CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-65029
8.1 HIGH

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to delete …

Nov 19, 2025
CVE-2025-65025
8.2 HIGH

esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during …

Nov 19, 2025
CVE-2025-63209
7.5 HIGH

The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing …

Nov 19, 2025
CVE-2025-63208
7.5 HIGH

An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via …

Nov 19, 2025
CVE-2025-63205
7.5 HIGH

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, …

Nov 19, 2025
CVE-2025-13316
8.1 HIGH

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted …

Nov 19, 2025
CVE-2025-64764
7.1 HIGH

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted …

Nov 19, 2025
CVE-2025-34335
8.8 HIGH

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled …

Nov 19, 2025
CVE-2025-34334
8.8 HIGH

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality …

Nov 19, 2025
CVE-2025-34333
7.8 HIGH

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system …

Nov 19, 2025
CVE-2025-34332
7.8 HIGH

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper …

Nov 19, 2025
CVE-2025-34331
7.5 HIGH

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint …

Nov 19, 2025
CVE-2025-13400
8.8 HIGH

A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results …

Nov 19, 2025
CVE-2025-65024
7.2 HIGH

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An …

Nov 19, 2025
CVE-2025-65023
7.2 HIGH

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An …

Nov 19, 2025
CVE-2025-65022
7.2 HIGH

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An …

Nov 19, 2025
CVE-2025-63220
7.2 HIGH

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate …

Nov 19, 2025
CVE-2025-63219
7.5 HIGH

The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on the /home.html endpoint. …

Nov 19, 2025
CVE-2025-13395
7.3 HIGH

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation …

Nov 19, 2025
CVE-2025-11230
7.5 HIGH

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

Nov 19, 2025
CVE-2025-13206
7.2 HIGH

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up …

Nov 19, 2025
CVE-2025-13035
8.0 HIGH

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the …

Nov 19, 2025
CVE-2025-12484
7.2 HIGH

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting …

Nov 19, 2025
CVE-2025-13145
7.2 HIGH

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and …

Nov 19, 2025
CVE-2025-12646
7.5 HIGH

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to …

Nov 19, 2025
CVE-2025-65015
7.5 HIGH

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 …

Nov 18, 2025
CVE-2025-64324
7.7 HIGH

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user …

Nov 18, 2025
CVE-2025-62406
8.1 HIGH

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset …

Nov 18, 2025
CVE-2025-63215
7.2 HIGH

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate …

Nov 18, 2025
CVE-2025-63227
7.2 HIGH

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials …

Nov 18, 2025
CVE-2025-37161
7.5 HIGH

A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could …

Nov 18, 2025
CVE-2025-63955
7.5 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into …

Nov 18, 2025
CVE-2025-61662
7.8 HIGH

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory …

Nov 18, 2025
CVE-2025-60455
8.4 HIGH

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.

Nov 18, 2025
CVE-2025-37163
7.2 HIGH

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this …

Nov 18, 2025
CVE-2025-37155
7.8 HIGH

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this …

Nov 18, 2025
CVE-2025-64076
7.5 HIGH

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read …

Nov 18, 2025
CVE-2025-63829
7.5 HIGH

eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.

Nov 18, 2025
CVE-2025-58692
8.8 HIGH

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through …

Nov 18, 2025
CVE-2025-58413
7.5 HIGH

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 …

Nov 18, 2025
CVE-2025-58034
7.2 HIGH KEV

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 …

Nov 18, 2025
CVE-2025-56527
7.5 HIGH

Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.

Nov 18, 2025
CVE-2025-55796
7.5 HIGH

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email …

Nov 18, 2025
CVE-2025-53843
7.5 HIGH

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 …

Nov 18, 2025
CVE-2025-47761
7.8 HIGH

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local …

Nov 18, 2025
CVE-2025-46373
7.8 HIGH

A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to …

Nov 18, 2025
CVE-2025-34324
7.8 HIGH

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is …

Nov 18, 2025
CVE-2025-33184
7.8 HIGH

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of …

Nov 18, 2025
CVE-2025-33183
7.8 HIGH

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of …

Nov 18, 2025
CVE-2025-63800
7.5 HIGH

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing …

Nov 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.