CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-64363
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue …

Oct 31, 2025
CVE-2025-64360
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File …

Oct 31, 2025
CVE-2025-64359
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue …

Oct 31, 2025
CVE-2025-64353
8.8 HIGH

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.

Oct 31, 2025
CVE-2025-58149
7.5 HIGH

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a …

Oct 31, 2025
CVE-2025-58148
7.5 HIGH

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of …

Oct 31, 2025
CVE-2025-58147
7.5 HIGH

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of …

Oct 31, 2025
CVE-2025-12115
7.5 HIGH

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This …

Oct 31, 2025
CVE-2025-62232
7.5 HIGH

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level …

Oct 31, 2025
CVE-2025-30189
7.4 HIGH

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. …

Oct 31, 2025
CVE-2025-30188
7.5 HIGH

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate …

Oct 31, 2025
CVE-2025-10897
8.6 HIGH

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible …

Oct 31, 2025
CVE-2025-7846
8.8 HIGH

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in …

Oct 31, 2025
CVE-2025-54763
7.2 HIGH

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web …

Oct 31, 2025
CVE-2025-8849
7.5 HIGH

LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` …

Oct 31, 2025
CVE-2025-6176
7.5 HIGH

Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection …

Oct 31, 2025
CVE-2025-52664
8.8 HIGH

SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users

Oct 31, 2025
CVE-2025-52663
7.3 HIGH

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to …

Oct 31, 2025
CVE-2025-48984
8.8 HIGH

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Oct 31, 2025
CVE-2025-48982
7.8 HIGH

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.

Oct 31, 2025
CVE-2025-34298
8.8 HIGH

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to …

Oct 30, 2025
CVE-2025-34287
7.8 HIGH

Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because …

Oct 30, 2025
CVE-2025-34286
7.2 HIGH

Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check command. Insufficient validation/escaping of parameters …

Oct 30, 2025
CVE-2025-34284
8.8 HIGH

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to …

Oct 30, 2025
CVE-2025-34280
7.2 HIGH

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate …

Oct 30, 2025
CVE-2025-34134
7.2 HIGH

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence (BPI) component. Insufficient validation and sanitization of administrator-controlled …

Oct 30, 2025
CVE-2024-58273
7.8 HIGH

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web …

Oct 30, 2025
CVE-2024-14009
7.2 HIGH

Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. …

Oct 30, 2025
CVE-2024-14008
7.2 HIGH

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated …

Oct 30, 2025
CVE-2024-14005
8.8 HIGH

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an …

Oct 30, 2025
CVE-2024-14004
8.8 HIGH

Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data …

Oct 30, 2025
CVE-2024-13995
8.8 HIGH

Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated …

Oct 30, 2025
CVE-2023-7322
8.1 HIGH

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API …

Oct 30, 2025
CVE-2023-7317
8.8 HIGH

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact …

Oct 30, 2025
CVE-2021-47700
7.8 HIGH

Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes …

Oct 30, 2025
CVE-2021-47693
8.8 HIGH

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search …

Oct 30, 2025
CVE-2020-36869
7.2 HIGH

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges …

Oct 30, 2025
CVE-2020-36868
7.8 HIGH

Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using …

Oct 30, 2025
CVE-2020-36867
8.8 HIGH

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline …

Oct 30, 2025
CVE-2020-36863
8.8 HIGH

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler …

Oct 30, 2025
CVE-2020-36859
8.8 HIGH

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object …

Oct 30, 2025
CVE-2020-36857
7.2 HIGH

Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges …

Oct 30, 2025
CVE-2020-36856
8.8 HIGH

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation of the `address` parameter allows …

Oct 30, 2025
CVE-2018-25123
7.8 HIGH

Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local …

Oct 30, 2025
CVE-2018-25122
8.8 HIGH

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with …

Oct 30, 2025
CVE-2016-15050
8.8 HIGH

Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without …

Oct 30, 2025
CVE-2013-10073
8.8 HIGH

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate …

Oct 30, 2025
CVE-2011-10035
7.0 HIGH

Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions …

Oct 30, 2025
CVE-2025-8850
8.8 HIGH

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without …

Oct 30, 2025
CVE-2025-63423
7.5 HIGH

Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 was discovered to store the Administrator password.

Oct 30, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.