CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-10243
7.2 HIGH

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to …

Oct 14, 2025
CVE-2025-10242
7.2 HIGH

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to …

Oct 14, 2025
CVE-2025-47856
7.2 HIGH

Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and …

Oct 14, 2025
CVE-2025-33044
7.8 HIGH

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local …

Oct 14, 2025
CVE-2025-22833
7.3 HIGH

APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of …

Oct 14, 2025
CVE-2025-22832
7.8 HIGH

APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data …

Oct 14, 2025
CVE-2025-22831
7.8 HIGH

APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data …

Oct 14, 2025
CVE-2025-9068
7.8 HIGH

A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows …

Oct 14, 2025
CVE-2025-9067
7.8 HIGH

A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair …

Oct 14, 2025
CVE-2025-11720
8.1 HIGH

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied …

Oct 14, 2025
CVE-2025-11715
8.8 HIGH

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption …

Oct 14, 2025
CVE-2025-11714
8.8 HIGH

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence …

Oct 14, 2025
CVE-2025-11713
8.1 HIGH

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not …

Oct 14, 2025
CVE-2025-40812
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The …

Oct 14, 2025
CVE-2025-40811
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The …

Oct 14, 2025
CVE-2025-40810
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The …

Oct 14, 2025
CVE-2025-40809
7.8 HIGH

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The …

Oct 14, 2025
CVE-2025-40772
7.4 HIGH

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker …

Oct 14, 2025
CVE-2025-40755
8.8 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated …

Oct 14, 2025
CVE-2025-20723
7.8 HIGH

In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege …

Oct 14, 2025
CVE-2025-20721
7.8 HIGH

In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if …

Oct 14, 2025
CVE-2025-20720
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Oct 14, 2025
CVE-2025-20719
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Oct 14, 2025
CVE-2025-20718
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Oct 14, 2025
CVE-2025-20717
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Oct 14, 2025
CVE-2025-20716
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Oct 14, 2025
CVE-2025-20715
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Oct 14, 2025
CVE-2025-20714
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Oct 14, 2025
CVE-2025-20713
7.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of …

Oct 14, 2025
CVE-2025-20712
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Oct 14, 2025
CVE-2025-20711
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Oct 14, 2025
CVE-2025-20710
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of …

Oct 14, 2025
CVE-2025-20709
8.8 HIGH

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation …

Oct 14, 2025
CVE-2025-10228
8.8 HIGH

Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44.

Oct 14, 2025
CVE-2011-20002
7.4 HIGH

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.2), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS …

Oct 14, 2025
CVE-2011-20001
7.5 HIGH

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS …

Oct 14, 2025
CVE-2025-41718
7.5 HIGH

A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.

Oct 14, 2025
CVE-2025-41699
8.8 HIGH

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting …

Oct 14, 2025
CVE-2025-41703
7.5 HIGH

An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.

Oct 14, 2025
CVE-2025-59889
8.6 HIGH

Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the …

Oct 14, 2025
CVE-2025-62363
7.8 HIGH

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp …

Oct 13, 2025
CVE-2025-62360
8.8 HIGH

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in …

Oct 13, 2025
CVE-2025-62179
8.8 HIGH

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified …

Oct 13, 2025
CVE-2025-62177
8.8 HIGH

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified …

Oct 13, 2025
CVE-2025-9713
8.8 HIGH

Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Oct 13, 2025
CVE-2025-61688
8.6 HIGH

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API.

Oct 13, 2025
CVE-2025-11622
7.8 HIGH

Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.

Oct 13, 2025
CVE-2025-62170
7.5 HIGH

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An …

Oct 13, 2025
CVE-2025-7707
7.8 HIGH

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This …

Oct 13, 2025
CVE-2025-11695
8.0 HIGH

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5

Oct 13, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.