CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13204
7.3 HIGH

npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary …

Nov 14, 2025
CVE-2025-13170
7.3 HIGH

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing a manipulation …

Nov 14, 2025
CVE-2025-13169
7.3 HIGH

A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation …

Nov 14, 2025
CVE-2024-21635
7.5 HIGH

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of …

Nov 14, 2025
CVE-2025-9982
7.5 HIGH

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers …

Nov 14, 2025
CVE-2025-11918
7.3 HIGH

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to …

Nov 14, 2025
CVE-2025-8855
8.1 HIGH

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting …

Nov 14, 2025
CVE-2025-64444
7.2 HIGH

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker …

Nov 14, 2025
CVE-2025-10686
7.2 HIGH

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and …

Nov 14, 2025
CVE-2025-13161
7.5 HIGH

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system …

Nov 14, 2025
CVE-2025-12904
7.2 HIGH

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 …

Nov 14, 2025
CVE-2024-9126
7.5 HIGH

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific …

Nov 14, 2025
CVE-2024-7017
7.5 HIGH

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Nov 14, 2025
CVE-2025-64530
7.5 HIGH

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, …

Nov 13, 2025
CVE-2025-47913
7.5 HIGH

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Nov 13, 2025
CVE-2025-36236
8.2 HIGH

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker …

Nov 13, 2025
CVE-2025-13131
7.8 HIGH

A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results …

Nov 13, 2025
CVE-2025-13130
7.8 HIGH

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation …

Nov 13, 2025
CVE-2025-60679
8.8 HIGH

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs …

Nov 13, 2025
CVE-2025-59840
8.1 HIGH

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 …

Nov 13, 2025
CVE-2025-46369
7.8 HIGH

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially …

Nov 13, 2025
CVE-2025-46367
7.8 HIGH

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local …

Nov 13, 2025
CVE-2025-63406
8.8 HIGH

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in …

Nov 13, 2025
CVE-2025-43515
8.8 HIGH

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as …

Nov 13, 2025
CVE-2025-60698
7.3 HIGH

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied …

Nov 13, 2025
CVE-2025-60697
7.3 HIGH

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied …

Nov 13, 2025
CVE-2025-13122
7.3 HIGH

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing …

Nov 13, 2025
CVE-2025-12785
7.5 HIGH

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP …

Nov 13, 2025
CVE-2025-60696
8.4 HIGH

A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s …

Nov 13, 2025
CVE-2025-60694
7.5 HIGH

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied …

Nov 13, 2025
CVE-2025-60692
8.4 HIGH

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf …

Nov 13, 2025
CVE-2025-60691
8.8 HIGH

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from …

Nov 13, 2025
CVE-2025-60690
8.8 HIGH

A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to …

Nov 13, 2025
CVE-2025-20341
8.8 HIGH

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability …

Nov 13, 2025
CVE-2025-13121
7.3 HIGH

A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such …

Nov 13, 2025
CVE-2025-64511
7.4 HIGH

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python …

Nov 13, 2025
CVE-2025-62484
8.1 HIGH

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network …

Nov 13, 2025
CVE-2025-64741
8.1 HIGH

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Nov 13, 2025
CVE-2025-64740
7.5 HIGH

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of …

Nov 13, 2025
CVE-2025-12765
7.5 HIGH

pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

Nov 13, 2025
CVE-2025-12764
7.5 HIGH

pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in …

Nov 13, 2025
CVE-2025-12844
7.1 HIGH

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization …

Nov 13, 2025
CVE-2025-12733
8.8 HIGH

The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions …

Nov 13, 2025
CVE-2025-11923
8.8 HIGH

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin …

Nov 13, 2025
CVE-2025-64523
8.8 HIGH

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions …

Nov 12, 2025
CVE-2025-64500
7.3 HIGH

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for …

Nov 12, 2025
CVE-2025-64186
8.7 HIGH

Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that …

Nov 12, 2025
CVE-2025-13063
7.3 HIGH

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may …

Nov 12, 2025
CVE-2025-8485
7.3 HIGH

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation …

Nov 12, 2025
CVE-2025-46428
8.8 HIGH

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged …

Nov 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.