CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-65821
7.5 HIGH

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device …

Dec 10, 2025
CVE-2025-65512
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass …

Dec 10, 2025
CVE-2025-24857
7.6 HIGH

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, …

Dec 10, 2025
CVE-2023-53741
8.1 HIGH

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can …

Dec 10, 2025
CVE-2020-36901
8.8 HIGH

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can …

Dec 10, 2025
CVE-2020-36900
8.8 HIGH

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft …

Dec 10, 2025
CVE-2020-36899
7.5 HIGH

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' …

Dec 10, 2025
CVE-2020-36896
7.5 HIGH

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. …

Dec 10, 2025
CVE-2020-36895
7.5 HIGH

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. …

Dec 10, 2025
CVE-2020-36894
7.5 HIGH

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can …

Dec 10, 2025
CVE-2020-36893
7.5 HIGH

Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers …

Dec 10, 2025
CVE-2020-36887
7.5 HIGH

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive …

Dec 10, 2025
CVE-2020-36886
8.8 HIGH

SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can …

Dec 10, 2025
CVE-2020-36883
8.1 HIGH

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified …

Dec 10, 2025
CVE-2025-63895
7.5 HIGH

An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service …

Dec 10, 2025
CVE-2025-65199
7.8 HIGH

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to …

Dec 10, 2025
CVE-2025-56431
7.5 HIGH

Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the file_get_contents() …

Dec 10, 2025
CVE-2025-56430
7.5 HIGH

Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory …

Dec 10, 2025
CVE-2025-34429
7.1 HIGH

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such …

Dec 10, 2025
CVE-2025-34428
7.8 HIGH

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores …

Dec 10, 2025
CVE-2025-34427
7.8 HIGH

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores …

Dec 10, 2025
CVE-2025-63094
7.5 HIGH

XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel …

Dec 10, 2025
CVE-2025-67635
7.5 HIGH

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to …

Dec 10, 2025
CVE-2025-65807
8.4 HIGH

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.

Dec 10, 2025
CVE-2025-34424
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34423
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34422
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34421
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34420
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34419
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34418
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34417
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34416
7.8 HIGH

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to …

Dec 10, 2025
CVE-2025-34410
7.1 HIGH

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint …

Dec 10, 2025
CVE-2025-34395
7.5 HIGH

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can …

Dec 10, 2025
CVE-2025-13155
7.8 HIGH

An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges.

Dec 10, 2025
CVE-2025-13152
7.8 HIGH

A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute …

Dec 10, 2025
CVE-2025-12046
7.8 HIGH

A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code …

Dec 10, 2025
CVE-2025-8110
8.8 HIGH KEV

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Dec 10, 2025
CVE-2024-2104
8.8 HIGH

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile …

Dec 10, 2025
CVE-2025-7073
7.8 HIGH

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting …

Dec 10, 2025
CVE-2025-66675
8.2 HIGH

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, …

Dec 10, 2025
CVE-2025-14390
8.8 HIGH

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <= 5.0.4. This is due to missing or incorrect nonce validation …

Dec 10, 2025
CVE-2025-1161
7.1 HIGH

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.

Dec 10, 2025
CVE-2025-13073
7.1 HIGH

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading …

Dec 10, 2025
CVE-2025-13072
7.1 HIGH

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading …

Dec 10, 2025
CVE-2025-13339
7.5 HIGH

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() …

Dec 10, 2025
CVE-2025-67507
8.1 HIGH

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for …

Dec 10, 2025
CVE-2025-67501
8.8 HIGH

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability …

Dec 10, 2025
CVE-2025-61813
8.2 HIGH

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary …

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.