CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13159
7.1 HIGH

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all …

Nov 21, 2025
CVE-2025-12138
8.8 HIGH

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and …

Nov 21, 2025
CVE-2025-12135
7.2 HIGH

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'css_code' parameter in all versions up to, and including, 1.0.6 due to …

Nov 21, 2025
CVE-2025-11985
8.8 HIGH

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check …

Nov 21, 2025
CVE-2025-64695
7.8 HIGH

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of …

Nov 21, 2025
CVE-2025-58097
7.8 HIGH

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary …

Nov 21, 2025
CVE-2025-13499
7.8 HIGH

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

Nov 21, 2025
CVE-2025-64751
8.8 HIGH

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart …

Nov 21, 2025
CVE-2025-62164
8.8 HIGH

vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to …

Nov 21, 2025
CVE-2025-13485
7.3 HIGH

A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation …

Nov 21, 2025
CVE-2025-64660
8.0 HIGH

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.

Nov 20, 2025
CVE-2025-64655
8.8 HIGH

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

Nov 20, 2025
CVE-2025-62459
8.3 HIGH

Microsoft Defender Portal Spoofing Vulnerability

Nov 20, 2025
CVE-2025-62207
8.6 HIGH

Azure Monitor Elevation of Privilege Vulnerability

Nov 20, 2025
CVE-2025-36072
8.8 HIGH

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on …

Nov 20, 2025
CVE-2025-61138
7.5 HIGH

Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.

Nov 20, 2025
CVE-2025-25613
7.5 HIGH

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were …

Nov 20, 2025
CVE-2025-48986
8.8 HIGH

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take …

Nov 20, 2025
CVE-2025-63889
7.5 HIGH

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.

Nov 20, 2025
CVE-2025-12121
7.3 HIGH

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function …

Nov 20, 2025
CVE-2025-12120
7.3 HIGH

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file …

Nov 20, 2025
CVE-2025-62730
8.8 HIGH

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able …

Nov 20, 2025
CVE-2025-62294
7.5 HIGH

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force …

Nov 20, 2025
CVE-2025-41075
7.5 HIGH

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation …

Nov 20, 2025
CVE-2025-41074
7.5 HIGH

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation …

Nov 20, 2025
CVE-2025-40601
7.5 HIGH

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an …

Nov 20, 2025
CVE-2025-13451
7.3 HIGH

A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the …

Nov 20, 2025
CVE-2025-13449
7.3 HIGH

A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument …

Nov 20, 2025
CVE-2025-13446
8.8 HIGH

A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads …

Nov 20, 2025
CVE-2025-13445
8.8 HIGH

A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list …

Nov 20, 2025
CVE-2025-13442
7.3 HIGH

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. …

Nov 20, 2025
CVE-2025-13433
7.0 HIGH

A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the …

Nov 20, 2025
CVE-2025-0645
7.2 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained …

Nov 20, 2025
CVE-2025-0643
7.2 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows …

Nov 20, 2025
CVE-2025-13422
7.3 HIGH

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of …

Nov 20, 2025
CVE-2025-13421
7.3 HIGH

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of …

Nov 19, 2025
CVE-2025-13420
7.3 HIGH

A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of …

Nov 19, 2025
CVE-2025-11001
7.8 HIGH

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction …

Nov 19, 2025
CVE-2025-63719
7.3 HIGH

Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username.

Nov 19, 2025
CVE-2025-63371
7.5 HIGH

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting …

Nov 19, 2025
CVE-2025-13410
7.3 HIGH

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of …

Nov 19, 2025
CVE-2025-65103
8.8 HIGH

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows …

Nov 19, 2025
CVE-2025-63932
7.3 HIGH

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter …

Nov 19, 2025
CVE-2025-51663
7.5 HIGH

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by …

Nov 19, 2025
CVE-2025-51661
7.5 HIGH

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method …

Nov 19, 2025
CVE-2025-65094
8.8 HIGH

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group …

Nov 19, 2025
CVE-2025-64759
8.1 HIGH

Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal …

Nov 19, 2025
CVE-2025-65034
8.1 HIGH

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging …

Nov 19, 2025
CVE-2025-65033
8.1 HIGH

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to …

Nov 19, 2025
CVE-2025-65030
7.1 HIGH

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the comment deletion API allows any authenticated user to …

Nov 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.