CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-10924
7.8 HIGH

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User …

Oct 29, 2025
CVE-2025-10923
7.8 HIGH

GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User …

Oct 29, 2025
CVE-2025-10922
7.8 HIGH

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. …

Oct 29, 2025
CVE-2025-10921
7.8 HIGH

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. …

Oct 29, 2025
CVE-2025-10920
7.8 HIGH

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User …

Oct 29, 2025
CVE-2025-64104
7.3 HIGH

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store …

Oct 29, 2025
CVE-2025-64101
8.1 HIGH

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded …

Oct 29, 2025
CVE-2025-57227
7.8 HIGH

An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent …

Oct 29, 2025
CVE-2025-11232
7.5 HIGH

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be …

Oct 29, 2025
CVE-2025-62792
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when …

Oct 29, 2025
CVE-2025-62791
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return …

Oct 29, 2025
CVE-2025-62790
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string …

Oct 29, 2025
CVE-2025-62789
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the …

Oct 29, 2025
CVE-2025-62788
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) …

Oct 29, 2025
CVE-2025-62787
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt() when …

Oct 29, 2025
CVE-2025-61234
7.5 HIGH

Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker …

Oct 29, 2025
CVE-2025-60595
8.2 HIGH

SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.

Oct 29, 2025
CVE-2025-12479
8.8 HIGH

Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 29, 2025
CVE-2025-62786
8.1 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decode_win_permissions, resulting in writing …

Oct 29, 2025
CVE-2025-62785
7.5 HIGH

Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or …

Oct 29, 2025
CVE-2025-61429
8.8 HIGH

An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request.

Oct 29, 2025
CVE-2025-61156
7.8 HIGH

Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL.

Oct 29, 2025
CVE-2025-10932
8.2 HIGH

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before …

Oct 29, 2025
CVE-2025-64140
8.8 HIGH

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute …

Oct 29, 2025
CVE-2025-64134
7.1 HIGH

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external …

Oct 29, 2025
CVE-2025-64131
7.5 HIGH

Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a …

Oct 29, 2025
CVE-2025-61161
8.4 HIGH

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers …

Oct 29, 2025
CVE-2025-64284
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File …

Oct 29, 2025
CVE-2025-64216
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue …

Oct 29, 2025
CVE-2025-64195
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue …

Oct 29, 2025
CVE-2025-60075
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from …

Oct 29, 2025
CVE-2025-11702
8.5 HIGH

GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed …

Oct 29, 2025
CVE-2025-62776
7.8 HIGH

The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. …

Oct 29, 2025
CVE-2025-62801
7.8 HIGH

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field …

Oct 28, 2025
CVE-2025-62727
7.5 HIGH

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range …

Oct 28, 2025
CVE-2025-59837
7.2 HIGH

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed …

Oct 28, 2025
CVE-2025-12425
7.8 HIGH

Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 28, 2025
CVE-2025-12423
7.5 HIGH

Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Oct 28, 2025
CVE-2025-60805
7.5 HIGH

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.

Oct 28, 2025
CVE-2025-60800
7.5 HIGH

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.

Oct 28, 2025
CVE-2025-60354
7.5 HIGH

Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.

Oct 28, 2025
CVE-2025-54605
7.5 HIGH

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

Oct 28, 2025
CVE-2025-54604
7.5 HIGH

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).

Oct 28, 2025
CVE-2025-60858
7.5 HIGH

Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive …

Oct 28, 2025
CVE-2025-60349
7.5 HIGH

An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any …

Oct 28, 2025
CVE-2025-56399
8.8 HIGH

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` …

Oct 28, 2025
CVE-2025-61107
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 28, 2025
CVE-2025-61106
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 28, 2025
CVE-2025-61104
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 28, 2025
CVE-2025-61103
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 28, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.