CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14529
7.3 HIGH

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This …

Dec 11, 2025
CVE-2025-65472
8.8 HIGH

A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction …

Dec 11, 2025
CVE-2025-65471
8.8 HIGH

An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted …

Dec 11, 2025
CVE-2025-14527
7.3 HIGH

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of …

Dec 11, 2025
CVE-2025-14526
8.8 HIGH

A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument …

Dec 11, 2025
CVE-2024-8273
8.8 HIGH

Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.

Dec 11, 2025
CVE-2025-59802
7.5 HIGH

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG …

Dec 11, 2025
CVE-2025-55314
7.8 HIGH

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are …

Dec 11, 2025
CVE-2025-55313
7.8 HIGH

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution …

Dec 11, 2025
CVE-2025-55312
7.8 HIGH

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via …

Dec 11, 2025
CVE-2025-55310
7.3 HIGH

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or …

Dec 11, 2025
CVE-2025-13124
7.6 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025.

Dec 11, 2025
CVE-2025-14523
8.2 HIGH

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies …

Dec 11, 2025
CVE-2025-14515
7.3 HIGH

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation …

Dec 11, 2025
CVE-2025-13003
7.6 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before …

Dec 11, 2025
CVE-2025-64989
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64988
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-64987
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner …

Dec 11, 2025
CVE-2025-64986
7.2 HIGH

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers …

Dec 11, 2025
CVE-2025-44016
8.8 HIGH

A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file …

Dec 11, 2025
CVE-2025-14514
7.3 HIGH

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument …

Dec 11, 2025
CVE-2025-64701
7.8 HIGH

QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the …

Dec 11, 2025
CVE-2025-12029
8.0 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, …

Dec 11, 2025
CVE-2025-67738
8.5 HIGH

squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and …

Dec 11, 2025
CVE-2025-8405
7.7 HIGH

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could …

Dec 11, 2025
CVE-2025-12716
8.7 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain …

Dec 11, 2025
CVE-2025-12562
7.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have …

Dec 11, 2025
CVE-2025-67648
7.1 HIGH

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from …

Dec 11, 2025
CVE-2025-67644
7.3 HIGH

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable …

Dec 11, 2025
CVE-2025-67509
8.2 HIGH

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is …

Dec 10, 2025
CVE-2025-67505
8.4 HIGH

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the …

Dec 10, 2025
CVE-2025-66628
7.5 HIGH

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains …

Dec 10, 2025
CVE-2025-66474
8.8 HIGH

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions …

Dec 10, 2025
CVE-2025-66473
7.5 HIGH

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce …

Dec 10, 2025
CVE-2025-65297
7.5 HIGH

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this …

Dec 10, 2025
CVE-2025-65295
8.1 HIGH

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to …

Dec 10, 2025
CVE-2025-65292
7.3 HIGH

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands …

Dec 10, 2025
CVE-2025-65291
7.4 HIGH

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services …

Dec 10, 2025
CVE-2025-65290
7.4 HIGH

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing …

Dec 10, 2025
CVE-2024-58284
7.2 HIGH

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can …

Dec 10, 2025
CVE-2024-58283
8.8 HIGH

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers …

Dec 10, 2025
CVE-2024-58282
7.2 HIGH

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit …

Dec 10, 2025
CVE-2024-58281
8.8 HIGH

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit …

Dec 10, 2025
CVE-2024-58280
8.8 HIGH

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' …

Dec 10, 2025
CVE-2024-58279
8.8 HIGH

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers …

Dec 10, 2025
CVE-2023-53776
8.8 HIGH

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue …

Dec 10, 2025
CVE-2025-67460
7.8 HIGH

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via …

Dec 10, 2025
CVE-2025-65950
8.8 HIGH

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify …

Dec 10, 2025
CVE-2025-65831
7.5 HIGH

The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, …

Dec 10, 2025
CVE-2025-65824
8.8 HIGH

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting …

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.