CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14019
3.4 LOW

LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the …

Dec 15, 2025
CVE-2025-14697
3.7 LOW

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality …

Dec 15, 2025
CVE-2025-67899
2.9 LOW

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

Dec 14, 2025
CVE-2025-14663
2.4 LOW

A vulnerability was determined in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/update_student.php. Executing manipulation can lead to …

Dec 14, 2025
CVE-2025-14662
2.4 LOW

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php of the component Update User …

Dec 14, 2025
CVE-2025-14651
3.7 LOW

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument …

Dec 14, 2025
CVE-2025-14636
3.7 LOW

A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of …

Dec 13, 2025
CVE-2025-9218
3.7 LOW

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handle_rest_pre_dispatch() function when …

Dec 13, 2025
CVE-2025-43532
2.8 LOW

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, …

Dec 12, 2025
CVE-2025-43522
3.3 LOW

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An …

Dec 12, 2025
CVE-2025-43518
3.3 LOW

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS …

Dec 12, 2025
CVE-2025-43517
3.3 LOW

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS …

Dec 12, 2025
CVE-2025-43516
3.3 LOW

A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user …

Dec 12, 2025
CVE-2025-43437
3.3 LOW

An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able …

Dec 12, 2025
CVE-2025-43410
2.4 LOW

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker …

Dec 12, 2025
CVE-2025-43404
3.3 LOW

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive …

Dec 12, 2025
CVE-2025-14580
3.5 LOW

A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of …

Dec 12, 2025
CVE-2023-29144
3.3 LOW

Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.

Dec 12, 2025
CVE-2025-36744
2.4 LOW

SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits …

Dec 12, 2025
CVE-2025-10583
3.5 LOW

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' …

Dec 12, 2025
CVE-2025-67737
3.1 LOW

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP …

Dec 12, 2025
CVE-2025-13053
3.7 LOW

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to …

Dec 12, 2025
CVE-2025-14538
3.5 LOW

A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument …

Dec 11, 2025
CVE-2025-67742
3.8 LOW

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

Dec 11, 2025
CVE-2025-67740
2.7 LOW

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

Dec 11, 2025
CVE-2025-67739
3.1 LOW

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

Dec 11, 2025
CVE-2025-55307
3.3 LOW

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript …

Dec 11, 2025
CVE-2025-14519
3.5 LOW

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component …

Dec 11, 2025
CVE-2025-12734
3.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-67646
3.5 LOW

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. …

Dec 11, 2025
CVE-2025-5467
3.3 LOW

It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information …

Dec 10, 2025
CVE-2025-67639
3.5 LOW

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the …

Dec 10, 2025
CVE-2025-13127
3.5 LOW

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site …

Dec 10, 2025
CVE-2025-14082
2.7 LOW

A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks …

Dec 10, 2025
CVE-2025-67500
3.7 LOW

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have …

Dec 10, 2025
CVE-2025-64787
3.3 LOW

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a …

Dec 9, 2025
CVE-2025-64786
3.3 LOW

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a …

Dec 9, 2025
CVE-2025-59923
2.7 LOW

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow …

Dec 9, 2025
CVE-2025-57823
2.7 LOW

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may …

Dec 9, 2025
CVE-2025-64696
3.3 LOW

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.

Dec 9, 2025
CVE-2025-64255
2.7 LOW

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements …

Dec 9, 2025
CVE-2025-64254
2.7 LOW

Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= …

Dec 9, 2025
CVE-2025-40818
3.3 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that …

Dec 9, 2025
CVE-2024-56464
2.7 LOW

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability …

Dec 9, 2025
CVE-2025-36102
2.7 LOW

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into …

Dec 8, 2025
CVE-2025-65228
3.5 LOW

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).

Dec 8, 2025
CVE-2025-60912
3.3 LOW

phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers …

Dec 8, 2025
CVE-2025-14244
2.4 LOW

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management …

Dec 8, 2025
CVE-2025-14228
3.5 LOW

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross …

Dec 8, 2025
CVE-2025-66334
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.