CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9902
7.5 HIGH

Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from …

Oct 13, 2025
CVE-2025-11675
7.2 HIGH

Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling …

Oct 13, 2025
CVE-2025-11673
7.2 HIGH

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.

Oct 13, 2025
CVE-2025-10558
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser …

Oct 13, 2025
CVE-2025-10557
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker …

Oct 13, 2025
CVE-2025-10556
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to …

Oct 13, 2025
CVE-2025-10552
8.7 HIGH

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser …

Oct 13, 2025
CVE-2025-0636
8.4 HIGH

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.

Oct 13, 2025
CVE-2025-11662
7.3 HIGH

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of …

Oct 13, 2025
CVE-2025-11661
7.3 HIGH

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack …

Oct 13, 2025
CVE-2025-11660
7.3 HIGH

A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. …

Oct 13, 2025
CVE-2025-11659
7.3 HIGH

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. …

Oct 13, 2025
CVE-2025-11658
7.3 HIGH

A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the …

Oct 13, 2025
CVE-2025-11657
7.3 HIGH

A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation …

Oct 13, 2025
CVE-2025-11656
7.3 HIGH

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of …

Oct 13, 2025
CVE-2025-36087
8.1 HIGH

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such …

Oct 13, 2025
CVE-2025-11654
7.3 HIGH

A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function of the file /log.php. Such …

Oct 13, 2025
CVE-2025-11653
8.8 HIGH

A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument …

Oct 13, 2025
CVE-2025-11652
8.8 HIGH

A vulnerability was found in UTT 进取 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulation of the …

Oct 13, 2025
CVE-2025-11651
8.8 HIGH

A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of …

Oct 13, 2025
CVE-2025-11649
7.0 HIGH

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing …

Oct 12, 2025
CVE-2025-61884
7.5 HIGH KEV

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated …

Oct 12, 2025
CVE-2025-11615
7.3 HIGH

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of …

Oct 11, 2025
CVE-2025-11614
7.3 HIGH

A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation …

Oct 11, 2025
CVE-2025-11608
7.3 HIGH

A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter …

Oct 11, 2025
CVE-2025-11604
7.3 HIGH

A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the …

Oct 11, 2025
CVE-2025-11601
7.3 HIGH

A vulnerability was detected in SourceCodester Online Student Result System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing manipulation …

Oct 11, 2025
CVE-2025-11599
7.3 HIGH

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of …

Oct 11, 2025
CVE-2025-8593
8.8 HIGH

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to …

Oct 11, 2025
CVE-2025-11596
7.3 HIGH

A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument …

Oct 11, 2025
CVE-2025-58299
8.4 HIGH

Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability.

Oct 11, 2025
CVE-2025-58298
7.3 HIGH

Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability.

Oct 11, 2025
CVE-2025-58287
7.8 HIGH

Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.

Oct 11, 2025
CVE-2025-31718
7.5 HIGH

In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution …

Oct 11, 2025
CVE-2025-31717
7.5 HIGH

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution …

Oct 11, 2025
CVE-2025-8093
8.8 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.

Oct 10, 2025
CVE-2025-62162
7.5 HIGH

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can …

Oct 10, 2025
CVE-2025-11586
8.8 HIGH

A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based …

Oct 10, 2025
CVE-2025-11585
7.3 HIGH

A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the …

Oct 10, 2025
CVE-2025-11584
7.3 HIGH

A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation …

Oct 10, 2025
CVE-2025-61930
8.1 HIGH

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change …

Oct 10, 2025
CVE-2025-61921
7.5 HIGH

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the …

Oct 10, 2025
CVE-2025-61920
7.5 HIGH

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature …

Oct 10, 2025
CVE-2025-61919
7.5 HIGH

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: …

Oct 10, 2025
CVE-2025-55903
8.3 HIGH

A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate …

Oct 10, 2025
CVE-2025-11583
7.3 HIGH

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the …

Oct 10, 2025
CVE-2025-11582
7.3 HIGH

A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the …

Oct 10, 2025
CVE-2025-60880
8.3 HIGH

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing …

Oct 10, 2025
CVE-2025-23309
8.2 HIGH

NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and …

Oct 10, 2025
CVE-2025-23282
7.0 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit …

Oct 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.