CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-65530
8.8 HIGH

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted …

Dec 12, 2025
CVE-2025-14566
7.3 HIGH

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a …

Dec 12, 2025
CVE-2025-14565
7.3 HIGH

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the …

Dec 12, 2025
CVE-2025-13733
7.8 HIGH

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2.

Dec 12, 2025
CVE-2025-58770
8.8 HIGH

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this …

Dec 12, 2025
CVE-2025-54981
7.5 HIGH

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including …

Dec 12, 2025
CVE-2025-36745
7.8 HIGH

SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws …

Dec 12, 2025
CVE-2025-13506
8.8 HIGH

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the …

Dec 12, 2025
CVE-2025-12835
7.3 HIGH

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to …

Dec 12, 2025
CVE-2025-58137
8.1 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are …

Dec 12, 2025
CVE-2025-26866
8.8 HIGH

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication …

Dec 12, 2025
CVE-2025-40829
7.8 HIGH

A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT …

Dec 12, 2025
CVE-2025-67731
7.5 HIGH

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used …

Dec 12, 2025
CVE-2025-14169
7.5 HIGH

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions …

Dec 12, 2025
CVE-2025-67726
7.5 HIGH

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, …

Dec 12, 2025
CVE-2025-14068
7.5 HIGH

The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0.6.3 due to …

Dec 12, 2025
CVE-2025-12570
7.2 HIGH

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 …

Dec 12, 2025
CVE-2025-67725
7.5 HIGH

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's …

Dec 12, 2025
CVE-2025-67508
8.4 HIGH

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish …

Dec 12, 2025
CVE-2025-66492
8.2 HIGH

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are …

Dec 12, 2025
CVE-2025-14044
8.1 HIGH

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted …

Dec 12, 2025
CVE-2025-13334
8.1 HIGH

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze_demo_importer_install_demo" …

Dec 12, 2025
CVE-2025-12968
8.8 HIGH

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up …

Dec 12, 2025
CVE-2025-12824
8.8 HIGH

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'player_leaderboard' shortcode. This …

Dec 12, 2025
CVE-2025-13886
7.5 HIGH

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in …

Dec 12, 2025
CVE-2025-10451
8.2 HIGH

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.

Dec 12, 2025
CVE-2025-67779
7.5 HIGH

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a …

Dec 12, 2025
CVE-2025-66446
8.8 HIGH

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker …

Dec 11, 2025
CVE-2025-66419
8.8 HIGH

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and …

Dec 11, 2025
CVE-2025-34506
8.8 HIGH

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially …

Dec 11, 2025
CVE-2024-58313
7.2 HIGH

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting …

Dec 11, 2025
CVE-2024-58312
7.5 HIGH

xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal …

Dec 11, 2025
CVE-2024-58307
8.8 HIGH

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious …

Dec 11, 2025
CVE-2024-58304
7.5 HIGH

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit …

Dec 11, 2025
CVE-2024-58294
8.8 HIGH

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers …

Dec 11, 2025
CVE-2024-58287
8.8 HIGH

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can …

Dec 11, 2025
CVE-2025-66586
7.8 HIGH

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially …

Dec 11, 2025
CVE-2025-66585
7.8 HIGH

In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. …

Dec 11, 2025
CVE-2025-66429
8.8 HIGH

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. …

Dec 11, 2025
CVE-2025-14537
7.3 HIGH

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. …

Dec 11, 2025
CVE-2025-55184
7.5 HIGH

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, …

Dec 11, 2025
CVE-2025-36936
7.8 HIGH

In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege …

Dec 11, 2025
CVE-2025-36935
7.8 HIGH

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional …

Dec 11, 2025
CVE-2025-36934
7.4 HIGH

In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with …

Dec 11, 2025
CVE-2025-36932
7.8 HIGH

In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no …

Dec 11, 2025
CVE-2025-36931
7.8 HIGH

In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36930
7.8 HIGH

In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36928
7.8 HIGH

In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36927
7.8 HIGH

In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025
CVE-2025-36925
7.8 HIGH

In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …

Dec 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.