CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-34312
8.8 HIGH

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' …

Oct 28, 2025
CVE-2025-34311
8.8 HIGH

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user …

Oct 28, 2025
CVE-2025-53855
7.8 HIGH

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to …

Oct 28, 2025
CVE-2025-53814
7.8 HIGH

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based …

Oct 28, 2025
CVE-2025-40082
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size …

Oct 28, 2025
CVE-2025-12378
7.3 HIGH

A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation …

Oct 28, 2025
CVE-2025-11735
7.5 HIGH

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up …

Oct 28, 2025
CVE-2025-62777
8.8 HIGH

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to …

Oct 28, 2025
CVE-2025-12342
7.3 HIGH

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php …

Oct 28, 2025
CVE-2025-12341
7.8 HIGH

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image …

Oct 28, 2025
CVE-2025-12339
7.3 HIGH

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The …

Oct 28, 2025
CVE-2025-12338
7.3 HIGH

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing a manipulation …

Oct 28, 2025
CVE-2025-12337
7.3 HIGH

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing a …

Oct 28, 2025
CVE-2025-12336
7.3 HIGH

A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such …

Oct 28, 2025
CVE-2025-43024
7.5 HIGH

A GUI dialog of an application allows to view what files are in the file system without proper authorization.

Oct 28, 2025
CVE-2025-62260
7.5 HIGH

Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions …

Oct 27, 2025
CVE-2025-12326
7.3 HIGH

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request …

Oct 27, 2025
CVE-2025-12325
7.3 HIGH

A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the …

Oct 27, 2025
CVE-2025-12322
8.8 HIGH

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of …

Oct 27, 2025
CVE-2025-12316
7.3 HIGH

A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName …

Oct 27, 2025
CVE-2025-61105
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 27, 2025
CVE-2025-61102
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 27, 2025
CVE-2025-61101
7.5 HIGH

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause …

Oct 27, 2025
CVE-2025-59151
8.2 HIGH

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable …

Oct 27, 2025
CVE-2025-61100
7.5 HIGH

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause …

Oct 27, 2025
CVE-2025-61099
7.5 HIGH

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause …

Oct 27, 2025
CVE-2025-36007
7.8 HIGH

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update …

Oct 27, 2025
CVE-2025-12309
7.3 HIGH

A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the …

Oct 27, 2025
CVE-2025-12308
7.3 HIGH

A security flaw has been discovered in code-projects Nero Social Networking Site 1.0. Affected by this issue is some unknown functionality of the file /deletemessage.php. …

Oct 27, 2025
CVE-2025-12307
7.3 HIGH

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation …

Oct 27, 2025
CVE-2025-12306
7.3 HIGH

A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument …

Oct 27, 2025
CVE-2025-55752
7.5 HIGH

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. …

Oct 27, 2025
CVE-2025-12363
7.5 HIGH

Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Oct 27, 2025
CVE-2025-12301
7.3 HIGH

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of …

Oct 27, 2025
CVE-2025-54968
8.8 HIGH

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow …

Oct 27, 2025
CVE-2025-27225
7.5 HIGH

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.

Oct 27, 2025
CVE-2025-27223
7.5 HIGH

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key …

Oct 27, 2025
CVE-2025-27222
8.6 HIGH

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path …

Oct 27, 2025
CVE-2025-61247
8.2 HIGH

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php.

Oct 27, 2025
CVE-2025-60425
8.6 HIGH

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session …

Oct 27, 2025
CVE-2025-60424
7.6 HIGH

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.

Oct 27, 2025
CVE-2025-12293
7.3 HIGH

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument …

Oct 27, 2025
CVE-2025-12292
7.3 HIGH

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username …

Oct 27, 2025
CVE-2023-49440
8.8 HIGH

AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."

Oct 27, 2025
CVE-2025-61482
7.2 HIGH

Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By …

Oct 27, 2025
CVE-2025-52268
7.5 HIGH

StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens.

Oct 27, 2025
CVE-2025-52264
8.0 HIGH

StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a stack overflow via the cgiMain function at download.cgi.

Oct 27, 2025
CVE-2025-52263
8.0 HIGH

An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to …

Oct 27, 2025
CVE-2025-12286
7.0 HIGH

A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. …

Oct 27, 2025
CVE-2025-41068
7.5 HIGH

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved …

Oct 27, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.