CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-12197
7.5 HIGH

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient …

Nov 5, 2025
CVE-2025-64110
7.5 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive …

Nov 5, 2025
CVE-2025-64109
8.8 HIGH

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to …

Nov 5, 2025
CVE-2025-64108
8.8 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to …

Nov 4, 2025
CVE-2025-64107
8.8 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path …

Nov 4, 2025
CVE-2025-64106
8.8 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables …

Nov 4, 2025
CVE-2025-59595
7.5 HIGH

CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet …

Nov 4, 2025
CVE-2025-62507
8.8 HIGH

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple …

Nov 4, 2025
CVE-2025-62369
7.2 HIGH

Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability …

Nov 4, 2025
CVE-2025-56230
7.5 HIGH

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.

Nov 4, 2025
CVE-2025-54526
7.8 HIGH

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute …

Nov 4, 2025
CVE-2025-54496
7.8 HIGH

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.

Nov 4, 2025
CVE-2025-32786
7.5 HIGH

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. …

Nov 4, 2025
CVE-2024-56426
7.5 HIGH

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, …

Nov 4, 2025
CVE-2025-49494
7.5 HIGH

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an …

Nov 4, 2025
CVE-2025-23358
8.2 HIGH

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of …

Nov 4, 2025
CVE-2025-54334
7.5 HIGH

An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer …

Nov 4, 2025
CVE-2025-52513
7.5 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading …

Nov 4, 2025
CVE-2025-52512
7.5 HIGH

An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading …

Nov 4, 2025
CVE-2025-54332
7.5 HIGH

An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the …

Nov 4, 2025
CVE-2025-54329
7.5 HIGH

An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, …

Nov 4, 2025
CVE-2025-54323
7.5 HIGH

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. …

Nov 4, 2025
CVE-2025-41345
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41344
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41343
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41342
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41341
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41340
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41339
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41338
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41337
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41336
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41335
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41114
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41113
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41112
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-41111
7.5 HIGH

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through …

Nov 4, 2025
CVE-2025-11690
8.5 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue …

Nov 4, 2025
CVE-2025-20742
8.0 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Nov 4, 2025
CVE-2025-20737
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Nov 4, 2025
CVE-2025-20735
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Nov 4, 2025
CVE-2025-20733
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Nov 4, 2025
CVE-2025-20728
7.8 HIGH

In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Nov 4, 2025
CVE-2025-20727
8.1 HIGH

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if …

Nov 4, 2025
CVE-2025-20726
7.5 HIGH

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if …

Nov 4, 2025
CVE-2025-20725
7.5 HIGH

In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, …

Nov 4, 2025
CVE-2025-11890
7.5 HIGH

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This …

Nov 4, 2025
CVE-2025-11733
7.2 HIGH

The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.0.7 due …

Nov 4, 2025
CVE-2025-11724
8.8 HIGH

The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, …

Nov 4, 2025
CVE-2025-11704
7.5 HIGH

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of …

Nov 4, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.