CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-64050
7.2 HIGH

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands …

Nov 25, 2025
CVE-2025-40890
7.9 HIGH

A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft …

Nov 25, 2025
CVE-2025-0248
8.1 HIGH

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft …

Nov 25, 2025
CVE-2025-13502
7.5 HIGH

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via …

Nov 25, 2025
CVE-2025-13376
7.2 HIGH

The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. …

Nov 25, 2025
CVE-2025-13068
7.2 HIGH

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, …

Nov 25, 2025
CVE-2025-9803
8.8 HIGH

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' …

Nov 25, 2025
CVE-2025-65951
8.7 HIGH

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay …

Nov 25, 2025
CVE-2025-64761
7.2 HIGH

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a …

Nov 25, 2025
CVE-2025-65018
7.1 HIGH

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to …

Nov 25, 2025
CVE-2025-64720
7.1 HIGH

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to …

Nov 25, 2025
CVE-2025-62155
8.5 HIGH

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability …

Nov 25, 2025
CVE-2025-54563
7.5 HIGH

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading …

Nov 24, 2025
CVE-2025-54338
7.5 HIGH

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose …

Nov 24, 2025
CVE-2025-52538
8.0 HIGH

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or …

Nov 24, 2025
CVE-2025-48510
7.1 HIGH

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.

Nov 24, 2025
CVE-2025-0003
7.3 HIGH

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability

Nov 24, 2025
CVE-2025-56400
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile …

Nov 24, 2025
CVE-2025-52539
7.3 HIGH

A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially …

Nov 24, 2025
CVE-2025-0005
7.3 HIGH

Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of …

Nov 24, 2025
CVE-2025-13609
8.2 HIGH

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module …

Nov 24, 2025
CVE-2025-63434
8.8 HIGH

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without …

Nov 24, 2025
CVE-2025-60915
8.1 HIGH

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted …

Nov 24, 2025
CVE-2025-60638
7.5 HIGH

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability …

Nov 24, 2025
CVE-2025-56401
7.6 HIGH

ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.

Nov 24, 2025
CVE-2025-44018
8.3 HIGH

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. …

Nov 24, 2025
CVE-2025-10555
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary …

Nov 24, 2025
CVE-2025-10554
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute …

Nov 24, 2025
CVE-2025-12970
8.8 HIGH

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can …

Nov 24, 2025
CVE-2025-65998
7.5 HIGH

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. …

Nov 24, 2025
CVE-2025-65495
7.5 HIGH

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate …

Nov 24, 2025
CVE-2025-65494
7.5 HIGH

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate …

Nov 24, 2025
CVE-2025-65493
7.5 HIGH

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers …

Nov 24, 2025
CVE-2025-41729
7.5 HIGH

An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.

Nov 24, 2025
CVE-2025-13585
7.3 HIGH

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument …

Nov 24, 2025
CVE-2025-12629
7.1 HIGH

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Nov 24, 2025
CVE-2024-14015
7.1 HIGH

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a …

Nov 24, 2025
CVE-2025-7402
7.5 HIGH

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions …

Nov 24, 2025
CVE-2025-13583
7.3 HIGH

A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter …

Nov 24, 2025
CVE-2025-13582
7.3 HIGH

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the …

Nov 24, 2025
CVE-2025-13578
7.3 HIGH

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation …

Nov 24, 2025
CVE-2025-13572
7.3 HIGH

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument …

Nov 23, 2025
CVE-2025-13562
7.3 HIGH

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads …

Nov 23, 2025
CVE-2025-13561
7.3 HIGH

A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username …

Nov 23, 2025
CVE-2025-13560
7.3 HIGH

A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email …

Nov 23, 2025
CVE-2025-13557
7.3 HIGH

A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation …

Nov 23, 2025
CVE-2024-21923
7.3 HIGH

Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Nov 23, 2025
CVE-2024-21922
7.3 HIGH

A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Nov 23, 2025
CVE-2025-13556
7.3 HIGH

A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing a …

Nov 23, 2025
CVE-2025-13555
7.3 HIGH

A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing …

Nov 23, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.