CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2022-50542
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that …

Oct 7, 2025
CVE-2022-50536
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data In tcp_bpf_send_verdict() redirection, the …

Oct 7, 2025
CVE-2022-50526
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the …

Oct 7, 2025
CVE-2022-50518
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock spinlock to protect parallel modifications of …

Oct 7, 2025
CVE-2025-61772
7.5 HIGH

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s …

Oct 7, 2025
CVE-2025-61771
7.5 HIGH

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) …

Oct 7, 2025
CVE-2025-61770
7.5 HIGH

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the …

Oct 7, 2025
CVE-2025-59425
7.5 HIGH

vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a …

Oct 7, 2025
CVE-2025-57564
8.2 HIGH

CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/_bulk endpoint. This endpoint accepts bulk log data without requiring …

Oct 7, 2025
CVE-2025-54406
8.8 HIGH

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary …

Oct 7, 2025
CVE-2025-54405
8.8 HIGH

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary …

Oct 7, 2025
CVE-2025-54404
8.8 HIGH

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. …

Oct 7, 2025
CVE-2025-54403
8.8 HIGH

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. …

Oct 7, 2025
CVE-2025-54402
8.8 HIGH

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based …

Oct 7, 2025
CVE-2025-54401
8.8 HIGH

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based …

Oct 7, 2025
CVE-2025-54400
8.8 HIGH

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based …

Oct 7, 2025
CVE-2025-54399
8.8 HIGH

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based …

Oct 7, 2025
CVE-2025-50505
7.8 HIGH

Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API …

Oct 7, 2025
CVE-2025-48826
8.8 HIGH

A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. …

Oct 7, 2025
CVE-2025-25009
8.7 HIGH

Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.

Oct 7, 2025
CVE-2025-11397
7.3 HIGH

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. …

Oct 7, 2025
CVE-2021-22291
8.0 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects …

Oct 7, 2025
CVE-2025-40889
8.1 HIGH

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, …

Oct 7, 2025
CVE-2025-40886
7.5 HIGH

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can …

Oct 7, 2025
CVE-2025-3719
8.1 HIGH

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. …

Oct 7, 2025
CVE-2025-3718
7.9 HIGH

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with …

Oct 7, 2025
CVE-2025-11396
7.3 HIGH

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument …

Oct 7, 2025
CVE-2025-11389
8.8 HIGH

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument …

Oct 7, 2025
CVE-2025-11388
8.8 HIGH

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to …

Oct 7, 2025
CVE-2025-11387
8.8 HIGH

A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based …

Oct 7, 2025
CVE-2025-11386
8.8 HIGH

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. …

Oct 7, 2025
CVE-2025-11385
8.8 HIGH

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of …

Oct 7, 2025
CVE-2025-11356
8.8 HIGH

A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of …

Oct 7, 2025
CVE-2025-11355
8.8 HIGH

A vulnerability has been found in UTT 1250GW up to v2v3.2.2-200710. Affected by this vulnerability is the function strcpy of the file /goform/aspChangeChannel. The manipulation …

Oct 7, 2025
CVE-2025-10162
7.5 HIGH

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which …

Oct 7, 2025
CVE-2025-11362
7.5 HIGH

Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An …

Oct 7, 2025
CVE-2025-11350
7.3 HIGH

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. …

Oct 7, 2025
CVE-2025-11349
7.3 HIGH

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the …

Oct 7, 2025
CVE-2025-11348
7.3 HIGH

A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation …

Oct 7, 2025
CVE-2025-11347
7.3 HIGH

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component …

Oct 7, 2025
CVE-2025-6985
7.5 HIGH

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the …

Oct 6, 2025
CVE-2025-11343
7.3 HIGH

A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the …

Oct 6, 2025
CVE-2025-60967
7.3 HIGH

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

Oct 6, 2025
CVE-2025-60963
8.2 HIGH

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a …

Oct 6, 2025
CVE-2025-60962
8.2 HIGH

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly …

Oct 6, 2025
CVE-2025-60960
8.2 HIGH

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a …

Oct 6, 2025
CVE-2025-60959
8.2 HIGH

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

Oct 6, 2025
CVE-2025-60958
7.3 HIGH

Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

Oct 6, 2025
CVE-2025-60956
8.0 HIGH

Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, …

Oct 6, 2025
CVE-2025-36355
8.5 HIGH

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute …

Oct 6, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.