CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-61812
8.4 HIGH

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary …

Dec 10, 2025
CVE-2025-61810
8.4 HIGH

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the …

Dec 10, 2025
CVE-2025-67495
8.0 HIGH

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint …

Dec 9, 2025
CVE-2025-66645
7.5 HIGH

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to …

Dec 9, 2025
CVE-2025-65513
7.5 HIGH

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.

Dec 9, 2025
CVE-2025-67488
7.8 HIGH

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user …

Dec 9, 2025
CVE-2025-66626
8.1 HIGH

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain …

Dec 9, 2025
CVE-2025-64899
7.8 HIGH

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result …

Dec 9, 2025
CVE-2025-64785
7.8 HIGH

Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary …

Dec 9, 2025
CVE-2025-13743
7.5 HIGH

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking …

Dec 9, 2025
CVE-2023-53772
7.5 HIGH

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the …

Dec 9, 2025
CVE-2023-53770
7.5 HIGH

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can …

Dec 9, 2025
CVE-2021-47730
8.8 HIGH

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious …

Dec 9, 2025
CVE-2021-47723
8.8 HIGH

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can …

Dec 9, 2025
CVE-2021-47718
7.5 HIGH

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like …

Dec 9, 2025
CVE-2021-47703
7.2 HIGH

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the …

Dec 9, 2025
CVE-2021-47701
8.8 HIGH

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the …

Dec 9, 2025
CVE-2025-66457
8.8 HIGH

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.17 and below are subject to arbitrary code execution …

Dec 9, 2025
CVE-2025-66214
7.0 HIGH

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which allow uploading …

Dec 9, 2025
CVE-2025-14337
7.3 HIGH

A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade …

Dec 9, 2025
CVE-2025-65573
8.8 HIGH

Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to cause a denial of service via function handle_interface_POST_and_status.

Dec 9, 2025
CVE-2025-14336
7.3 HIGH

A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of …

Dec 9, 2025
CVE-2025-14335
7.3 HIGH

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation …

Dec 9, 2025
CVE-2025-14334
7.3 HIGH

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument …

Dec 9, 2025
CVE-2025-11531
8.8 HIGH

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with …

Dec 9, 2025
CVE-2025-65594
8.1 HIGH

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating …

Dec 9, 2025
CVE-2025-64893
7.1 HIGH

DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An …

Dec 9, 2025
CVE-2025-64784
7.1 HIGH

DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. …

Dec 9, 2025
CVE-2025-64783
7.8 HIGH

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context …

Dec 9, 2025
CVE-2025-64680
7.8 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64679
7.8 HIGH

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64678
8.8 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Dec 9, 2025
CVE-2025-64673
7.8 HIGH

Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64672
8.8 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Dec 9, 2025
CVE-2025-64671
8.4 HIGH

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-64666
7.5 HIGH

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Dec 9, 2025
CVE-2025-64661
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64658
7.5 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-64447
8.1 HIGH

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb …

Dec 9, 2025
CVE-2025-64156
7.2 HIGH

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice …

Dec 9, 2025
CVE-2025-64153
7.2 HIGH

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender …

Dec 9, 2025
CVE-2025-64086
7.5 HIGH

A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted …

Dec 9, 2025
CVE-2025-64085
7.5 HIGH

A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted …

Dec 9, 2025
CVE-2025-62573
7.0 HIGH

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62572
7.8 HIGH

Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62571
7.8 HIGH

Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62570
7.1 HIGH

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.

Dec 9, 2025
CVE-2025-62569
7.0 HIGH

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62565
7.3 HIGH

Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62564
7.8 HIGH

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.