CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-46427
8.8 HIGH

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged …

Nov 12, 2025
CVE-2025-13060
7.3 HIGH

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the …

Nov 12, 2025
CVE-2025-12048
7.5 HIGH

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or …

Nov 12, 2025
CVE-2025-10495
7.5 HIGH

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, …

Nov 12, 2025
CVE-2025-63929
7.5 HIGH

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference …

Nov 12, 2025
CVE-2025-63679
7.5 HIGH

free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes.

Nov 12, 2025
CVE-2025-57310
8.8 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.

Nov 12, 2025
CVE-2024-47866
7.5 HIGH

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object …

Nov 12, 2025
CVE-2025-65002
7.5 HIGH

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.

Nov 12, 2025
CVE-2025-65001
8.2 HIGH

Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability.

Nov 12, 2025
CVE-2025-63811
7.5 HIGH

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token …

Nov 12, 2025
CVE-2025-59088
8.6 HIGH

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records …

Nov 12, 2025
CVE-2025-2843
8.8 HIGH

A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue …

Nov 12, 2025
CVE-2025-13042
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Nov 12, 2025
CVE-2025-11797
7.8 HIGH

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause …

Nov 12, 2025
CVE-2025-11795
7.8 HIGH

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to …

Nov 12, 2025
CVE-2025-64293
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics 0-day-analytics allows SQL Injection.This issue affects 0 …

Nov 12, 2025
CVE-2025-11700
7.5 HIGH

N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

Nov 12, 2025
CVE-2025-63667
7.5 HIGH

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication.

Nov 12, 2025
CVE-2025-40149
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under …

Nov 12, 2025
CVE-2025-11994
7.2 HIGH

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 …

Nov 12, 2025
CVE-2025-59118
7.3 HIGH

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version …

Nov 12, 2025
CVE-2025-12382
8.8 HIGH

Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a …

Nov 12, 2025
CVE-2025-11962
7.3 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Digital Corporate Warehouse allows Stored XSS.This issue …

Nov 12, 2025
CVE-2025-64405
7.5 HIGH

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links …

Nov 12, 2025
CVE-2025-64404
7.5 HIGH

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would …

Nov 12, 2025
CVE-2025-64403
8.1 HIGH

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed …

Nov 12, 2025
CVE-2025-64401
7.5 HIGH

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links …

Nov 12, 2025
CVE-2025-12903
7.5 HIGH

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API …

Nov 12, 2025
CVE-2025-12633
7.5 HIGH

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on …

Nov 12, 2025
CVE-2025-11560
7.1 HIGH

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected …

Nov 12, 2025
CVE-2025-64531
7.8 HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Nov 11, 2025
CVE-2025-61835
7.8 HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in …

Nov 11, 2025
CVE-2025-61834
7.8 HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Nov 11, 2025
CVE-2025-61833
7.8 HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read …

Nov 11, 2025
CVE-2025-40827
7.8 HIGH

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application …

Nov 11, 2025
CVE-2025-40816
7.6 HIGH

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All …

Nov 11, 2025
CVE-2025-40815
7.2 HIGH

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All …

Nov 11, 2025
CVE-2025-40763
7.8 HIGH

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, …

Nov 11, 2025
CVE-2025-40744
7.5 HIGH

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect …

Nov 11, 2025
CVE-2024-32011
8.8 HIGH

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands …

Nov 11, 2025
CVE-2024-32010
7.8 HIGH

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database …

Nov 11, 2025
CVE-2024-32009
7.8 HIGH

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege …

Nov 11, 2025
CVE-2024-32008
7.8 HIGH

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege …

Nov 11, 2025
CVE-2025-61839
7.8 HIGH

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past …

Nov 11, 2025
CVE-2025-61838
7.8 HIGH

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Nov 11, 2025
CVE-2025-61837
7.8 HIGH

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Nov 11, 2025
CVE-2025-61830
7.1 HIGH

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain …

Nov 11, 2025
CVE-2025-62452
8.0 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Nov 11, 2025
CVE-2025-62222
8.8 HIGH

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code …

Nov 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.