CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-58078
7.5 HIGH

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService …

Oct 23, 2025
CVE-2025-12100
7.8 HIGH

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.

Oct 23, 2025
CVE-2025-55067
7.1 HIGH

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January …

Oct 23, 2025
CVE-2025-54964
8.4 HIGH

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary …

Oct 23, 2025
CVE-2025-12044
7.5 HIGH

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a …

Oct 23, 2025
CVE-2025-6980
7.5 HIGH

Captive Portal can expose sensitive information

Oct 23, 2025
CVE-2025-6979
8.8 HIGH

Captive Portal can allow authentication bypass

Oct 23, 2025
CVE-2025-6978
7.2 HIGH

Diagnostics command injection vulnerability

Oct 23, 2025
CVE-2025-54808
7.8 HIGH

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on …

Oct 23, 2025
CVE-2025-23352
7.8 HIGH

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this …

Oct 23, 2025
CVE-2025-23347
7.8 HIGH

NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code …

Oct 23, 2025
CVE-2025-11621
8.1 HIGH

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across …

Oct 23, 2025
CVE-2025-62169
8.1 HIGH

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and …

Oct 23, 2025
CVE-2025-59048
8.1 HIGH

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation …

Oct 23, 2025
CVE-2025-50950
7.5 HIGH

Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.

Oct 23, 2025
CVE-2025-61136
7.1 HIGH

A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover …

Oct 23, 2025
CVE-2025-61132
7.1 HIGH

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover …

Oct 23, 2025
CVE-2025-62399
7.5 HIGH

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.

Oct 23, 2025
CVE-2025-12105
7.5 HIGH

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. …

Oct 23, 2025
CVE-2025-10914
7.6 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected …

Oct 23, 2025
CVE-2025-11575
7.8 HIGH

Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through …

Oct 23, 2025
CVE-2025-62708
7.5 HIGH

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads …

Oct 22, 2025
CVE-2025-62707
7.5 HIGH

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads …

Oct 22, 2025
CVE-2025-62617
7.2 HIGH

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of …

Oct 22, 2025
CVE-2025-62610
8.1 HIGH

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does …

Oct 22, 2025
CVE-2025-62513
7.5 HIGH

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used …

Oct 22, 2025
CVE-2025-60343
7.5 HIGH

Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload …

Oct 22, 2025
CVE-2025-60342
7.5 HIGH

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the addressNat function. This vulnerability allows attackers to cause …

Oct 22, 2025
CVE-2025-60341
7.5 HIGH

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause …

Oct 22, 2025
CVE-2025-60340
7.5 HIGH

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload …

Oct 22, 2025
CVE-2025-60339
7.5 HIGH

Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted …

Oct 22, 2025
CVE-2025-60337
7.5 HIGH

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause …

Oct 22, 2025
CVE-2025-60336
7.5 HIGH

A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP …

Oct 22, 2025
CVE-2025-11957
8.4 HIGH

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access …

Oct 22, 2025
CVE-2025-8677
7.5 HIGH

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 …

Oct 22, 2025
CVE-2025-60338
7.5 HIGH

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause …

Oct 22, 2025
CVE-2025-60335
7.5 HIGH

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP …

Oct 22, 2025
CVE-2025-60334
7.5 HIGH

TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a …

Oct 22, 2025
CVE-2025-60333
7.5 HIGH

TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a …

Oct 22, 2025
CVE-2025-40780
8.6 HIGH

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict …

Oct 22, 2025
CVE-2025-40778
8.6 HIGH

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects …

Oct 22, 2025
CVE-2025-62606
8.8 HIGH

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated …

Oct 22, 2025
CVE-2025-62604
7.5 HIGH

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated …

Oct 22, 2025
CVE-2025-62526
7.9 HIGH

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing …

Oct 22, 2025
CVE-2025-62525
7.9 HIGH

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the …

Oct 22, 2025
CVE-2025-62054
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez …

Oct 22, 2025
CVE-2025-62029
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themesion Grevo grevo.This issue affects Grevo: from n/a through …

Oct 22, 2025
CVE-2025-62022
7.5 HIGH

Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.

Oct 22, 2025
CVE-2025-62020
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= …

Oct 22, 2025
CVE-2025-62015
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced …

Oct 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.