CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-66431
7.8 HIGH

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker …

Dec 3, 2025
CVE-2025-65843
7.7 HIGH

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside …

Dec 3, 2025
CVE-2025-54326
7.5 HIGH

An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device …

Dec 3, 2025
CVE-2025-54065
7.9 HIGH

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor …

Dec 3, 2025
CVE-2025-20387
8.0 HIGH

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can …

Dec 3, 2025
CVE-2025-20386
8.0 HIGH

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result …

Dec 3, 2025
CVE-2025-13492
7.0 HIGH

A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to …

Dec 3, 2025
CVE-2024-32643
7.5 HIGH

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to …

Dec 3, 2025
CVE-2024-32642
8.8 HIGH

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows …

Dec 3, 2025
CVE-2025-7044
7.7 HIGH

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject …

Dec 3, 2025
CVE-2025-65320
7.5 HIGH

Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license …

Dec 3, 2025
CVE-2025-57201
8.8 HIGH

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute …

Dec 3, 2025
CVE-2025-57199
8.8 HIGH

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary …

Dec 3, 2025
CVE-2025-57198
8.8 HIGH

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary …

Dec 3, 2025
CVE-2025-53841
7.8 HIGH

The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege …

Dec 3, 2025
CVE-2025-13947
7.4 HIGH

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via …

Dec 3, 2025
CVE-2025-12744
8.8 HIGH

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them …

Dec 3, 2025
CVE-2025-13646
7.5 HIGH

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions …

Dec 3, 2025
CVE-2025-13645
7.2 HIGH

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions …

Dec 3, 2025
CVE-2025-66476
7.8 HIGH

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious …

Dec 2, 2025
CVE-2025-64778
7.3 HIGH

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application …

Dec 2, 2025
CVE-2025-64642
8.0 HIGH

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations …

Dec 2, 2025
CVE-2025-64298
8.4 HIGH

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked …

Dec 2, 2025
CVE-2025-62575
8.3 HIGH

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the …

Dec 2, 2025
CVE-2025-61940
8.3 HIGH

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application …

Dec 2, 2025
CVE-2025-65877
7.5 HIGH

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic …

Dec 2, 2025
CVE-2025-66468
7.6 HIGH

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript …

Dec 2, 2025
CVE-2025-66416
8.1 HIGH

The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context …

Dec 2, 2025
CVE-2025-66414
8.1 HIGH

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK …

Dec 2, 2025
CVE-2025-61729
7.5 HIGH

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string …

Dec 2, 2025
CVE-2025-13721
7.5 HIGH

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security …

Dec 2, 2025
CVE-2025-13720
8.8 HIGH

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption …

Dec 2, 2025
CVE-2025-13639
8.1 HIGH

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security …

Dec 2, 2025
CVE-2025-13638
8.8 HIGH

Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Dec 2, 2025
CVE-2025-13633
8.8 HIGH

Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit …

Dec 2, 2025
CVE-2025-13631
8.8 HIGH

Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. …

Dec 2, 2025
CVE-2025-13630
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Dec 2, 2025
CVE-2025-66399
8.8 HIGH

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An …

Dec 2, 2025
CVE-2025-65844
7.5 HIGH

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by …

Dec 2, 2025
CVE-2025-64460
7.5 HIGH

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause …

Dec 2, 2025
CVE-2025-59702
7.2 HIGH

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events …

Dec 2, 2025
CVE-2025-59697
7.2 HIGH

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy …

Dec 2, 2025
CVE-2025-41015
7.5 HIGH

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The …

Dec 2, 2025
CVE-2025-41014
7.5 HIGH

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The …

Dec 2, 2025
CVE-2025-13295
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.

Dec 2, 2025
CVE-2025-11789
7.5 HIGH

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index …

Dec 2, 2025
CVE-2025-11787
8.8 HIGH

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.

Dec 2, 2025
CVE-2025-11781
7.8 HIGH

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the …

Dec 2, 2025
CVE-2025-13871
8.8 HIGH

Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of the connected users and then …

Dec 2, 2025
CVE-2025-13724
7.5 HIGH

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, …

Dec 2, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.