CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-61553
8.2 HIGH

An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial …

Oct 16, 2025
CVE-2025-11493
8.8 HIGH

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a …

Oct 16, 2025
CVE-2025-62409
7.5 HIGH

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP …

Oct 16, 2025
CVE-2025-34519
7.5 HIGH

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying …

Oct 16, 2025
CVE-2025-34518
7.5 HIGH

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia …

Oct 16, 2025
CVE-2025-34517
7.5 HIGH

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia …

Oct 16, 2025
CVE-2025-34514
8.8 HIGH

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an …

Oct 16, 2025
CVE-2025-36128
7.5 HIGH

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout …

Oct 16, 2025
CVE-2025-62496
8.8 HIGH

A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large …

Oct 16, 2025
CVE-2025-62495
8.8 HIGH

An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular …

Oct 16, 2025
CVE-2025-62494
8.8 HIGH

A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the …

Oct 16, 2025
CVE-2025-62491
8.8 HIGH

A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list). * The function …

Oct 16, 2025
CVE-2025-62490
8.8 HIGH

In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a …

Oct 16, 2025
CVE-2024-56143
8.2 HIGH

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not …

Oct 16, 2025
CVE-2025-61543
7.1 HIGH

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent …

Oct 16, 2025
CVE-2025-61541
7.1 HIGH

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the …

Oct 16, 2025
CVE-2025-61536
8.2 HIGH

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` …

Oct 16, 2025
CVE-2025-41253
7.5 HIGH

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An …

Oct 16, 2025
CVE-2025-22381
8.2 HIGH

Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user's password.

Oct 16, 2025
CVE-2025-54658
7.8 HIGH

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 …

Oct 16, 2025
CVE-2025-61581
7.5 HIGH

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access …

Oct 16, 2025
CVE-2025-58075
8.1 HIGH

Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the …

Oct 16, 2025
CVE-2025-58073
8.1 HIGH

Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the …

Oct 16, 2025
CVE-2025-41020
7.5 HIGH

Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' …

Oct 16, 2025
CVE-2025-62585
7.5 HIGH

Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.

Oct 16, 2025
CVE-2025-62584
7.5 HIGH

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.

Oct 16, 2025
CVE-2025-10706
8.8 HIGH

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions …

Oct 16, 2025
CVE-2025-58778
7.2 HIGH

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. …

Oct 16, 2025
CVE-2025-62580
7.8 HIGH

ASDA-Soft Stack-based Buffer Overflow Vulnerability

Oct 16, 2025
CVE-2025-62579
7.8 HIGH

ASDA-Soft Stack-based Buffer Overflow Vulnerability

Oct 16, 2025
CVE-2025-43281
7.8 HIGH

The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.

Oct 15, 2025
CVE-2025-11619
8.8 HIGH

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.

Oct 15, 2025
CVE-2025-62382
7.7 HIGH

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator …

Oct 15, 2025
CVE-2025-62371
7.4 HIGH

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data …

Oct 15, 2025
CVE-2025-20350
7.5 HIGH

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running …

Oct 15, 2025
CVE-2025-62370
7.5 HIGH

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData …

Oct 15, 2025
CVE-2025-61990
7.5 HIGH

When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which …

Oct 15, 2025
CVE-2025-61935
7.5 HIGH

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. …

Oct 15, 2025
CVE-2025-58071
7.5 HIGH

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached …

Oct 15, 2025
CVE-2025-57780
8.8 HIGH

A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may …

Oct 15, 2025
CVE-2025-8486
7.8 HIGH

A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.

Oct 15, 2025
CVE-2025-10581
7.8 HIGH

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to …

Oct 15, 2025
CVE-2025-61974
7.5 HIGH

When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which …

Oct 15, 2025
CVE-2025-61960
7.5 HIGH

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. …

Oct 15, 2025
CVE-2025-61958
8.7 HIGH

A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and …

Oct 15, 2025
CVE-2025-61955
8.8 HIGH

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may …

Oct 15, 2025
CVE-2025-61951
7.5 HIGH

Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server …

Oct 15, 2025
CVE-2025-61938
7.5 HIGH

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection …

Oct 15, 2025
CVE-2025-60016
7.5 HIGH

When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is …

Oct 15, 2025
CVE-2025-59781
7.5 HIGH

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. …

Oct 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.