CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-64352
2.7 LOW

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from …

Oct 31, 2025
CVE-2025-64350
3.8 LOW

Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from …

Oct 31, 2025
CVE-2025-23050
3.1 LOW

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, …

Oct 31, 2025
CVE-2025-10636
3.5 LOW

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users …

Oct 30, 2025
CVE-2025-10931
3.8 LOW

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 …

Oct 30, 2025
CVE-2025-11203
3.5 LOW

LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to …

Oct 29, 2025
CVE-2025-56558
3.0 LOW

The Dyson MQTT server (2022 and possibly later) allows publications and subscriptions by a client that has the correct values of AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and …

Oct 29, 2025
CVE-2025-62794
3.8 LOW

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token …

Oct 28, 2025
CVE-2025-10939
3.7 LOW

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a …

Oct 28, 2025
CVE-2025-12332
2.4 LOW

A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead …

Oct 28, 2025
CVE-2025-12330
2.4 LOW

A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component …

Oct 27, 2025
CVE-2025-12312
2.4 LOW

A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the …

Oct 27, 2025
CVE-2025-12311
2.4 LOW

A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the …

Oct 27, 2025
CVE-2025-12303
2.4 LOW

A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing a …

Oct 27, 2025
CVE-2025-12282
2.4 LOW

A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to …

Oct 27, 2025
CVE-2025-12281
2.4 LOW

A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross …

Oct 27, 2025
CVE-2025-12280
2.4 LOW

A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross …

Oct 27, 2025
CVE-2025-12279
2.4 LOW

A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross …

Oct 27, 2025
CVE-2025-11248
3.2 LOW

ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could …

Oct 27, 2025
CVE-2025-12269
3.5 LOW

A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting …

Oct 27, 2025
CVE-2025-12264
3.5 LOW

A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the …

Oct 27, 2025
CVE-2025-12251
3.5 LOW

A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross …

Oct 27, 2025
CVE-2025-12231
2.4 LOW

A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense …

Oct 27, 2025
CVE-2025-12230
2.4 LOW

A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. …

Oct 27, 2025
CVE-2025-12229
2.4 LOW

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles …

Oct 27, 2025
CVE-2025-12228
2.4 LOW

A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users …

Oct 27, 2025
CVE-2025-12227
3.5 LOW

A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation …

Oct 27, 2025
CVE-2025-12224
3.5 LOW

A flaw has been found in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument …

Oct 27, 2025
CVE-2025-12207
3.3 LOW

A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation …

Oct 27, 2025
CVE-2025-12206
3.3 LOW

A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. …

Oct 27, 2025
CVE-2025-6601
2.7 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have …

Oct 27, 2025
CVE-2025-11989
3.7 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have …

Oct 27, 2025
CVE-2025-11888
2.7 LOW

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an …

Oct 25, 2025
CVE-2025-11244
3.7 LOW

The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is …

Oct 25, 2025
CVE-2025-62711
3.1 LOW

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug …

Oct 24, 2025
CVE-2025-10723
2.7 LOW

The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to …

Oct 24, 2025
CVE-2025-41721
2.7 LOW

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password …

Oct 22, 2025
CVE-2025-62774
3.1 LOW

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.

Oct 22, 2025
CVE-2025-62773
2.4 LOW

Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator.

Oct 22, 2025
CVE-2025-62772
3.1 LOW

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.

Oct 22, 2025
CVE-2025-62480
2.7 LOW

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable …

Oct 21, 2025
CVE-2025-62479
2.7 LOW

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable …

Oct 21, 2025
CVE-2025-61755
3.7 LOW

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 …

Oct 21, 2025
CVE-2025-61749
2.7 LOW

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having …

Oct 21, 2025
CVE-2025-61748
3.7 LOW

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are …

Oct 21, 2025
CVE-2025-53051
2.7 LOW

Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker …

Oct 21, 2025
CVE-2022-4981
3.3 LOW

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The …

Oct 21, 2025
CVE-2025-5496
3.3 LOW

ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.

Oct 21, 2025
CVE-2025-57837
2.9 LOW

Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

Oct 20, 2025
CVE-2025-11946
3.5 LOW

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the …

Oct 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.