CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-34322
7.2 HIGH

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, …

Nov 17, 2025
CVE-2025-13297
7.3 HIGH

A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. …

Nov 17, 2025
CVE-2025-63917
7.1 HIGH

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external …

Nov 17, 2025
CVE-2025-62519
7.2 HIGH

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ …

Nov 17, 2025
CVE-2025-58410
7.5 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This …

Nov 17, 2025
CVE-2025-13319
8.8 HIGH

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via …

Nov 17, 2025
CVE-2025-13291
7.3 HIGH

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirm_order.php. Performing a manipulation of the argument …

Nov 17, 2025
CVE-2025-63916
8.1 HIGH

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing …

Nov 17, 2025
CVE-2025-63748
8.8 HIGH

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file …

Nov 17, 2025
CVE-2025-13288
8.8 HIGH

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno …

Nov 17, 2025
CVE-2025-13285
7.3 HIGH

A vulnerability was identified in itsourcecode Online Voting System 1.0. The affected element is an unknown function of the file /login.php. Such manipulation of the …

Nov 17, 2025
CVE-2025-13280
7.3 HIGH

A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. …

Nov 17, 2025
CVE-2025-40936
7.8 HIGH

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258), Solid Edge (All versions < V226.00 Update 03). The affected applications …

Nov 17, 2025
CVE-2025-13277
7.3 HIGH

A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of …

Nov 17, 2025
CVE-2025-13276
7.3 HIGH

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username …

Nov 17, 2025
CVE-2025-13272
7.3 HIGH

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Affected is an unknown function of the file /manage_course.php. Such manipulation of the …

Nov 17, 2025
CVE-2025-13271
7.3 HIGH

A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the …

Nov 17, 2025
CVE-2025-65073
7.5 HIGH

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

Nov 17, 2025
CVE-2025-13165
7.5 HIGH

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web …

Nov 17, 2025
CVE-2025-13262
7.3 HIGH

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of …

Nov 17, 2025
CVE-2025-13283
7.1 HIGH

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs …

Nov 17, 2025
CVE-2025-13282
8.1 HIGH

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication …

Nov 17, 2025
CVE-2025-13258
8.8 HIGH

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the …

Nov 17, 2025
CVE-2025-13257
7.3 HIGH

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation …

Nov 17, 2025
CVE-2025-13252
7.3 HIGH

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation …

Nov 16, 2025
CVE-2025-13248
7.3 HIGH

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. …

Nov 16, 2025
CVE-2025-13247
7.3 HIGH

A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation …

Nov 16, 2025
CVE-2025-13242
7.3 HIGH

A vulnerability has been found in code-projects Student Information System 2.0. This issue affects some unknown processing of the file /register.php. The manipulation leads to …

Nov 16, 2025
CVE-2025-13241
7.3 HIGH

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument …

Nov 16, 2025
CVE-2025-13240
7.3 HIGH

A vulnerability was detected in code-projects Student Information System 2.0. This affects an unknown part of the file /searchquery.php. Performing manipulation of the argument s …

Nov 16, 2025
CVE-2025-13237
7.3 HIGH

A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. The manipulation of the …

Nov 16, 2025
CVE-2025-12482
7.5 HIGH

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up …

Nov 16, 2025
CVE-2025-13235
7.3 HIGH

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument user_email …

Nov 16, 2025
CVE-2025-13233
7.3 HIGH

A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of …

Nov 16, 2025
CVE-2025-13203
7.3 HIGH

A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. This vulnerability affects unknown code of the file /addmem.php. Executing manipulation of the …

Nov 15, 2025
CVE-2025-13201
7.3 HIGH

A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation …

Nov 15, 2025
CVE-2025-13191
8.8 HIGH

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It …

Nov 15, 2025
CVE-2025-13190
8.8 HIGH

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results …

Nov 15, 2025
CVE-2025-13189
8.8 HIGH

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads …

Nov 15, 2025
CVE-2025-9317
8.4 HIGH

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' …

Nov 15, 2025
CVE-2025-64309
8.6 HIGH

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated …

Nov 15, 2025
CVE-2025-64308
7.5 HIGH

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.

Nov 15, 2025
CVE-2025-62765
7.5 HIGH

General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, …

Nov 15, 2025
CVE-2025-59780
7.5 HIGH

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain …

Nov 15, 2025
CVE-2025-55034
8.2 HIGH

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in …

Nov 15, 2025
CVE-2025-63891
7.5 HIGH

Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema …

Nov 14, 2025
CVE-2025-13033
7.5 HIGH

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw …

Nov 14, 2025
CVE-2025-63680
8.6 HIGH

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads …

Nov 14, 2025
CVE-2025-54346
7.6 HIGH

A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker …

Nov 14, 2025
CVE-2025-54345
7.5 HIGH

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.

Nov 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.