CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-59499
8.8 HIGH

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Nov 11, 2025
CVE-2025-30398
8.1 HIGH

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.

Nov 11, 2025
CVE-2025-61832
7.8 HIGH

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Nov 11, 2025
CVE-2025-61824
7.8 HIGH

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Nov 11, 2025
CVE-2025-61818
7.8 HIGH

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of …

Nov 11, 2025
CVE-2025-61817
7.8 HIGH

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of …

Nov 11, 2025
CVE-2025-61816
7.8 HIGH

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Nov 11, 2025
CVE-2025-61815
7.8 HIGH

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Nov 11, 2025
CVE-2025-61814
7.8 HIGH

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Nov 11, 2025
CVE-2025-35971
8.2 HIGH

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged …

Nov 11, 2025
CVE-2025-35967
7.4 HIGH

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged …

Nov 11, 2025
CVE-2025-35963
7.4 HIGH

Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of …

Nov 11, 2025
CVE-2025-33186
8.8 HIGH

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.

Nov 11, 2025
CVE-2025-33178
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code …

Nov 11, 2025
CVE-2025-33029
7.4 HIGH

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged …

Nov 11, 2025
CVE-2025-33000
8.8 HIGH

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary …

Nov 11, 2025
CVE-2025-32091
8.2 HIGH

Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software …

Nov 11, 2025
CVE-2025-30255
8.2 HIGH

Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged …

Nov 11, 2025
CVE-2025-30185
7.9 HIGH

Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. System software …

Nov 11, 2025
CVE-2025-27713
7.8 HIGH

Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary …

Nov 11, 2025
CVE-2025-24838
8.8 HIGH

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary …

Nov 11, 2025
CVE-2025-24299
8.8 HIGH

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary …

Nov 11, 2025
CVE-2025-23361
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code …

Nov 11, 2025
CVE-2025-23357
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A …

Nov 11, 2025
CVE-2025-20010
7.8 HIGH

Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of …

Nov 11, 2025
CVE-2025-12944
8.8 HIGH

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on …

Nov 11, 2025
CVE-2025-12943
7.5 HIGH

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) …

Nov 11, 2025
CVE-2025-12942
7.5 HIGH

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over …

Nov 11, 2025
CVE-2025-9408
8.1 HIGH

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for …

Nov 11, 2025
CVE-2025-13027
8.1 HIGH

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Nov 11, 2025
CVE-2025-13025
7.5 HIGH

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Nov 11, 2025
CVE-2025-13020
8.8 HIGH

Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-13019
8.1 HIGH

Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-13018
8.1 HIGH

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-13017
8.1 HIGH

Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-13016
7.5 HIGH

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-13014
8.8 HIGH

Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-13012
7.5 HIGH

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Nov 11, 2025
CVE-2025-10918
7.1 HIGH

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on …

Nov 11, 2025
CVE-2025-11959
8.1 HIGH

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information …

Nov 11, 2025
CVE-2024-57695
7.7 HIGH

An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The …

Nov 11, 2025
CVE-2025-9223
8.8 HIGH

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action …

Nov 11, 2025
CVE-2025-10161
7.3 HIGH

Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. …

Nov 11, 2025
CVE-2025-7633
7.3 HIGH

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.

Nov 11, 2025
CVE-2025-7632
7.3 HIGH

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.

Nov 11, 2025
CVE-2025-7430
7.3 HIGH

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.

Nov 11, 2025
CVE-2025-12846
8.8 HIGH

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to …

Nov 11, 2025
CVE-2025-7429
7.3 HIGH

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.

Nov 11, 2025
CVE-2025-10714
8.4 HIGH

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can …

Nov 11, 2025
CVE-2025-11855
7.5 HIGH

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin …

Nov 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.