CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-61498
7.5 HIGH

A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Oct 30, 2025
CVE-2025-61141
7.5 HIGH

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to …

Oct 30, 2025
CVE-2025-3356
8.6 HIGH

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a …

Oct 30, 2025
CVE-2025-3355
7.5 HIGH

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a …

Oct 30, 2025
CVE-2025-63422
7.5 HIGH

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username …

Oct 30, 2025
CVE-2025-63298
8.2 HIGH

A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileges can leverage …

Oct 30, 2025
CVE-2025-36137
7.2 HIGH

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks …

Oct 30, 2025
CVE-2025-64112
8.0 HIGH

Statmatic is a Laravel and Git powered content management system (CMS). Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions …

Oct 30, 2025
CVE-2025-64096
8.8 HIGH

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Oct 30, 2025
CVE-2025-62795
7.1 HIGH

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can …

Oct 30, 2025
CVE-2025-62726
8.8 HIGH

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both …

Oct 30, 2025
CVE-2025-61196
8.8 HIGH

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter.

Oct 30, 2025
CVE-2025-61121
7.5 HIGH

Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service …

Oct 30, 2025
CVE-2025-61120
7.5 HIGH

AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in …

Oct 30, 2025
CVE-2025-61119
7.5 HIGH

Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details …

Oct 30, 2025
CVE-2025-61114
7.5 HIGH

2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. …

Oct 30, 2025
CVE-2025-61118
7.5 HIGH

mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, …

Oct 30, 2025
CVE-2025-61117
7.5 HIGH

Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl.senza), developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks …

Oct 30, 2025
CVE-2025-61116
7.5 HIGH

AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. …

Oct 30, 2025
CVE-2025-61115
7.5 HIGH

ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability …

Oct 30, 2025
CVE-2025-61113
7.5 HIGH

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as …

Oct 30, 2025
CVE-2025-46423
7.8 HIGH

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged …

Oct 30, 2025
CVE-2025-46422
7.8 HIGH

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged …

Oct 30, 2025
CVE-2025-43942
7.8 HIGH

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged …

Oct 30, 2025
CVE-2025-43941
7.2 HIGH

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged …

Oct 30, 2025
CVE-2025-43940
7.8 HIGH

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged …

Oct 30, 2025
CVE-2025-43939
7.8 HIGH

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged …

Oct 30, 2025
CVE-2025-39663
8.4 HIGH

Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. …

Oct 30, 2025
CVE-2025-54470
8.6 HIGH

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data …

Oct 30, 2025
CVE-2025-62230
7.3 HIGH

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without …

Oct 30, 2025
CVE-2025-62229
7.3 HIGH

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave …

Oct 30, 2025
CVE-2025-62231
7.3 HIGH

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned …

Oct 30, 2025
CVE-2025-9954
7.5 HIGH

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.

Oct 30, 2025
CVE-2025-12466
7.5 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) …

Oct 30, 2025
CVE-2025-12082
7.5 HIGH

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

Oct 30, 2025
CVE-2025-61725
7.5 HIGH

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

Oct 29, 2025
CVE-2025-61723
7.5 HIGH

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM …

Oct 29, 2025
CVE-2025-58188
7.5 HIGH

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. …

Oct 29, 2025
CVE-2025-58187
7.5 HIGH

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the …

Oct 29, 2025
CVE-2025-54546
7.5 HIGH

On affected platforms, restricted users could use SSH port forwarding to access host-internal services

Oct 29, 2025
CVE-2025-54545
7.8 HIGH

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.

Oct 29, 2025
CVE-2025-54459
7.5 HIGH

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live …

Oct 29, 2025
CVE-2025-9871
7.8 HIGH

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse …

Oct 29, 2025
CVE-2025-9870
7.8 HIGH

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. …

Oct 29, 2025
CVE-2025-9869
7.8 HIGH

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse …

Oct 29, 2025
CVE-2025-11465
7.8 HIGH

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. …

Oct 29, 2025
CVE-2025-11464
7.8 HIGH

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …

Oct 29, 2025
CVE-2025-11463
7.8 HIGH

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum …

Oct 29, 2025
CVE-2025-10934
7.8 HIGH

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. …

Oct 29, 2025
CVE-2025-10925
7.8 HIGH

GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. …

Oct 29, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.