CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9133
8.1 HIGH

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX …

Oct 21, 2025
CVE-2025-8078
7.2 HIGH

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG …

Oct 21, 2025
CVE-2025-7850
7.2 HIGH

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

Oct 21, 2025
CVE-2025-6541
8.8 HIGH

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

Oct 21, 2025
CVE-2025-61301
7.5 HIGH

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports …

Oct 20, 2025
CVE-2025-8052
8.8 HIGH

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways …

Oct 20, 2025
CVE-2025-8049
8.8 HIGH

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to …

Oct 20, 2025
CVE-2025-62527
7.1 HIGH

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker …

Oct 20, 2025
CVE-2025-61488
7.6 HIGH

An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the …

Oct 20, 2025
CVE-2025-62510
8.1 HIGH

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred …

Oct 20, 2025
CVE-2025-62509
8.1 HIGH

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder …

Oct 20, 2025
CVE-2025-47902
8.8 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider …

Oct 20, 2025
CVE-2025-47901
8.8 HIGH

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects …

Oct 20, 2025
CVE-2025-47900
8.8 HIGH

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects …

Oct 20, 2025
CVE-2025-3465
7.1 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; …

Oct 20, 2025
CVE-2025-62429
7.2 HIGH

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, …

Oct 20, 2025
CVE-2025-26782
7.5 HIGH

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, …

Oct 20, 2025
CVE-2025-26781
7.5 HIGH

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, …

Oct 20, 2025
CVE-2024-55568
7.5 HIGH

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, …

Oct 20, 2025
CVE-2025-61417
8.8 HIGH

Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator …

Oct 20, 2025
CVE-2025-57738
7.2 HIGH

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java …

Oct 20, 2025
CVE-2025-41390
7.8 HIGH

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary …

Oct 20, 2025
CVE-2025-56224
8.1 HIGH

A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.

Oct 20, 2025
CVE-2025-56223
7.5 HIGH

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive …

Oct 20, 2025
CVE-2025-56219
7.1 HIGH

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and …

Oct 20, 2025
CVE-2025-62577
8.8 HIGH

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database …

Oct 20, 2025
CVE-2025-11943
7.3 HIGH

A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. …

Oct 19, 2025
CVE-2025-11942
7.3 HIGH

A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to …

Oct 19, 2025
CVE-2025-11940
7.0 HIGH

A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component …

Oct 19, 2025
CVE-2025-47410
8.8 HIGH

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked …

Oct 18, 2025
CVE-2025-9890
8.8 HIGH

The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing …

Oct 18, 2025
CVE-2025-5555
7.8 HIGH

A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the …

Oct 18, 2025
CVE-2025-11691
7.5 HIGH

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions …

Oct 18, 2025
CVE-2025-11517
7.5 HIGH

The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to …

Oct 18, 2025
CVE-2020-36853
7.2 HIGH

The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient …

Oct 18, 2025
CVE-2025-62650
8.3 HIGH

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.

Oct 17, 2025
CVE-2025-62422
8.8 HIGH

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker …

Oct 17, 2025
CVE-2025-62420
8.8 HIGH

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. …

Oct 17, 2025
CVE-2025-62419
7.5 HIGH

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data …

Oct 17, 2025
CVE-2025-62356
7.5 HIGH

A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside …

Oct 17, 2025
CVE-2025-59043
7.5 HIGH

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than …

Oct 17, 2025
CVE-2025-55085
7.5 HIGH

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was …

Oct 17, 2025
CVE-2025-55094
7.5 HIGH

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when …

Oct 17, 2025
CVE-2025-55087
7.5 HIGH

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted …

Oct 17, 2025
CVE-2025-11899
8.1 HIGH

Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, …

Oct 17, 2025
CVE-2025-11898
7.5 HIGH

Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Oct 17, 2025
CVE-2025-62506
8.1 HIGH

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) …

Oct 16, 2025
CVE-2025-11864
7.3 HIGH

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound …

Oct 16, 2025
CVE-2025-62425
8.3 HIGH

MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 …

Oct 16, 2025
CVE-2025-62417
7.8 HIGH

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) …

Oct 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.