CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-11945
3.5 LOW

A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads …

Oct 19, 2025
CVE-2025-62643
3.4 LOW

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.

Oct 17, 2025
CVE-2025-62505
3.0 LOW

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.search.crawlPages tRPC endpoint. …

Oct 17, 2025
CVE-2025-60361
3.3 LOW

radare2 v5.9.8 and before contains a memory leak in the function bochs_open.

Oct 17, 2025
CVE-2025-62412
3.8 LOW

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can …

Oct 16, 2025
CVE-2025-61924
3.8 LOW

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking …

Oct 16, 2025
CVE-2025-11851
3.5 LOW

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument …

Oct 16, 2025
CVE-2025-11840
3.3 LOW

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead …

Oct 16, 2025
CVE-2025-11839
3.3 LOW

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked …

Oct 16, 2025
CVE-2025-54499
3.1 LOW

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to …

Oct 16, 2025
CVE-2025-10545
3.1 LOW

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add …

Oct 16, 2025
CVE-2025-62379
3.1 LOW

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirect_to query …

Oct 15, 2025
CVE-2025-2529
2.9 LOW

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in …

Oct 15, 2025
CVE-2025-6026
3.1 LOW

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to …

Oct 15, 2025
CVE-2025-56746
2.2 LOW

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user …

Oct 15, 2025
CVE-2025-59294
2.1 LOW

Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.

Oct 14, 2025
CVE-2025-59284
3.3 LOW

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

Oct 14, 2025
CVE-2025-59280
3.1 LOW

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

Oct 14, 2025
CVE-2025-58903
2.7 LOW

An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null …

Oct 14, 2025
CVE-2025-47890
2.6 LOW

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 …

Oct 14, 2025
CVE-2025-31514
2.7 LOW

An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 …

Oct 14, 2025
CVE-2025-40773
3.5 LOW

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks …

Oct 14, 2025
CVE-2025-8594
3.8 LOW

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as …

Oct 14, 2025
CVE-2025-11731
3.1 LOW

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function …

Oct 14, 2025
CVE-2025-42909
3.0 LOW

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances …

Oct 14, 2025
CVE-2025-62178
3.5 LOW

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability …

Oct 13, 2025
CVE-2025-62174
3.5 LOW

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's …

Oct 13, 2025
CVE-2025-58084
3.5 LOW

Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has …

Oct 13, 2025
CVE-2025-39964
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg …

Oct 13, 2025
CVE-2025-31995
3.5 LOW

HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading …

Oct 13, 2025
CVE-2025-11650
1.8 LOW

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component …

Oct 12, 2025
CVE-2025-11647
3.1 LOW

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation …

Oct 12, 2025
CVE-2025-11645
2.4 LOW

A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication …

Oct 12, 2025
CVE-2025-11644
2.0 LOW

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. …

Oct 12, 2025
CVE-2025-11643
3.7 LOW

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img …

Oct 12, 2025
CVE-2025-11641
3.9 LOW

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes …

Oct 12, 2025
CVE-2025-11640
3.1 LOW

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results …

Oct 12, 2025
CVE-2025-11639
3.3 LOW

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the …

Oct 12, 2025
CVE-2025-2139
3.5 LOW

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due …

Oct 12, 2025
CVE-2025-2138
3.5 LOW

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due …

Oct 12, 2025
CVE-2025-11634
2.4 LOW

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation …

Oct 12, 2025
CVE-2025-11633
3.7 LOW

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the …

Oct 12, 2025
CVE-2025-52615
3.5 LOW

HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by …

Oct 12, 2025
CVE-2025-52614
3.5 LOW

HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding …

Oct 12, 2025
CVE-2025-31998
3.5 LOW

HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known …

Oct 12, 2025
CVE-2025-31993
3.5 LOW

HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted …

Oct 12, 2025
CVE-2025-11609
3.7 LOW

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument …

Oct 11, 2025
CVE-2025-8606
2.4 LOW

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due …

Oct 11, 2025
CVE-2025-58292
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

Oct 11, 2025
CVE-2025-58291
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

Oct 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.