CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-11209
8.2 HIGH

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) …

Nov 6, 2025
CVE-2025-11206
7.1 HIGH

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Nov 6, 2025
CVE-2025-11205
8.8 HIGH

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap …

Nov 6, 2025
CVE-2024-12125
7.5 HIGH

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify …

Nov 6, 2025
CVE-2025-64173
7.5 HIGH

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as …

Nov 6, 2025
CVE-2025-52881
7.5 HIGH

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick …

Nov 6, 2025
CVE-2025-12790
7.4 HIGH

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

Nov 6, 2025
CVE-2025-12489
7.8 HIGH

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain …

Nov 6, 2025
CVE-2025-12486
8.8 HIGH

Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data …

Nov 6, 2025
CVE-2025-52565
7.5 HIGH

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through …

Nov 6, 2025
CVE-2025-34239
7.2 HIGH

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the …

Nov 6, 2025
CVE-2025-12490
8.8 HIGH

Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. …

Nov 6, 2025
CVE-2022-50595
7.2 HIGH

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks …

Nov 6, 2025
CVE-2022-50594
7.5 HIGH

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks …

Nov 6, 2025
CVE-2022-50592
7.2 HIGH

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks …

Nov 6, 2025
CVE-2025-63551
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw …

Nov 6, 2025
CVE-2025-60541
7.3 HIGH

A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request.

Nov 6, 2025
CVE-2025-31133
7.8 HIGH

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and …

Nov 6, 2025
CVE-2024-25621
7.3 HIGH

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default …

Nov 6, 2025
CVE-2025-27919
8.2 HIGH

An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create …

Nov 6, 2025
CVE-2025-27917
7.5 HIGH

An issue was discovered in AnyDesk for Windows before 9.0.5, AnyDesk for macOS before 9.0.1, AnyDesk for Linux before 7.0.0, AnyDesk for iOS before 7.1.2, …

Nov 6, 2025
CVE-2025-27916
7.5 HIGH

An issue was discovered in AnyDesk for Windows before 9.0.6 and AnyDesk for Android before 8.0.0. When the connection between two clients is established via …

Nov 6, 2025
CVE-2025-63589
7.1 HIGH

A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated …

Nov 6, 2025
CVE-2025-63588
7.1 HIGH

An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser …

Nov 6, 2025
CVE-2025-63560
7.5 HIGH

An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service …

Nov 6, 2025
CVE-2025-12485
8.8 HIGH

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does …

Nov 6, 2025
CVE-2025-10885
7.8 HIGH

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded …

Nov 6, 2025
CVE-2025-64287
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local …

Nov 6, 2025
CVE-2025-64232
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: …

Nov 6, 2025
CVE-2025-64224
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects …

Nov 6, 2025
CVE-2025-64198
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social …

Nov 6, 2025
CVE-2025-64196
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: …

Nov 6, 2025
CVE-2025-63307
8.1 HIGH

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types …

Nov 6, 2025
CVE-2025-62076
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= …

Nov 6, 2025
CVE-2025-62075
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: …

Nov 6, 2025
CVE-2025-62074
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.71.

Nov 6, 2025
CVE-2025-62067
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through …

Nov 6, 2025
CVE-2025-62066
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through …

Nov 6, 2025
CVE-2025-62059
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force SureRank surerank.This issue affects SureRank: from n/a through <= 1.3.2.

Nov 6, 2025
CVE-2025-62057
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from …

Nov 6, 2025
CVE-2025-62055
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Academist academist.This issue affects Academist: from n/a through …

Nov 6, 2025
CVE-2025-62053
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through …

Nov 6, 2025
CVE-2025-62045
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects …

Nov 6, 2025
CVE-2025-62041
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.1.

Nov 6, 2025
CVE-2025-62040
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YOP YOP Poll yop-poll.This issue affects YOP Poll: from n/a through <= 6.5.37.

Nov 6, 2025
CVE-2025-62039
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive …

Nov 6, 2025
CVE-2025-62036
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.

Nov 6, 2025
CVE-2025-62035
8.8 HIGH

Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.

Nov 6, 2025
CVE-2025-62034
8.8 HIGH

Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.

Nov 6, 2025
CVE-2025-62031
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1.

Nov 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.