CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-32919
7.8 HIGH

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 …

Oct 9, 2025
CVE-2025-62228
8.8 HIGH

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through …

Oct 9, 2025
CVE-2025-11561
8.8 HIGH

A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos …

Oct 9, 2025
CVE-2025-39963
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In io_link_skb function, there is a bug where …

Oct 9, 2025
CVE-2025-39962
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: …

Oct 9, 2025
CVE-2025-39960
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct …

Oct 9, 2025
CVE-2025-10240
8.8 HIGH

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker …

Oct 9, 2025
CVE-2025-10239
7.2 HIGH

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to …

Oct 9, 2025
CVE-2025-11340
7.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed …

Oct 9, 2025
CVE-2025-10004
7.5 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make …

Oct 9, 2025
CVE-2025-39958
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is …

Oct 9, 2025
CVE-2025-39957
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into …

Oct 9, 2025
CVE-2025-39955
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk …

Oct 9, 2025
CVE-2025-10862
7.5 HIGH

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, …

Oct 9, 2025
CVE-2025-6038
8.8 HIGH

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in …

Oct 9, 2025
CVE-2025-47355
7.8 HIGH

Memory corruption while invoking remote procedure IOCTL calls.

Oct 9, 2025
CVE-2025-47354
7.8 HIGH

Memory corruption while allocating buffers in DSP service.

Oct 9, 2025
CVE-2025-47351
7.8 HIGH

Memory corruption while processing user buffers.

Oct 9, 2025
CVE-2025-47349
7.8 HIGH

Memory corruption while processing an escape call.

Oct 9, 2025
CVE-2025-47347
7.8 HIGH

Memory corruption while processing control commands in the virtual memory management interface.

Oct 9, 2025
CVE-2025-47342
7.1 HIGH

Transient DOS may occur when multi-profile concurrency arises with QHS enabled.

Oct 9, 2025
CVE-2025-47341
7.8 HIGH

memory corruption while processing an image encoding completion event.

Oct 9, 2025
CVE-2025-47340
7.8 HIGH

Memory corruption while processing IOCTL call to get the mapping.

Oct 9, 2025
CVE-2025-47338
7.8 HIGH

Memory corruption while processing escape commands from userspace.

Oct 9, 2025
CVE-2025-27060
8.8 HIGH

Memory corruption while performing SCM call with malformed inputs.

Oct 9, 2025
CVE-2025-27059
8.8 HIGH

Memory corruption while performing SCM call.

Oct 9, 2025
CVE-2025-27054
7.8 HIGH

Memory corruption while processing a malformed license file during reboot.

Oct 9, 2025
CVE-2025-27053
7.8 HIGH

Memory corruption during PlayReady APP usecase while processing TA commands.

Oct 9, 2025
CVE-2025-27048
7.8 HIGH

Memory corruption while processing camera platform driver IOCTL calls.

Oct 9, 2025
CVE-2025-11529
7.3 HIGH

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. …

Oct 9, 2025
CVE-2025-11528
8.8 HIGH

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to …

Oct 9, 2025
CVE-2025-11527
8.8 HIGH

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument …

Oct 9, 2025
CVE-2025-11526
8.8 HIGH

A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument …

Oct 9, 2025
CVE-2025-11525
8.8 HIGH

A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads …

Oct 9, 2025
CVE-2025-11524
8.8 HIGH

A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn …

Oct 9, 2025
CVE-2025-10496
7.2 HIGH

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, …

Oct 9, 2025
CVE-2025-11513
7.3 HIGH

A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes …

Oct 9, 2025
CVE-2025-11507
7.3 HIGH

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation …

Oct 8, 2025
CVE-2025-11506
7.3 HIGH

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The …

Oct 8, 2025
CVE-2025-11505
7.3 HIGH

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument …

Oct 8, 2025
CVE-2025-60311
8.8 HIGH

ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page

Oct 8, 2025
CVE-2025-11503
7.3 HIGH

A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of …

Oct 8, 2025
CVE-2025-61524
7.2 HIGH

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of …

Oct 8, 2025
CVE-2025-57457
8.8 HIGH

An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" …

Oct 8, 2025
CVE-2025-11488
7.3 HIGH

A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to …

Oct 8, 2025
CVE-2025-9970
7.4 HIGH

Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.

Oct 8, 2025
CVE-2025-53967
8.0 HIGH

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell …

Oct 8, 2025
CVE-2025-11480
7.3 HIGH

A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the …

Oct 8, 2025
CVE-2025-11479
7.3 HIGH

A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of …

Oct 8, 2025
CVE-2025-11477
7.3 HIGH

A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of …

Oct 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.