CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-33199
3.2 LOW

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability …

Nov 25, 2025
CVE-2025-33198
3.3 LOW

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this …

Nov 25, 2025
CVE-2025-36134
3.7 LOW

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a …

Nov 25, 2025
CVE-2025-59485
3.3 LOW

Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed …

Nov 25, 2025
CVE-2025-13643
3.1 LOW

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by …

Nov 25, 2025
CVE-2025-13584
3.5 LOW

A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the …

Nov 24, 2025
CVE-2025-13577
3.5 LOW

A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation …

Nov 24, 2025
CVE-2025-13566
3.3 LOW

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation …

Nov 23, 2025
CVE-2025-11934
2.7 LOW

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm …

Nov 21, 2025
CVE-2025-31216
2.4 LOW

The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to …

Nov 21, 2025
CVE-2025-66062
3.4 LOW

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through …

Nov 21, 2025
CVE-2025-64299
2.7 LOW

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.

Nov 21, 2025
CVE-2025-13484
2.4 LOW

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of …

Nov 20, 2025
CVE-2025-52666
2.7 LOW

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin …

Nov 20, 2025
CVE-2025-35029
3.5 LOW

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' …

Nov 20, 2025
CVE-2025-64524
3.3 LOW

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and …

Nov 20, 2025
CVE-2025-13469
2.4 LOW

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the …

Nov 20, 2025
CVE-2025-13450
3.5 LOW

A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name …

Nov 20, 2025
CVE-2025-13415
3.5 LOW

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. …

Nov 19, 2025
CVE-2025-13412
2.4 LOW

A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing …

Nov 19, 2025
CVE-2025-64757
3.5 LOW

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file …

Nov 19, 2025
CVE-2025-13397
3.3 LOW

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument …

Nov 19, 2025
CVE-2025-65014
3.7 LOW

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality …

Nov 18, 2025
CVE-2025-52639
3.5 LOW

HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused …

Nov 18, 2025
CVE-2025-54821
1.9 LOW

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, …

Nov 18, 2025
CVE-2025-13083
3.7 LOW

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: …

Nov 18, 2025
CVE-2025-12761
3.5 LOW

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Simple multi step form allows Cross-Site Scripting (XSS).This issue affects Simple multi …

Nov 18, 2025
CVE-2025-55074
3.0 LOW

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users …

Nov 18, 2025
CVE-2025-13349
3.5 LOW

A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component …

Nov 18, 2025
CVE-2025-13343
3.5 LOW

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the …

Nov 18, 2025
CVE-2025-64734
2.4 LOW

Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service …

Nov 18, 2025
CVE-2025-12792
3.2 LOW

The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged …

Nov 18, 2025
CVE-2025-63292
3.5 LOW

Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), …

Nov 17, 2025
CVE-2025-65083
3.2 LOW

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects …

Nov 17, 2025
CVE-2025-13245
3.5 LOW

A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to …

Nov 16, 2025
CVE-2025-13232
3.5 LOW

A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes …

Nov 16, 2025
CVE-2025-13202
3.5 LOW

A security flaw has been discovered in code-projects Simple Cafe Ordering System 1.0. This affects an unknown part of the file /add_to_cart. Performing manipulation of …

Nov 15, 2025
CVE-2025-12983
3.5 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have …

Nov 15, 2025
CVE-2025-7736
3.1 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have …

Nov 15, 2025
CVE-2025-6945
3.5 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have …

Nov 15, 2025
CVE-2025-11990
3.1 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated …

Nov 15, 2025
CVE-2025-13186
2.4 LOW

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file …

Nov 14, 2025
CVE-2025-13182
3.5 LOW

A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title …

Nov 14, 2025
CVE-2025-13181
3.5 LOW

A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument …

Nov 14, 2025
CVE-2025-13180
3.5 LOW

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. …

Nov 14, 2025
CVE-2025-13178
3.5 LOW

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile …

Nov 14, 2025
CVE-2025-54560
3.8 LOW

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.

Nov 14, 2025
CVE-2025-54559
3.7 LOW

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external …

Nov 14, 2025
CVE-2025-54342
3.3 LOW

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible …

Nov 14, 2025
CVE-2025-41436
3.1 LOW

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and …

Nov 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.