CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-11476
7.3 HIGH

A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username …

Oct 8, 2025
CVE-2025-11475
7.3 HIGH

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing a …

Oct 8, 2025
CVE-2025-11473
7.3 HIGH

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of …

Oct 8, 2025
CVE-2025-11472
7.3 HIGH

A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /edit_room.php. This manipulation of …

Oct 8, 2025
CVE-2025-11471
7.3 HIGH

A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /edit_customer.php. The manipulation of the …

Oct 8, 2025
CVE-2025-11444
8.8 HIGH

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP …

Oct 8, 2025
CVE-2025-10635
7.7 HIGH

The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and …

Oct 8, 2025
CVE-2025-11434
7.3 HIGH

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of …

Oct 8, 2025
CVE-2025-11432
7.3 HIGH

A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid …

Oct 8, 2025
CVE-2025-11204
7.2 HIGH

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, …

Oct 8, 2025
CVE-2025-11430
7.3 HIGH

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the …

Oct 8, 2025
CVE-2025-10494
8.1 HIGH

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when …

Oct 8, 2025
CVE-2025-61787
8.1 HIGH

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch …

Oct 8, 2025
CVE-2025-11424
7.3 HIGH

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the …

Oct 8, 2025
CVE-2025-11422
7.3 HIGH

A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such …

Oct 8, 2025
CVE-2025-48981
8.6 HIGH

An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol …

Oct 8, 2025
CVE-2025-11420
7.3 HIGH

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results …

Oct 8, 2025
CVE-2025-11416
7.3 HIGH

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation …

Oct 7, 2025
CVE-2025-11415
7.3 HIGH

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation …

Oct 7, 2025
CVE-2025-11408
8.8 HIGH

A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of …

Oct 7, 2025
CVE-2025-6242
7.1 HIGH

A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and …

Oct 7, 2025
CVE-2025-61910
7.5 HIGH

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory …

Oct 7, 2025
CVE-2025-44824
8.5 HIGH

Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even …

Oct 7, 2025
CVE-2025-43727
7.5 HIGH

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS …

Oct 7, 2025
CVE-2025-11462
7.8 HIGH

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated …

Oct 7, 2025
CVE-2025-61784
7.6 HIGH

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any …

Oct 7, 2025
CVE-2025-11192
8.6 HIGH

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric …

Oct 7, 2025
CVE-2025-43914
7.5 HIGH

Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through …

Oct 7, 2025
CVE-2025-36156
7.4 HIGH

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user …

Oct 7, 2025
CVE-2023-53680
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL OPDESC() simply indexes into nfsd4_ops[] by the …

Oct 7, 2025
CVE-2023-53676
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a …

Oct 7, 2025
CVE-2023-53675
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process().

Oct 7, 2025
CVE-2023-53673
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if …

Oct 7, 2025
CVE-2023-53668
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading trace_pipe Soft lockup occurs when reading file 'trace_pipe': watchdog: …

Oct 7, 2025
CVE-2023-53659
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels greater during iavf_remove(), …

Oct 7, 2025
CVE-2023-53652
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used …

Oct 7, 2025
CVE-2023-53646
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/i915/perf: add sentinel to xehp_oa_b_counters Arrays passed to reg_in_range_table should end with empty record. The …

Oct 7, 2025
CVE-2023-53645
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf: Make bpf_refcount_acquire fallible for non-owning refs This patch fixes an incorrect assumption made in …

Oct 7, 2025
CVE-2023-53640
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use_after_free out of bounds When we run syzkaller we get …

Oct 7, 2025
CVE-2023-53638
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: octeon_ep: cancel queued works in probe error path If it fails to get the devices's …

Oct 7, 2025
CVE-2023-53636
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: fix potential UAF in auxdev release callback Similar to commit 1c11289b34ab ("peci: cpu: …

Oct 7, 2025
CVE-2023-53629
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message …

Oct 7, 2025
CVE-2023-53626
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory

Oct 7, 2025
CVE-2023-53622
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2_show_options() Some fields such as gt_logd_secs of the struct …

Oct 7, 2025
CVE-2023-53621
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, …

Oct 7, 2025
CVE-2023-53619
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free If nf_conntrack_init_start() fails (for example due to a …

Oct 7, 2025
CVE-2022-50552
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with …

Oct 7, 2025
CVE-2022-50551
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac that …

Oct 7, 2025
CVE-2022-50546
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: ===================================================== BUG: KMSAN: uninit-value …

Oct 7, 2025
CVE-2022-50543
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr->map double free rxe_mr_cleanup() which tries to free mr->map again will be called …

Oct 7, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.