CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-63602
7.3 HIGH

A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an …

Nov 18, 2025
CVE-2025-63408
7.8 HIGH

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a …

Nov 18, 2025
CVE-2025-12383
7.4 HIGH

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, …

Nov 18, 2025
CVE-2025-59113
7.5 HIGH

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows …

Nov 18, 2025
CVE-2025-6670
8.8 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin …

Nov 18, 2025
CVE-2025-13344
7.3 HIGH

A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This …

Nov 18, 2025
CVE-2025-41737
7.5 HIGH

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.

Nov 18, 2025
CVE-2025-41736
8.8 HIGH

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in …

Nov 18, 2025
CVE-2025-41735
8.8 HIGH

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

Nov 18, 2025
CVE-2025-4212
7.2 HIGH

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, …

Nov 18, 2025
CVE-2025-13069
8.8 HIGH

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This …

Nov 18, 2025
CVE-2025-12955
7.5 HIGH

The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due …

Nov 18, 2025
CVE-2025-13088
8.8 HIGH

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is …

Nov 18, 2025
CVE-2025-12775
8.8 HIGH

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. …

Nov 18, 2025
CVE-2025-12528
8.1 HIGH

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic …

Nov 18, 2025
CVE-2025-12411
7.1 HIGH

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. …

Nov 18, 2025
CVE-2025-11620
7.2 HIGH

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpu_add_multiple_roles_ui' and …

Nov 18, 2025
CVE-2025-8727
7.2 HIGH

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a …

Nov 18, 2025
CVE-2025-8076
7.2 HIGH

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a …

Nov 18, 2025
CVE-2025-10089
7.7 HIGH

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, …

Nov 18, 2025
CVE-2025-48593
8.0 HIGH

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with …

Nov 18, 2025
CVE-2025-12974
8.1 HIGH

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in …

Nov 18, 2025
CVE-2025-8693
8.8 HIGH

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating …

Nov 18, 2025
CVE-2025-13323
7.3 HIGH

A security flaw has been discovered in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /listorder.php. Performing manipulation of …

Nov 18, 2025
CVE-2025-13230
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 18, 2025
CVE-2025-13229
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 18, 2025
CVE-2025-13228
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 18, 2025
CVE-2025-13227
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 18, 2025
CVE-2025-13226
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 18, 2025
CVE-2025-36553
8.8 HIGH

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted …

Nov 17, 2025
CVE-2025-36463
7.3 HIGH

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 …

Nov 17, 2025
CVE-2025-36462
7.3 HIGH

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 …

Nov 17, 2025
CVE-2025-36461
7.3 HIGH

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 …

Nov 17, 2025
CVE-2025-36460
7.3 HIGH

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 …

Nov 17, 2025
CVE-2025-32089
8.8 HIGH

A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted …

Nov 17, 2025
CVE-2025-31649
8.7 HIGH

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A …

Nov 17, 2025
CVE-2025-31361
8.7 HIGH

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. …

Nov 17, 2025
CVE-2025-13305
8.8 HIGH

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing …

Nov 17, 2025
CVE-2025-13304
8.8 HIGH

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing …

Nov 17, 2025
CVE-2025-13224
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 17, 2025
CVE-2025-13223
8.8 HIGH KEV

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 17, 2025
CVE-2025-36118
7.5 HIGH

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) …

Nov 17, 2025
CVE-2025-13301
7.3 HIGH

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The …

Nov 17, 2025
CVE-2025-13300
7.3 HIGH

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads …

Nov 17, 2025
CVE-2025-36357
8.0 HIGH

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially …

Nov 17, 2025
CVE-2025-13299
7.3 HIGH

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation …

Nov 17, 2025
CVE-2025-13298
7.3 HIGH

A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing a manipulation results …

Nov 17, 2025
CVE-2025-64756
7.5 HIGH

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command …

Nov 17, 2025
CVE-2025-58407
7.4 HIGH

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger …

Nov 17, 2025
CVE-2025-34323
7.8 HIGH

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The …

Nov 17, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.