CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-49366
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49365
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This …

Dec 18, 2025
CVE-2025-49364
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This …

Dec 18, 2025
CVE-2025-49363
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File …

Dec 18, 2025
CVE-2025-49362
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioza allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49361
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49360
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-49359
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue …

Dec 18, 2025
CVE-2025-14314
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from …

Dec 18, 2025
CVE-2025-68459
7.2 HIGH

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS …

Dec 18, 2025
CVE-2025-47387
7.8 HIGH

Memory Corruption when processing IOCTLs for JPEG data without verification.

Dec 18, 2025
CVE-2025-47382
7.8 HIGH

Memory corruption while loading an invalid firmware in boot loader.

Dec 18, 2025
CVE-2025-47350
7.8 HIGH

Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.

Dec 18, 2025
CVE-2025-47323
7.8 HIGH

Memory corruption while routing GPR packets between user and root when handling large data packet.

Dec 18, 2025
CVE-2025-47322
7.8 HIGH

Memory corruption while handling IOCTL calls to set mode.

Dec 18, 2025
CVE-2025-47321
7.8 HIGH

Memory corruption while copying packets received from unix clients.

Dec 18, 2025
CVE-2025-47320
7.8 HIGH

Memory corruption while processing MFC channel configuration during music playback.

Dec 18, 2025
CVE-2025-27063
7.8 HIGH

Memory corruption during video playback when video session open fails with time out error.

Dec 18, 2025
CVE-2025-68461
7.2 HIGH KEV

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Dec 18, 2025
CVE-2025-68460
7.2 HIGH

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.

Dec 18, 2025
CVE-2025-68434
8.8 HIGH

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and …

Dec 17, 2025
CVE-2025-68433
7.7 HIGH

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from …

Dec 17, 2025
CVE-2025-68432
7.7 HIGH

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from …

Dec 17, 2025
CVE-2025-68429
7.3 HIGH

Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions …

Dec 17, 2025
CVE-2025-68147
8.1 HIGH

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and …

Dec 17, 2025
CVE-2025-68144
7.1 HIGH

In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` …

Dec 17, 2025
CVE-2025-68143
8.8 HIGH

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool …

Dec 17, 2025
CVE-2025-66029
7.6 HIGH

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. …

Dec 17, 2025
CVE-2025-14833
7.3 HIGH

A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing …

Dec 17, 2025
CVE-2023-53933
8.8 HIGH

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with …

Dec 17, 2025
CVE-2023-53930
7.5 HIGH

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can …

Dec 17, 2025
CVE-2023-53929
8.8 HIGH

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile …

Dec 17, 2025
CVE-2023-53924
8.8 HIGH

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can …

Dec 17, 2025
CVE-2023-53913
8.8 HIGH

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| …

Dec 17, 2025
CVE-2023-53908
8.8 HIGH

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML …

Dec 17, 2025
CVE-2023-53905
8.0 HIGH

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| …

Dec 17, 2025
CVE-2025-68400
8.8 HIGH

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint `/Reports/ConfirmReportEmail.php` in ChurchCRM prior to version 6.5.3. Although the …

Dec 17, 2025
CVE-2025-68111
7.2 HIGH

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the `eGive.php` file within the "ReImport" functionality. …

Dec 17, 2025
CVE-2025-67877
8.8 HIGH

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a SQL injection vulnerability in the `src/CartToFamily.php` file, specifically in how the `PersonAddress` …

Dec 17, 2025
CVE-2025-14832
7.3 HIGH

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of …

Dec 17, 2025
CVE-2025-67792
7.8 HIGH

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to …

Dec 17, 2025
CVE-2025-67790
7.5 HIGH

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen …

Dec 17, 2025
CVE-2025-67493
7.5 HIGH

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups …

Dec 17, 2025
CVE-2025-53000
7.8 HIGH

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows …

Dec 17, 2025
CVE-2025-46291
7.8 HIGH

A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks.

Dec 17, 2025
CVE-2025-46281
8.8 HIGH

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of …

Dec 17, 2025
CVE-2025-43529
8.8 HIGH KEV

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS …

Dec 17, 2025
CVE-2025-66646
7.5 HIGH

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was …

Dec 17, 2025
CVE-2025-66397
8.3 HIGH

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from …

Dec 17, 2025
CVE-2025-66396
7.2 HIGH

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the `src/UserEditor.php` file. When an administrator saves a …

Dec 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.