CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-53885
7.2 HIGH

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR …

Dec 15, 2025
CVE-2023-53883
7.2 HIGH

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a …

Dec 15, 2025
CVE-2023-53881
8.1 HIGH

ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a …

Dec 15, 2025
CVE-2023-53875
8.8 HIGH

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers …

Dec 15, 2025
CVE-2023-53868
8.8 HIGH

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload …

Dec 15, 2025
CVE-2025-14503
7.2 HIGH

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role …

Dec 15, 2025
CVE-2025-65176
7.5 HIGH

An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and …

Dec 15, 2025
CVE-2025-66440
8.8 HIGH

An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext/accounts/doctype/payment_entry/payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary …

Dec 15, 2025
CVE-2025-66439
8.8 HIGH

An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext.accounts.doctype.payment_entry.payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary …

Dec 15, 2025
CVE-2025-66438
8.8 HIGH

A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.get_html_and_style() triggers the rendering of …

Dec 15, 2025
CVE-2025-66437
8.8 HIGH

An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.render_template() with a …

Dec 15, 2025
CVE-2025-14038
7.0 HIGH

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially …

Dec 15, 2025
CVE-2025-66434
8.8 HIGH

An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (body_text) using frappe.render_template() …

Dec 15, 2025
CVE-2025-65742
8.2 HIGH

An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via …

Dec 15, 2025
CVE-2025-11393
8.7 HIGH

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials …

Dec 15, 2025
CVE-2025-60786
8.8 HIGH

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted …

Dec 15, 2025
CVE-2024-44599
8.3 HIGH

FNT Command 13.4.0 is vulnerable to Directory Traversal.

Dec 15, 2025
CVE-2024-44598
8.8 HIGH

FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.

Dec 15, 2025
CVE-2025-14383
7.5 HIGH

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, and including, 10.14.8 …

Dec 15, 2025
CVE-2025-65781
8.2 HIGH

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization …

Dec 15, 2025
CVE-2025-65780
8.8 HIGH

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire …

Dec 15, 2025
CVE-2025-65779
7.5 HIGH

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's …

Dec 15, 2025
CVE-2025-65778
8.1 HIGH

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with …

Dec 15, 2025
CVE-2025-14711
7.3 HIGH

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the …

Dec 15, 2025
CVE-2025-14710
7.3 HIGH

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument …

Dec 15, 2025
CVE-2025-14022
7.7 HIGH

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with …

Dec 15, 2025
CVE-2025-14712
7.5 HIGH

Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific …

Dec 15, 2025
CVE-2025-14549
8.1 HIGH

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) …

Dec 15, 2025
CVE-2025-13355
7.1 HIGH

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected …

Dec 15, 2025
CVE-2025-12684
7.1 HIGH

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected …

Dec 15, 2025
CVE-2025-14704
7.3 HIGH

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The …

Dec 15, 2025
CVE-2025-67900
8.1 HIGH

NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.

Dec 14, 2025
CVE-2025-14673
7.3 HIGH

A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based …

Dec 14, 2025
CVE-2025-14672
7.3 HIGH

A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead …

Dec 14, 2025
CVE-2025-14668
7.3 HIGH

A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the …

Dec 14, 2025
CVE-2025-14667
7.3 HIGH

A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation …

Dec 14, 2025
CVE-2025-14666
7.3 HIGH

A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of …

Dec 14, 2025
CVE-2025-14664
7.3 HIGH

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view_unit.php. The manipulation of the argument …

Dec 14, 2025
CVE-2025-14661
7.3 HIGH

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation …

Dec 14, 2025
CVE-2025-14659
8.8 HIGH

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument …

Dec 14, 2025
CVE-2025-14656
8.8 HIGH

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime …

Dec 14, 2025
CVE-2025-14655
8.8 HIGH

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. …

Dec 14, 2025
CVE-2025-14654
8.8 HIGH

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation …

Dec 14, 2025
CVE-2025-14653
7.3 HIGH

A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID …

Dec 14, 2025
CVE-2025-14652
7.3 HIGH

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the …

Dec 14, 2025
CVE-2025-14650
7.3 HIGH

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the …

Dec 14, 2025
CVE-2025-14649
7.3 HIGH

A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation …

Dec 14, 2025
CVE-2025-14647
7.3 HIGH

A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument …

Dec 14, 2025
CVE-2025-14646
7.3 HIGH

A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of …

Dec 14, 2025
CVE-2025-14645
7.3 HIGH

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument …

Dec 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.