CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-63528
8.5 HIGH

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode …

Dec 1, 2025
CVE-2025-63527
8.5 HIGH

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize …

Dec 1, 2025
CVE-2025-63526
8.5 HIGH

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied …

Dec 1, 2025
CVE-2024-56089
7.5 HIGH

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

Dec 1, 2025
CVE-2025-59789
7.5 HIGH

Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending …

Dec 1, 2025
CVE-2025-41738
7.5 HIGH

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, …

Dec 1, 2025
CVE-2025-41700
7.8 HIGH

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. …

Dec 1, 2025
CVE-2025-61619
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-61618
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-61617
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-61610
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-61609
7.5 HIGH

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution …

Dec 1, 2025
CVE-2025-61608
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-61607
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-3012
7.5 HIGH

In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-13814
7.3 HIGH

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation …

Dec 1, 2025
CVE-2025-11133
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-11132
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-11131
7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional …

Dec 1, 2025
CVE-2025-13808
7.3 HIGH

A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the …

Dec 1, 2025
CVE-2025-13806
7.3 HIGH

A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction …

Dec 1, 2025
CVE-2025-13803
7.3 HIGH

A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation …

Dec 1, 2025
CVE-2025-64772
7.8 HIGH

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. …

Dec 1, 2025
CVE-2025-13792
7.3 HIGH

A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a …

Nov 30, 2025
CVE-2025-13788
7.3 HIGH

A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of …

Nov 30, 2025
CVE-2025-13786
7.3 HIGH

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content …

Nov 30, 2025
CVE-2025-13782
7.3 HIGH

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component …

Nov 30, 2025
CVE-2025-66423
7.1 HIGH

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and …

Nov 30, 2025
CVE-2025-66289
8.8 HIGH

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is …

Nov 29, 2025
CVE-2025-66225
8.8 HIGH

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted …

Nov 29, 2025
CVE-2025-66224
8.8 HIGH

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and …

Nov 29, 2025
CVE-2025-66217
7.5 HIGH

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows …

Nov 29, 2025
CVE-2025-53899
7.2 HIGH

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a …

Nov 29, 2025
CVE-2025-53896
7.1 HIGH

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active …

Nov 29, 2025
CVE-2025-66201
8.1 HIGH

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI …

Nov 29, 2025
CVE-2025-51735
7.5 HIGH

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.

Nov 28, 2025
CVE-2025-12638
8.0 HIGH

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses …

Nov 28, 2025
CVE-2025-13768
7.5 HIGH

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific …

Nov 28, 2025
CVE-2025-66384
8.2 HIGH

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.

Nov 28, 2025
CVE-2025-58308
7.3 HIGH

Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Nov 28, 2025
CVE-2025-58302
8.4 HIGH

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Nov 28, 2025
CVE-2025-58316
7.3 HIGH

DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability.

Nov 28, 2025
CVE-2025-58310
8.0 HIGH

Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Nov 28, 2025
CVE-2025-58303
8.4 HIGH

UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Nov 28, 2025
CVE-2025-66360
8.8 HIGH

An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This …

Nov 28, 2025
CVE-2025-66359
8.5 HIGH

An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting …

Nov 28, 2025
CVE-2025-13757
8.8 HIGH

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.

Nov 27, 2025
CVE-2025-13692
7.2 HIGH

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, …

Nov 27, 2025
CVE-2025-59890
7.3 HIGH

Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access …

Nov 27, 2025
CVE-2025-13536
8.8 HIGH

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, …

Nov 27, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.