CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13554
7.3 HIGH

A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. …

Nov 23, 2025
CVE-2025-13553
8.8 HIGH

A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes …

Nov 23, 2025
CVE-2025-13552
8.8 HIGH

A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation …

Nov 23, 2025
CVE-2025-13551
8.8 HIGH

A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the …

Nov 23, 2025
CVE-2025-13550
8.8 HIGH

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url …

Nov 23, 2025
CVE-2025-13549
8.8 HIGH

A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results …

Nov 23, 2025
CVE-2025-13548
8.8 HIGH

A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument …

Nov 23, 2025
CVE-2025-13547
8.8 HIGH

A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument …

Nov 23, 2025
CVE-2025-13526
7.5 HIGH

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the …

Nov 22, 2025
CVE-2025-13384
7.5 HIGH

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due …

Nov 22, 2025
CVE-2025-65946
8.1 HIGH

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was …

Nov 21, 2025
CVE-2025-12888
7.5 HIGH

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. …

Nov 21, 2025
CVE-2025-11931
8.2 HIGH

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used …

Nov 21, 2025
CVE-2025-11935
7.5 HIGH

With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue …

Nov 21, 2025
CVE-2025-11087
8.8 HIGH

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is …

Nov 21, 2025
CVE-2025-62609
7.5 HIGH

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious …

Nov 21, 2025
CVE-2025-30201
7.7 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows …

Nov 21, 2025
CVE-2025-13132
7.4 HIGH

This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Without this notification, users could potentially be …

Nov 21, 2025
CVE-2025-13470
7.5 HIGH

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except …

Nov 21, 2025
CVE-2025-12973
7.2 HIGH

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file …

Nov 21, 2025
CVE-2025-13357
7.4 HIGH

Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If …

Nov 21, 2025
CVE-2025-66095
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from …

Nov 21, 2025
CVE-2025-66073
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.

Nov 21, 2025
CVE-2025-66055
7.2 HIGH

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= …

Nov 21, 2025
CVE-2025-13138
7.5 HIGH

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search' parameter of the select_2_ajax() function in all versions up to, …

Nov 21, 2025
CVE-2025-12160
7.2 HIGH

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to, and including, 6.6 …

Nov 21, 2025
CVE-2025-13156
8.8 HIGH

The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in …

Nov 21, 2025
CVE-2025-13322
8.1 HIGH

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and …

Nov 21, 2025
CVE-2025-13159
7.1 HIGH

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all …

Nov 21, 2025
CVE-2025-12138
8.8 HIGH

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and …

Nov 21, 2025
CVE-2025-12135
7.2 HIGH

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'css_code' parameter in all versions up to, and including, 1.0.6 due to …

Nov 21, 2025
CVE-2025-11985
8.8 HIGH

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check …

Nov 21, 2025
CVE-2025-64695
7.8 HIGH

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of …

Nov 21, 2025
CVE-2025-58097
7.8 HIGH

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary …

Nov 21, 2025
CVE-2025-13499
7.8 HIGH

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

Nov 21, 2025
CVE-2025-64751
8.8 HIGH

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart …

Nov 21, 2025
CVE-2025-62164
8.8 HIGH

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to …

Nov 21, 2025
CVE-2025-13485
7.3 HIGH

A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation …

Nov 21, 2025
CVE-2025-64660
8.0 HIGH

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.

Nov 20, 2025
CVE-2025-64655
8.8 HIGH

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

Nov 20, 2025
CVE-2025-62459
8.3 HIGH

Microsoft Defender Portal Spoofing Vulnerability

Nov 20, 2025
CVE-2025-62207
8.6 HIGH

Azure Monitor Elevation of Privilege Vulnerability

Nov 20, 2025
CVE-2025-36072
8.8 HIGH

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on …

Nov 20, 2025
CVE-2025-61138
7.5 HIGH

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.

Nov 20, 2025
CVE-2025-25613
7.5 HIGH

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were …

Nov 20, 2025
CVE-2025-48986
8.8 HIGH

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take …

Nov 20, 2025
CVE-2025-63889
7.5 HIGH

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.

Nov 20, 2025
CVE-2025-12121
7.3 HIGH

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function …

Nov 20, 2025
CVE-2025-12120
7.3 HIGH

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file …

Nov 20, 2025
CVE-2025-62730
8.8 HIGH

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able …

Nov 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.