CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14332
7.3 HIGH

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Dec 9, 2025
CVE-2025-14329
8.8 HIGH

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Dec 9, 2025
CVE-2025-14328
8.8 HIGH

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Dec 9, 2025
CVE-2025-14327
7.5 HIGH

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.

Dec 9, 2025
CVE-2025-14325
7.3 HIGH

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Dec 9, 2025
CVE-2025-14323
8.8 HIGH

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Dec 9, 2025
CVE-2025-14322
8.0 HIGH

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, …

Dec 9, 2025
CVE-2025-14309
7.5 HIGH

NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2.

Dec 9, 2025
CVE-2025-14307
8.1 HIGH

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing …

Dec 9, 2025
CVE-2025-13662
7.8 HIGH

Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker …

Dec 9, 2025
CVE-2025-13661
7.1 HIGH

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended …

Dec 9, 2025
CVE-2025-13659
8.8 HIGH

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary …

Dec 9, 2025
CVE-2025-13604
7.2 HIGH

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up …

Dec 9, 2025
CVE-2025-13428
7.2 HIGH

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution …

Dec 9, 2025
CVE-2025-13071
7.1 HIGH

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Dec 9, 2025
CVE-2025-12705
7.2 HIGH

The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up …

Dec 9, 2025
CVE-2025-12381
7.8 HIGH

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command …

Dec 9, 2025
CVE-2025-10655
8.8 HIGH

SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0.

Dec 9, 2025
CVE-2024-56840
7.2 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions …

Dec 9, 2025
CVE-2024-56839
7.2 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions …

Dec 9, 2025
CVE-2024-56838
7.2 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions …

Dec 9, 2025
CVE-2024-56837
7.2 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions …

Dec 9, 2025
CVE-2024-56836
7.5 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions …

Dec 9, 2025
CVE-2024-56835
8.8 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions …

Dec 9, 2025
CVE-2025-14285
7.3 HIGH

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_personnel.php. The manipulation of the argument …

Dec 9, 2025
CVE-2013-10031
7.5 HIGH

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks

Dec 9, 2025
CVE-2025-66204
8.1 HIGH

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` …

Dec 9, 2025
CVE-2025-65964
8.8 HIGH

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. …

Dec 9, 2025
CVE-2025-65271
8.8 HIGH

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. …

Dec 8, 2025
CVE-2025-14261
7.1 HIGH

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its …

Dec 8, 2025
CVE-2025-48625
7.0 HIGH

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This …

Dec 8, 2025
CVE-2025-48606
7.8 HIGH

In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to …

Dec 8, 2025
CVE-2025-14258
7.3 HIGH

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation …

Dec 8, 2025
CVE-2025-65795
7.5 HIGH

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

Dec 8, 2025
CVE-2025-65363
7.2 HIGH

Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and …

Dec 8, 2025
CVE-2025-63721
8.8 HIGH

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and …

Dec 8, 2025
CVE-2025-48639
7.3 HIGH

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation …

Dec 8, 2025
CVE-2025-48638
7.8 HIGH

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48637
7.8 HIGH

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48632
7.8 HIGH

In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input …

Dec 8, 2025
CVE-2025-48629
7.8 HIGH

In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead …

Dec 8, 2025
CVE-2025-48628
7.8 HIGH

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48627
7.8 HIGH

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48624
7.8 HIGH

In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48623
7.8 HIGH

In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48621
7.3 HIGH

In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48620
7.8 HIGH

In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic …

Dec 8, 2025
CVE-2025-48615
7.8 HIGH

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48612
7.8 HIGH

In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due …

Dec 8, 2025
CVE-2025-48599
7.8 HIGH

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead …

Dec 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.