CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13126
7.5 HIGH

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, and including, …

Dec 14, 2025
CVE-2025-67896
7.0 HIGH

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.

Dec 14, 2025
CVE-2025-14644
7.3 HIGH

A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the …

Dec 14, 2025
CVE-2025-14643
7.3 HIGH

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of …

Dec 14, 2025
CVE-2025-14640
7.3 HIGH

A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation …

Dec 14, 2025
CVE-2025-14639
7.3 HIGH

A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID …

Dec 14, 2025
CVE-2025-14638
7.3 HIGH

A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such …

Dec 14, 2025
CVE-2025-14637
7.3 HIGH

A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of …

Dec 13, 2025
CVE-2025-14623
7.3 HIGH

A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of …

Dec 13, 2025
CVE-2025-14622
7.3 HIGH

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of …

Dec 13, 2025
CVE-2025-14621
7.3 HIGH

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument …

Dec 13, 2025
CVE-2025-14620
7.3 HIGH

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation …

Dec 13, 2025
CVE-2025-14619
7.3 HIGH

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation …

Dec 13, 2025
CVE-2025-14590
7.3 HIGH

A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the …

Dec 13, 2025
CVE-2025-14588
7.3 HIGH

A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the …

Dec 13, 2025
CVE-2025-14587
7.3 HIGH

A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the …

Dec 13, 2025
CVE-2025-14542
7.5 HIGH

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially …

Dec 13, 2025
CVE-2025-14476
8.8 HIGH

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, …

Dec 13, 2025
CVE-2025-14475
8.1 HIGH

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 …

Dec 13, 2025
CVE-2025-14397
8.8 HIGH

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() …

Dec 13, 2025
CVE-2025-13094
8.8 HIGH

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in …

Dec 13, 2025
CVE-2025-13089
7.5 HIGH

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and …

Dec 13, 2025
CVE-2025-13077
7.5 HIGH

The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter …

Dec 13, 2025
CVE-2025-13970
8.0 HIGH

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to …

Dec 13, 2025
CVE-2025-67721
7.5 HIGH

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of …

Dec 12, 2025
CVE-2025-14585
7.3 HIGH

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of …

Dec 12, 2025
CVE-2025-14584
7.3 HIGH

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. …

Dec 12, 2025
CVE-2025-14583
7.3 HIGH

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing a manipulation of …

Dec 12, 2025
CVE-2025-67750
8.4 HIGH

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below …

Dec 12, 2025
CVE-2025-46285
7.8 HIGH

An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS …

Dec 12, 2025
CVE-2025-43542
7.5 HIGH

This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia …

Dec 12, 2025
CVE-2025-43539
8.8 HIGH

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia …

Dec 12, 2025
CVE-2025-43527
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to …

Dec 12, 2025
CVE-2025-43512
7.8 HIGH

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS …

Dec 12, 2025
CVE-2025-43510
7.8 HIGH KEV

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS …

Dec 12, 2025
CVE-2025-43506
7.5 HIGH

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more …

Dec 12, 2025
CVE-2025-43494
7.5 HIGH

A mail header parsing issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, …

Dec 12, 2025
CVE-2025-43467
7.8 HIGH

This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.

Dec 12, 2025
CVE-2025-43402
7.8 HIGH

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.1. An app may …

Dec 12, 2025
CVE-2025-43320
7.8 HIGH

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26. An app may be able to …

Dec 12, 2025
CVE-2024-58316
7.5 HIGH

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' …

Dec 12, 2025
CVE-2025-8083
8.6 HIGH

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep' utility function used to merge options with …

Dec 12, 2025
CVE-2025-14578
7.3 HIGH

A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of …

Dec 12, 2025
CVE-2025-14572
8.8 HIGH

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument …

Dec 12, 2025
CVE-2025-14174
8.8 HIGH KEV

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory …

Dec 12, 2025
CVE-2024-58314
8.8 HIGH

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary …

Dec 12, 2025
CVE-2024-58305
8.8 HIGH

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed …

Dec 12, 2025
CVE-2025-14571
7.3 HIGH

A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such …

Dec 12, 2025
CVE-2025-14570
7.3 HIGH

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This …

Dec 12, 2025
CVE-2025-67818
7.2 HIGH

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with …

Dec 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.