CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48597
7.8 HIGH

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to …

Dec 8, 2025
CVE-2025-48596
7.8 HIGH

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48594
7.3 HIGH

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to …

Dec 8, 2025
CVE-2025-48592
7.5 HIGH

In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure …

Dec 8, 2025
CVE-2025-48589
7.8 HIGH

In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could …

Dec 8, 2025
CVE-2025-48588
7.8 HIGH

In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to …

Dec 8, 2025
CVE-2025-48586
7.8 HIGH

In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to …

Dec 8, 2025
CVE-2025-48583
7.8 HIGH

In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead …

Dec 8, 2025
CVE-2025-48580
7.8 HIGH

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic …

Dec 8, 2025
CVE-2025-48575
7.8 HIGH

In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48573
7.8 HIGH

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use …

Dec 8, 2025
CVE-2025-48572
7.8 HIGH KEV

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation …

Dec 8, 2025
CVE-2025-48566
7.8 HIGH

In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to …

Dec 8, 2025
CVE-2025-48565
7.8 HIGH

In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could …

Dec 8, 2025
CVE-2025-48564
7.0 HIGH

In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48555
7.8 HIGH

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48536
7.8 HIGH

In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could …

Dec 8, 2025
CVE-2025-48525
7.8 HIGH

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to …

Dec 8, 2025
CVE-2025-32329
7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic …

Dec 8, 2025
CVE-2025-32328
7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic …

Dec 8, 2025
CVE-2025-22420
7.8 HIGH

In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local …

Dec 8, 2025
CVE-2025-14257
7.3 HIGH

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument …

Dec 8, 2025
CVE-2025-14256
7.3 HIGH

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID …

Dec 8, 2025
CVE-2025-14251
7.3 HIGH

A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin …

Dec 8, 2025
CVE-2025-14250
7.3 HIGH

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user_contact.php. This manipulation of …

Dec 8, 2025
CVE-2025-14249
7.3 HIGH

A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation …

Dec 8, 2025
CVE-2025-14248
7.3 HIGH

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username …

Dec 8, 2025
CVE-2025-14245
7.3 HIGH

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params …

Dec 8, 2025
CVE-2025-14226
7.3 HIGH

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname …

Dec 8, 2025
CVE-2025-66328
8.4 HIGH

Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.

Dec 8, 2025
CVE-2025-66327
7.1 HIGH

Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Dec 8, 2025
CVE-2025-26488
7.5 HIGH

Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a …

Dec 8, 2025
CVE-2025-26487
8.6 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the …

Dec 8, 2025
CVE-2025-12956
8.7 HIGH

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary …

Dec 8, 2025
CVE-2025-66324
8.4 HIGH

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.

Dec 8, 2025
CVE-2025-14223
7.3 HIGH

A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation …

Dec 8, 2025
CVE-2025-14218
7.3 HIGH

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation …

Dec 8, 2025
CVE-2025-14217
7.3 HIGH

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID …

Dec 8, 2025
CVE-2025-14216
7.3 HIGH

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument …

Dec 8, 2025
CVE-2025-14215
7.3 HIGH

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID …

Dec 8, 2025
CVE-2025-14212
7.3 HIGH

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing …

Dec 8, 2025
CVE-2025-14211
7.3 HIGH

A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing a …

Dec 8, 2025
CVE-2025-14210
7.3 HIGH

A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of …

Dec 8, 2025
CVE-2025-14209
7.3 HIGH

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the …

Dec 8, 2025
CVE-2025-14207
7.3 HIGH

A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the …

Dec 8, 2025
CVE-2025-14196
8.8 HIGH

A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation …

Dec 7, 2025
CVE-2025-14192
7.3 HIGH

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth_login.php. Performing manipulation of the argument Username …

Dec 7, 2025
CVE-2025-14191
8.8 HIGH

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such …

Dec 7, 2025
CVE-2025-14190
7.3 HIGH

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation …

Dec 7, 2025
CVE-2025-14189
7.3 HIGH

A vulnerability was detected in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID …

Dec 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.