CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48093
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calvaweb Password only login password-only-login allows Reflected XSS.This issue affects Password only login: …

Oct 22, 2025
CVE-2025-48092
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: …

Oct 22, 2025
CVE-2025-48091
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a …

Oct 22, 2025
CVE-2025-48082
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.

Oct 22, 2025
CVE-2025-39534
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Somonator Terms Dictionary terms-dictionary allows Reflected XSS.This issue affects Terms Dictionary: from n/a …

Oct 22, 2025
CVE-2025-32657
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP …

Oct 22, 2025
CVE-2025-32283
8.8 HIGH

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5.

Oct 22, 2025
CVE-2025-31634
8.8 HIGH

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5.

Oct 22, 2025
CVE-2025-30944
7.5 HIGH

Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through …

Oct 22, 2025
CVE-2025-11965
7.5 HIGH

In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, …

Oct 22, 2025
CVE-2025-61035
7.7 HIGH

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created …

Oct 22, 2025
CVE-2025-11086
8.1 HIGH

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and …

Oct 22, 2025
CVE-2025-41110
8.8 HIGH

Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's …

Oct 22, 2025
CVE-2025-41724
7.5 HIGH

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a …

Oct 22, 2025
CVE-2025-41722
7.5 HIGH

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software …

Oct 22, 2025
CVE-2025-41719
8.8 HIGH

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion …

Oct 22, 2025
CVE-2025-62775
8.0 HIGH

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.

Oct 22, 2025
CVE-2025-62771
7.5 HIGH

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.

Oct 22, 2025
CVE-2024-58274
8.3 HIGH

Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in …

Oct 22, 2025
CVE-2023-53691
8.3 HIGH

Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and …

Oct 22, 2025
CVE-2025-61756
7.5 HIGH

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, …

Oct 21, 2025
CVE-2025-62641
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows …

Oct 21, 2025
CVE-2025-62590
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows …

Oct 21, 2025
CVE-2025-62589
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows …

Oct 21, 2025
CVE-2025-62588
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows …

Oct 21, 2025
CVE-2025-62587
8.2 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows …

Oct 21, 2025
CVE-2025-62290
7.2 HIGH

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable …

Oct 21, 2025
CVE-2025-61763
8.1 HIGH

Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network …

Oct 21, 2025
CVE-2025-61760
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability …

Oct 21, 2025
CVE-2025-61752
7.5 HIGH

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability …

Oct 21, 2025
CVE-2025-61751
8.1 HIGH

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 …

Oct 21, 2025
CVE-2025-53066
7.5 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are …

Oct 21, 2025
CVE-2025-53050
7.5 HIGH

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable …

Oct 21, 2025
CVE-2025-53049
8.4 HIGH

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. …

Oct 21, 2025
CVE-2025-53043
8.1 HIGH

Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows …

Oct 21, 2025
CVE-2025-53036
8.6 HIGH

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 …

Oct 21, 2025
CVE-2025-52079
8.8 HIGH

The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request …

Oct 21, 2025
CVE-2025-60507
8.9 HIGH

Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant …

Oct 21, 2025
CVE-2025-62518
8.1 HIGH

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to …

Oct 21, 2025
CVE-2025-60500
7.2 HIGH

QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload …

Oct 21, 2025
CVE-2025-61220
7.5 HIGH

The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information.

Oct 21, 2025
CVE-2025-60751
7.5 HIGH

GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.

Oct 21, 2025
CVE-2025-22166
7.5 HIGH

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a …

Oct 21, 2025
CVE-2025-60344
8.6 HIGH

A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path …

Oct 21, 2025
CVE-2025-11151
8.2 HIGH

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry …

Oct 21, 2025
CVE-2025-10020
8.5 HIGH

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

Oct 21, 2025
CVE-2025-9428
8.3 HIGH

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.

Oct 21, 2025
CVE-2025-10641
7.1 HIGH

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to …

Oct 21, 2025
CVE-2025-10639
8.8 HIGH

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with …

Oct 21, 2025
CVE-2025-11949
7.5 HIGH

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific …

Oct 21, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.