CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-61590
7.5 HIGH

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio …

Oct 3, 2025
CVE-2025-56551
8.2 HIGH

An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying …

Oct 3, 2025
CVE-2025-60787
7.2 HIGH

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, …

Oct 3, 2025
CVE-2025-55972
7.5 HIGH

A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood …

Oct 3, 2025
CVE-2025-59489
7.4 HIGH

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. …

Oct 3, 2025
CVE-2025-9561
8.8 HIGH

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider() handler in …

Oct 3, 2025
CVE-2025-9213
8.8 HIGH

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation …

Oct 3, 2025
CVE-2025-9212
7.5 HIGH

The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wp_dispatcher_process_upload() function in all versions …

Oct 3, 2025
CVE-2025-9200
7.5 HIGH

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() …

Oct 3, 2025
CVE-2025-10582
8.8 HIGH

The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.0 due to …

Oct 3, 2025
CVE-2025-11234
7.5 HIGH

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This …

Oct 3, 2025
CVE-2025-11223
7.8 HIGH

Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the …

Oct 3, 2025
CVE-2025-0616
8.2 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel …

Oct 3, 2025
CVE-2025-61597
7.6 HIGH

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail …

Oct 3, 2025
CVE-2025-59536
8.8 HIGH

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. …

Oct 3, 2025
CVE-2025-59300
7.8 HIGH

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Oct 3, 2025
CVE-2025-59299
7.8 HIGH

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Oct 3, 2025
CVE-2025-59298
7.8 HIGH

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Oct 3, 2025
CVE-2025-59297
7.8 HIGH

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Oct 3, 2025
CVE-2025-61600
7.5 HIGH

Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote …

Oct 2, 2025
CVE-2025-61665
7.5 HIGH

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in …

Oct 2, 2025
CVE-2025-61604
7.1 HIGH

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The …

Oct 2, 2025
CVE-2025-10653
8.6 HIGH

An unauthenticated debug port may allow access to the device file system.

Oct 2, 2025
CVE-2025-54315
7.1 HIGH

The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.

Oct 2, 2025
CVE-2025-49090
7.1 HIGH

The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.

Oct 2, 2025
CVE-2025-32942
7.2 HIGH

SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.

Oct 2, 2025
CVE-2025-60663
7.5 HIGH

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.

Oct 2, 2025
CVE-2025-59409
7.5 HIGH

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.

Oct 2, 2025
CVE-2025-59405
7.5 HIGH

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a …

Oct 2, 2025
CVE-2025-34208
7.5 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The …

Oct 2, 2025
CVE-2025-60662
7.5 HIGH

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.

Oct 2, 2025
CVE-2025-60660
7.5 HIGH

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.

Oct 2, 2025
CVE-2025-56161
7.5 HIGH

YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field …

Oct 2, 2025
CVE-2025-59745
7.5 HIGH

Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no …

Oct 2, 2025
CVE-2025-59744
7.5 HIGH

Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in …

Oct 2, 2025
CVE-2023-28760
7.5 HIGH

TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to …

Oct 2, 2025
CVE-2025-11240
7.2 HIGH

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME …

Oct 2, 2025
CVE-2024-58267
8.0 HIGH

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication …

Oct 2, 2025
CVE-2024-58260
7.6 HIGH

A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions …

Oct 2, 2025
CVE-2025-61735
7.3 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's …

Oct 2, 2025
CVE-2025-61734
7.5 HIGH

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is …

Oct 2, 2025
CVE-2025-61733
7.5 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to …

Oct 2, 2025
CVE-2025-54289
8.1 HIGH

Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute …

Oct 2, 2025
CVE-2025-54286
8.8 HIGH

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user …

Oct 2, 2025
CVE-2025-9587
8.6 HIGH

The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via …

Oct 2, 2025
CVE-2025-61692
7.8 HIGH

VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed …

Oct 2, 2025
CVE-2025-61691
7.8 HIGH

VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on …

Oct 2, 2025
CVE-2025-61690
7.8 HIGH

KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on …

Oct 2, 2025
CVE-2025-58777
7.8 HIGH

VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be …

Oct 2, 2025
CVE-2025-58776
7.8 HIGH

KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed …

Oct 2, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.