIGH

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, …

Dec 18, 2025
CVE-2025-63391
7.5 HIGH

An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data …

Dec 18, 2025
CVE-2025-14877
7.3 HIGH

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_retailer.php. The manipulation of the argument cmbAreaCode …

Dec 18, 2025
CVE-2025-7358
7.5 HIGH

Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7.

Dec 18, 2025
CVE-2025-64469
7.8 HIGH

There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure …

Dec 18, 2025
CVE-2025-64468
7.8 HIGH

There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful …

Dec 18, 2025
CVE-2025-64467
7.8 HIGH

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-64466
7.8 HIGH

There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-64465
7.8 HIGH

There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-64464
7.8 HIGH

There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-64463
7.8 HIGH

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-64462
7.8 HIGH

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-64461
7.8 HIGH

There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information …

Dec 18, 2025
CVE-2025-63757
7.5 HIGH

Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

Dec 18, 2025
CVE-2025-1031
7.5 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7.

Dec 18, 2025
CVE-2025-1030
7.5 HIGH

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from …

Dec 18, 2025
CVE-2025-1029
7.5 HIGH

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.

Dec 18, 2025
CVE-2025-14861
8.8 HIGH

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

Dec 18, 2025
CVE-2025-40898
8.1 HIGH

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with …

Dec 18, 2025
CVE-2025-40892
8.9 HIGH

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges …

Dec 18, 2025
CVE-2025-14437
7.5 HIGH

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This …

Dec 18, 2025
CVE-2025-14364
8.8 HIGH

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability …

Dec 18, 2025
CVE-2025-13641
8.8 HIGH

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and …

Dec 18, 2025
CVE-2025-14874
7.5 HIGH

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in …

Dec 18, 2025
CVE-2025-6326
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-6324
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a …

Dec 18, 2025
CVE-2025-66119
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= …

Dec 18, 2025
CVE-2025-66118
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a …

Dec 18, 2025
CVE-2025-66117
7.5 HIGH

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= …

Dec 18, 2025
CVE-2025-66116
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member …

Dec 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.