CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-59778
7.5 HIGH

When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate. Note: Software versions …

Oct 15, 2025
CVE-2025-59481
8.7 HIGH

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator …

Oct 15, 2025
CVE-2025-59478
7.5 HIGH

When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to …

Oct 15, 2025
CVE-2025-58120
7.5 HIGH

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical …

Oct 15, 2025
CVE-2025-58096
7.5 HIGH

When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to …

Oct 15, 2025
CVE-2025-55669
7.5 HIGH

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the …

Oct 15, 2025
CVE-2025-55036
7.5 HIGH

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory …

Oct 15, 2025
CVE-2025-54858
7.5 HIGH

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the …

Oct 15, 2025
CVE-2025-54854
7.5 HIGH

When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process …

Oct 15, 2025
CVE-2025-54479
7.5 HIGH

When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) …

Oct 15, 2025
CVE-2025-53868
8.7 HIGH

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using …

Oct 15, 2025
CVE-2025-53856
7.5 HIGH

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed …

Oct 15, 2025
CVE-2025-53474
7.5 HIGH

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: …

Oct 15, 2025
CVE-2025-48008
7.5 HIGH

When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can …

Oct 15, 2025
CVE-2025-46706
7.5 HIGH

When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software …

Oct 15, 2025
CVE-2025-41430
7.5 HIGH

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of …

Oct 15, 2025
CVE-2025-11722
7.5 HIGH

The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via …

Oct 15, 2025
CVE-2025-11177
7.5 HIGH

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to …

Oct 15, 2025
CVE-2025-10754
7.2 HIGH

The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in …

Oct 15, 2025
CVE-2025-10743
7.5 HIGH

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient …

Oct 15, 2025
CVE-2025-10313
7.2 HIGH

The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing …

Oct 15, 2025
CVE-2025-10299
8.8 HIGH

The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_create_link …

Oct 15, 2025
CVE-2025-10293
8.8 HIGH

The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …

Oct 15, 2025
CVE-2025-10051
7.2 HIGH

The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and …

Oct 15, 2025
CVE-2025-61941
7.2 HIGH

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in …

Oct 15, 2025
CVE-2025-39967
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size …

Oct 15, 2025
CVE-2025-39966
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, …

Oct 15, 2025
CVE-2025-11501
7.5 HIGH

The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including, 1.1 due …

Oct 15, 2025
CVE-2025-6042
7.3 HIGH

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up …

Oct 15, 2025
CVE-2025-55080
7.1 HIGH

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.

Oct 15, 2025
CVE-2025-26861
7.8 HIGH

RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the …

Oct 15, 2025
CVE-2025-26860
7.8 HIGH

RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the …

Oct 15, 2025
CVE-2025-26859
7.8 HIGH

RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder …

Oct 15, 2025
CVE-2025-11746
8.8 HIGH

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it …

Oct 15, 2025
CVE-2025-54268
7.8 HIGH

Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Oct 15, 2025
CVE-2025-61804
7.8 HIGH

Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Oct 15, 2025
CVE-2025-54279
7.8 HIGH

Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of …

Oct 15, 2025
CVE-2025-49552
8.1 HIGH

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute …

Oct 14, 2025
CVE-2025-54264
8.1 HIGH

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could …

Oct 14, 2025
CVE-2025-54263
8.1 HIGH

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability …

Oct 14, 2025
CVE-2025-61807
7.8 HIGH

Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

Oct 14, 2025
CVE-2025-61806
7.8 HIGH

Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read …

Oct 14, 2025
CVE-2025-61805
7.8 HIGH

Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read …

Oct 14, 2025
CVE-2025-61803
7.8 HIGH

Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

Oct 14, 2025
CVE-2025-61802
7.8 HIGH

Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Oct 14, 2025
CVE-2025-61801
7.8 HIGH

Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the …

Oct 14, 2025
CVE-2025-61800
7.8 HIGH

Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of …

Oct 14, 2025
CVE-2025-61799
7.8 HIGH

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the …

Oct 14, 2025
CVE-2025-61798
7.8 HIGH

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the …

Oct 14, 2025
CVE-2025-54284
7.8 HIGH

Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Oct 14, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.