CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-64745
2.7 LOW

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server …

Nov 13, 2025
CVE-2025-64744
3.5 LOW

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the …

Nov 13, 2025
CVE-2025-46370
3.3 LOW

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit …

Nov 13, 2025
CVE-2025-11777
3.1 LOW

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from …

Nov 13, 2025
CVE-2025-12817
3.1 LOW

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any …

Nov 13, 2025
CVE-2025-64711
3.9 LOW

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a …

Nov 13, 2025
CVE-2025-64345
1.8 LOW

Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly …

Nov 12, 2025
CVE-2025-64170
3.8 LOW

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user …

Nov 12, 2025
CVE-2025-63396
3.3 LOW

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a …

Nov 12, 2025
CVE-2025-13058
3.5 LOW

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The …

Nov 12, 2025
CVE-2025-57812
3.7 LOW

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be …

Nov 12, 2025
CVE-2025-20379
3.5 LOW

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that …

Nov 12, 2025
CVE-2025-20378
3.1 LOW

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a …

Nov 12, 2025
CVE-2025-32088
3.3 LOW

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software …

Nov 11, 2025
CVE-2025-32037
2.0 LOW

Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Network adversary with a …

Nov 11, 2025
CVE-2025-31948
3.3 LOW

Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2 within Ring 3: User Applications may allow a denial of service. Unprivileged …

Nov 11, 2025
CVE-2025-30509
3.8 LOW

Improper input validation for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software …

Nov 11, 2025
CVE-2025-25216
3.3 LOW

Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of …

Nov 11, 2025
CVE-2025-24862
2.0 LOW

Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of …

Nov 11, 2025
CVE-2025-24314
2.2 LOW

Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with …

Nov 11, 2025
CVE-2025-24307
2.0 LOW

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary …

Nov 11, 2025
CVE-2025-20622
3.8 LOW

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may …

Nov 11, 2025
CVE-2025-64773
2.7 LOW

In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit

Nov 11, 2025
CVE-2025-13015
3.4 LOW

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.

Nov 11, 2025
CVE-2025-8998
3.1 LOW

It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw …

Nov 11, 2025
CVE-2025-42883
2.7 LOW

Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files …

Nov 11, 2025
CVE-2025-62780
3.5 LOW

changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions …

Nov 10, 2025
CVE-2025-64682
2.7 LOW

In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit

Nov 10, 2025
CVE-2025-64681
2.7 LOW

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

Nov 10, 2025
CVE-2025-12923
2.7 LOW

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument …

Nov 10, 2025
CVE-2025-12920
2.4 LOW

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation …

Nov 9, 2025
CVE-2025-12919
3.7 LOW

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation …

Nov 9, 2025
CVE-2025-12918
3.1 LOW

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file …

Nov 9, 2025
CVE-2025-12854
3.7 LOW

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid …

Nov 7, 2025
CVE-2025-48985
3.7 LOW

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists …

Nov 7, 2025
CVE-2025-11219
3.1 LOW

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a …

Nov 6, 2025
CVE-2025-64326
2.6 LOW

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to …

Nov 6, 2025
CVE-2025-21077
3.3 LOW

Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.

Nov 5, 2025
CVE-2025-43442
3.3 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app …

Nov 4, 2025
CVE-2025-43423
2.0 LOW

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS …

Nov 4, 2025
CVE-2025-43408
2.4 LOW

This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe …

Nov 4, 2025
CVE-2025-43395
3.3 LOW

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app …

Nov 4, 2025
CVE-2025-43365
2.8 LOW

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An …

Nov 4, 2025
CVE-2025-43350
2.4 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view …

Nov 4, 2025
CVE-2025-43309
2.4 LOW

A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an …

Nov 4, 2025
CVE-2025-12623
3.1 LOW

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component …

Nov 3, 2025
CVE-2025-12616
3.7 LOW

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in …

Nov 3, 2025
CVE-2025-12547
3.7 LOW

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login …

Oct 31, 2025
CVE-2025-12546
3.5 LOW

A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation …

Oct 31, 2025
CVE-2025-36249
3.7 LOW

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to …

Oct 31, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.