CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-58290
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

Oct 11, 2025
CVE-2025-58286
3.3 LOW

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

Oct 11, 2025
CVE-2025-58282
2.8 LOW

Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.

Oct 11, 2025
CVE-2025-52635
3.7 LOW

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

Oct 10, 2025
CVE-2025-52625
3.7 LOW

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to …

Oct 10, 2025
CVE-2025-52634
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.

Oct 10, 2025
CVE-2025-52630
3.7 LOW

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

Oct 10, 2025
CVE-2025-52655
3.1 LOW

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code …

Oct 10, 2025
CVE-2025-21046
2.4 LOW

Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

Oct 10, 2025
CVE-2025-4614
2.7 LOW

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web …

Oct 9, 2025
CVE-2025-11495
3.3 LOW

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation …

Oct 8, 2025
CVE-2025-11494
3.3 LOW

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in …

Oct 8, 2025
CVE-2025-11485
2.4 LOW

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users …

Oct 8, 2025
CVE-2025-11443
3.7 LOW

A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password …

Oct 8, 2025
CVE-2025-11441
3.7 LOW

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation …

Oct 8, 2025
CVE-2025-11437
2.4 LOW

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. …

Oct 8, 2025
CVE-2025-11433
3.5 LOW

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query …

Oct 8, 2025
CVE-2025-11425
2.4 LOW

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument …

Oct 8, 2025
CVE-2025-11421
3.5 LOW

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the …

Oct 8, 2025
CVE-2025-61786
3.3 LOW

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.stat` and `Deno.FsFile.prototype.statSync` are not limited by the permission model …

Oct 8, 2025
CVE-2025-61785
3.3 LOW

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.utime` and `Deno.FsFile.prototype.utimeSync` are not limited by the permission model …

Oct 8, 2025
CVE-2025-11414
3.3 LOW

A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This …

Oct 7, 2025
CVE-2025-11413
3.3 LOW

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in …

Oct 7, 2025
CVE-2025-11412
3.3 LOW

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads …

Oct 7, 2025
CVE-2025-62187
2.9 LOW

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames …

Oct 7, 2025
CVE-2025-43910
2.3 LOW

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions …

Oct 7, 2025
CVE-2025-61670
3.3 LOW

Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the `anyref` or `externref` …

Oct 7, 2025
CVE-2025-43909
3.7 LOW

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions …

Oct 7, 2025
CVE-2022-50522
3.3 LOW

In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleon_parse_gdd() If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount …

Oct 7, 2025
CVE-2025-59451
3.5 LOW

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.

Oct 6, 2025
CVE-2025-59447
2.2 LOW

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a …

Oct 6, 2025
CVE-2025-61985
3.6 LOW

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Oct 6, 2025
CVE-2025-61984
3.6 LOW

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand …

Oct 6, 2025
CVE-2025-11333
2.4 LOW

A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add …

Oct 6, 2025
CVE-2025-11332
3.5 LOW

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a …

Oct 6, 2025
CVE-2025-58589
2.7 LOW

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as …

Oct 6, 2025
CVE-2025-58578
3.8 LOW

A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, …

Oct 6, 2025
CVE-2025-11322
3.7 LOW

A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component …

Oct 6, 2025
CVE-2025-11308
3.5 LOW

A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message …

Oct 5, 2025
CVE-2025-11289
2.4 LOW

A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template …

Oct 5, 2025
CVE-2025-11283
2.4 LOW

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can …

Oct 5, 2025
CVE-2025-11282
2.4 LOW

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results …

Oct 5, 2025
CVE-2025-11280
3.7 LOW

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This …

Oct 5, 2025
CVE-2025-11276
3.5 LOW

A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation …

Oct 5, 2025
CVE-2025-11274
3.3 LOW

A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of …

Oct 5, 2025
CVE-2025-61677
2.5 LOW

DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the …

Oct 3, 2025
CVE-2025-52658
3.5 LOW

HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited.

Oct 3, 2025
CVE-2025-10306
3.8 LOW

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via …

Oct 3, 2025
CVE-2025-54089
3.4 LOW

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another …

Oct 2, 2025
CVE-2025-54087
2.6 LOW

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request …

Oct 2, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.