CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23280
7.0 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code …

Oct 10, 2025
CVE-2025-60305
8.8 HIGH

SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge …

Oct 10, 2025
CVE-2025-59530
7.5 HIGH

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause …

Oct 10, 2025
CVE-2025-60869
7.3 HIGH

Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An …

Oct 10, 2025
CVE-2025-60378
8.1 HIGH

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in …

Oct 10, 2025
CVE-2025-61864
7.8 HIGH

A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's …

Oct 10, 2025
CVE-2025-61863
7.8 HIGH

An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61862
7.8 HIGH

An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61861
7.8 HIGH

An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61860
7.8 HIGH

An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61859
7.8 HIGH

An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61858
7.8 HIGH

An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61857
7.8 HIGH

An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal …

Oct 10, 2025
CVE-2025-61856
7.8 HIGH

A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's …

Oct 10, 2025
CVE-2025-11189
7.3 HIGH

The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.

Oct 10, 2025
CVE-2025-11188
7.3 HIGH

The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding …

Oct 10, 2025
CVE-2025-52650
8.2 HIGH

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

Oct 10, 2025
CVE-2025-30001
7.3 HIGH

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which …

Oct 10, 2025
CVE-2025-25018
8.7 HIGH

Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)

Oct 10, 2025
CVE-2025-25017
8.2 HIGH

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)

Oct 10, 2025
CVE-2025-21064
8.8 HIGH

Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.

Oct 10, 2025
CVE-2025-21062
7.8 HIGH

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction …

Oct 10, 2025
CVE-2025-21061
7.1 HIGH

Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering …

Oct 10, 2025
CVE-2025-21058
7.3 HIGH

Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code …

Oct 10, 2025
CVE-2025-21050
7.1 HIGH

Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.

Oct 10, 2025
CVE-2025-61773
8.1 HIGH

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both …

Oct 9, 2025
CVE-2025-61602
7.5 HIGH

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for …

Oct 9, 2025
CVE-2025-61601
7.5 HIGH

BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash …

Oct 9, 2025
CVE-2025-60375
7.3 HIGH

The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password …

Oct 9, 2025
CVE-2025-59271
8.7 HIGH

Redis Enterprise Elevation of Privilege Vulnerability

Oct 9, 2025
CVE-2025-59247
8.8 HIGH

Azure PlayFab Elevation of Privilege Vulnerability

Oct 9, 2025
CVE-2025-35055
8.8 HIGH

Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can …

Oct 9, 2025
CVE-2025-11558
7.3 HIGH

A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results …

Oct 9, 2025
CVE-2025-11557
7.3 HIGH

A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of …

Oct 9, 2025
CVE-2025-11556
7.3 HIGH

A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument …

Oct 9, 2025
CVE-2025-11555
7.3 HIGH

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument …

Oct 9, 2025
CVE-2025-59146
8.5 HIGH

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in …

Oct 9, 2025
CVE-2025-55200
7.1 HIGH

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting (XSS) vulnerability with the input …

Oct 9, 2025
CVE-2025-4615
7.2 HIGH

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions …

Oct 9, 2025
CVE-2025-11573
7.5 HIGH

An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text …

Oct 9, 2025
CVE-2025-60004
7.5 HIGH

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows …

Oct 9, 2025
CVE-2025-11549
8.8 HIGH

A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request …

Oct 9, 2025
CVE-2025-11371
7.5 HIGH KEV

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system …

Oct 9, 2025
CVE-2025-61577
7.5 HIGH

D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial …

Oct 9, 2025
CVE-2025-59975
7.5 HIGH

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound …

Oct 9, 2025
CVE-2025-59974
8.4 HIGH

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into …

Oct 9, 2025
CVE-2025-59968
8.6 HIGH

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web …

Oct 9, 2025
CVE-2025-59964
7.5 HIGH

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker …

Oct 9, 2025
CVE-2025-11198
7.4 HIGH

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with …

Oct 9, 2025
CVE-2025-45095
7.3 HIGH

Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with …

Oct 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.