CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13516
8.1 HIGH

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and …

Dec 2, 2025
CVE-2025-13000
7.7 HIGH

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks

Dec 2, 2025
CVE-2025-13387
7.2 HIGH

The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, …

Dec 2, 2025
CVE-2025-20768
7.8 HIGH

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if …

Dec 2, 2025
CVE-2025-20767
7.8 HIGH

In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a …

Dec 2, 2025
CVE-2025-20766
7.8 HIGH

In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor …

Dec 2, 2025
CVE-2025-20764
7.8 HIGH

In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if …

Dec 2, 2025
CVE-2025-20763
7.8 HIGH

In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if …

Dec 2, 2025
CVE-2025-12529
8.8 HIGH

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all …

Dec 2, 2025
CVE-2024-45675
8.4 HIGH

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.

Dec 2, 2025
CVE-2025-58482
7.3 HIGH

Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.

Dec 2, 2025
CVE-2025-58481
7.3 HIGH

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.

Dec 2, 2025
CVE-2025-66448
7.1 HIGH

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a …

Dec 1, 2025
CVE-2025-66313
7.2 HIGH

ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec …

Dec 1, 2025
CVE-2025-66300
8.5 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" …

Dec 1, 2025
CVE-2025-66299
8.8 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with …

Dec 1, 2025
CVE-2025-66298
7.5 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration …

Dec 1, 2025
CVE-2025-66297
8.8 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS …

Dec 1, 2025
CVE-2025-66296
8.8 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness …

Dec 1, 2025
CVE-2025-66295
8.8 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI …

Dec 1, 2025
CVE-2025-66294
8.8 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions …

Dec 1, 2025
CVE-2025-66205
7.1 HIGH

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of …

Dec 1, 2025
CVE-2025-65840
8.8 HIGH

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.

Dec 1, 2025
CVE-2025-55749
7.5 HIGH

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), …

Dec 1, 2025
CVE-2025-65838
7.5 HIGH

PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.

Dec 1, 2025
CVE-2025-63365
7.1 HIGH

SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for …

Dec 1, 2025
CVE-2025-13836
7.5 HIGH

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a …

Dec 1, 2025
CVE-2025-7007
7.5 HIGH

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to …

Dec 1, 2025
CVE-2025-64775
7.5 HIGH

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, …

Dec 1, 2025
CVE-2025-63534
8.5 HIGH

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode …

Dec 1, 2025
CVE-2025-63533
8.5 HIGH

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize …

Dec 1, 2025
CVE-2025-61229
7.8 HIGH

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script …

Dec 1, 2025
CVE-2025-61228
7.8 HIGH

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism

Dec 1, 2025
CVE-2025-57489
8.1 HIGH

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of …

Dec 1, 2025
CVE-2025-55222
8.6 HIGH

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A …

Dec 1, 2025
CVE-2025-55221
8.6 HIGH

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A …

Dec 1, 2025
CVE-2025-54851
7.5 HIGH

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted …

Dec 1, 2025
CVE-2025-54850
7.5 HIGH

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted …

Dec 1, 2025
CVE-2025-54849
7.5 HIGH

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted …

Dec 1, 2025
CVE-2025-54848
7.5 HIGH

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted …

Dec 1, 2025
CVE-2025-26858
8.6 HIGH

A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead …

Dec 1, 2025
CVE-2025-23417
8.6 HIGH

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can …

Dec 1, 2025
CVE-2025-20085
7.2 HIGH

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can …

Dec 1, 2025
CVE-2025-11699
7.1 HIGH

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid …

Dec 1, 2025
CVE-2025-10101
8.1 HIGH

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of …

Dec 1, 2025
CVE-2024-53684
7.5 HIGH

A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to …

Dec 1, 2025
CVE-2024-49572
7.2 HIGH

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to …

Dec 1, 2025
CVE-2024-48882
8.6 HIGH

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to …

Dec 1, 2025
CVE-2024-45370
7.3 HIGH

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to …

Dec 1, 2025
CVE-2024-39148
8.1 HIGH

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as …

Dec 1, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.