CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7820
7.5 HIGH

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to …

Nov 27, 2025
CVE-2025-13680
8.8 HIGH

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing …

Nov 27, 2025
CVE-2025-12758
7.5 HIGH

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that …

Nov 27, 2025
CVE-2025-66314
7.5 HIGH

Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ElasticNet UME R32: ElasticNet_UME_R32_V16.23.20.04.

Nov 27, 2025
CVE-2025-66031
7.5 HIGH

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables …

Nov 26, 2025
CVE-2025-64344
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 …

Nov 26, 2025
CVE-2025-64335
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 …

Nov 26, 2025
CVE-2025-64334
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 …

Nov 26, 2025
CVE-2025-64333
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 …

Nov 26, 2025
CVE-2025-64332
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 …

Nov 26, 2025
CVE-2025-64331
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 …

Nov 26, 2025
CVE-2025-64330
7.5 HIGH

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 …

Nov 26, 2025
CVE-2025-65202
8.0 HIGH

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which …

Nov 26, 2025
CVE-2025-65278
7.5 HIGH

An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords.

Nov 26, 2025
CVE-2025-12571
7.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have …

Nov 26, 2025
CVE-2025-66028
8.2 HIGH

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During …

Nov 26, 2025
CVE-2025-65966
8.1 HIGH

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request …

Nov 26, 2025
CVE-2025-65672
7.5 HIGH

Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.

Nov 26, 2025
CVE-2025-64129
7.6 HIGH

Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.

Nov 26, 2025
CVE-2025-55471
7.5 HIGH

Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.

Nov 26, 2025
CVE-2025-2486
8.8 HIGH

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. …

Nov 26, 2025
CVE-2025-13084
7.6 HIGH

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an …

Nov 26, 2025
CVE-2025-11461
8.8 HIGH

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

Nov 26, 2025
CVE-2025-46175
7.5 HIGH

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Nov 26, 2025
CVE-2025-56396
8.8 HIGH

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.

Nov 26, 2025
CVE-2025-46174
7.5 HIGH

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

Nov 26, 2025
CVE-2025-45311
8.8 HIGH

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because …

Nov 26, 2025
CVE-2025-13601
7.7 HIGH

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape …

Nov 26, 2025
CVE-2025-13735
7.4 HIGH

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR Lapwing_Linux on Linux (nr_fw modules). This vulnerability is associated with program files Code/nr_fw/DLP/src/NrCgi.C. This issue affects Lapwing_Linux: before …

Nov 26, 2025
CVE-2025-9558
7.6 HIGH

There is a potential OOB Write vulnerability in the gen_prov_start function in pb_adv.c. The full length of the received data is copied into the link.rx.buf …

Nov 26, 2025
CVE-2025-9557
7.6 HIGH

‭An out-of-bound write can lead to an arbitrary code execution. Even on devices with some form of memory protection, this can still lead to‬ ‭a …

Nov 26, 2025
CVE-2025-12061
8.6 HIGH

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and …

Nov 26, 2025
CVE-2025-64983
8.0 HIGH

Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access …

Nov 26, 2025
CVE-2025-66020
7.5 HIGH

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular …

Nov 26, 2025
CVE-2025-66263
7.5 HIGH

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, …

Nov 26, 2025
CVE-2025-66252
7.5 HIGH

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, …

Nov 26, 2025
CVE-2025-62703
8.8 HIGH

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. …

Nov 25, 2025
CVE-2025-58360
8.2 HIGH KEV

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an …

Nov 25, 2025
CVE-2025-51741
7.5 HIGH

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification …

Nov 25, 2025
CVE-2025-9624
7.5 HIGH

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 …

Nov 25, 2025
CVE-2025-12816
8.6 HIGH

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence …

Nov 25, 2025
CVE-2025-64065
8.8 HIGH

The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a …

Nov 25, 2025
CVE-2025-64064
8.8 HIGH

Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP_SECURITY_PROFILE_ID. Because of weak access …

Nov 25, 2025
CVE-2025-64066
8.6 HIGH

Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implement any authorization checks, allowing unauthenticated attackers …

Nov 25, 2025
CVE-2025-64062
8.8 HIGH

The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the …

Nov 25, 2025
CVE-2025-33205
7.3 HIGH

NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use …

Nov 25, 2025
CVE-2025-33204
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code …

Nov 25, 2025
CVE-2025-33203
7.6 HIGH

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A …

Nov 25, 2025
CVE-2025-33189
7.8 HIGH

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might …

Nov 25, 2025
CVE-2025-33188
8.0 HIGH

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might …

Nov 25, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.