CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-34235
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that …

Sep 29, 2025
CVE-2025-34234
7.5 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that …

Sep 29, 2025
CVE-2025-34231
8.6 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side …

Sep 29, 2025
CVE-2025-34228
8.6 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) …

Sep 29, 2025
CVE-2025-34225
8.6 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) …

Sep 29, 2025
CVE-2025-34209
7.2 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private …

Sep 29, 2025
CVE-2025-35030
8.1 HIGH

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted …

Sep 29, 2025
CVE-2025-57424
7.3 HIGH

A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into …

Sep 29, 2025
CVE-2025-41252
7.5 HIGH

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. …

Sep 29, 2025
CVE-2025-41251
8.1 HIGH

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: …

Sep 29, 2025
CVE-2025-57483
8.1 HIGH

A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via …

Sep 29, 2025
CVE-2025-41250
8.5 HIGH

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be …

Sep 29, 2025
CVE-2025-7104
7.5 HIGH

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal …

Sep 29, 2025
CVE-2025-56234
7.5 HIGH

AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of …

Sep 29, 2025
CVE-2025-56233
7.5 HIGH

Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. For the processing of TCP packets with RST or SYN flag set, Openindiana has a …

Sep 29, 2025
CVE-2025-51495
7.5 HIGH

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause …

Sep 29, 2025
CVE-2025-41244
7.8 HIGH KEV

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with …

Sep 29, 2025
CVE-2024-57412
7.5 HIGH

An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets.

Sep 29, 2025
CVE-2025-41246
7.6 HIGH

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on …

Sep 29, 2025
CVE-2025-57516
8.2 HIGH

OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, and PublicCMS-V5.202506.b allowing attackers to execute arbitrary commands via crafted DATABASE, USERNAME, or PASSWORD variables to the backupDB.bat …

Sep 29, 2025
CVE-2025-56449
8.2 HIGH

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA …

Sep 29, 2025
CVE-2025-6724
8.8 HIGH

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple …

Sep 29, 2025
CVE-2025-11140
7.3 HIGH

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation …

Sep 29, 2025
CVE-2025-11135
7.3 HIGH

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie …

Sep 29, 2025
CVE-2025-11130
8.4 HIGH

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC …

Sep 29, 2025
CVE-2025-11123
8.8 HIGH

A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes …

Sep 28, 2025
CVE-2025-11122
8.8 HIGH

A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in …

Sep 28, 2025
CVE-2025-11120
8.8 HIGH

A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to …

Sep 28, 2025
CVE-2025-11118
7.3 HIGH

A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument …

Sep 28, 2025
CVE-2025-11117
8.8 HIGH

A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes …

Sep 28, 2025
CVE-2025-11116
7.3 HIGH

A vulnerability was found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /add.home.php. The manipulation of the argument faculty …

Sep 28, 2025
CVE-2025-11115
7.3 HIGH

A vulnerability has been found in code-projects Simple Scheduling System 1.0. Affected by this issue is some unknown functionality of the file /addtime.php. The manipulation …

Sep 28, 2025
CVE-2025-11111
7.3 HIGH

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of …

Sep 28, 2025
CVE-2025-11110
7.3 HIGH

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/school_year.php. The …

Sep 28, 2025
CVE-2025-11109
7.3 HIGH

A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation …

Sep 28, 2025
CVE-2025-11108
7.3 HIGH

A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room …

Sep 28, 2025
CVE-2025-11107
7.3 HIGH

A vulnerability was found in code-projects Simple Scheduling System 1.0. This issue affects some unknown processing of the file /schedulingsystem/addcourse.php. Performing manipulation of the argument …

Sep 28, 2025
CVE-2025-11106
7.3 HIGH

A vulnerability has been found in code-projects Simple Scheduling System 1.0. This vulnerability affects unknown code of the file /schedulingsystem/addfaculty.php. Such manipulation of the argument …

Sep 28, 2025
CVE-2025-11105
7.3 HIGH

A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument …

Sep 28, 2025
CVE-2025-11102
7.3 HIGH

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/edit_content.php. Executing manipulation of the …

Sep 28, 2025
CVE-2025-11101
7.3 HIGH

A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/company/index.php?view=edit. Performing manipulation of …

Sep 28, 2025
CVE-2025-11094
7.3 HIGH

A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/admin_product_details.php. Such manipulation of the argument …

Sep 28, 2025
CVE-2025-11091
8.8 HIGH

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The …

Sep 28, 2025
CVE-2025-11089
7.3 HIGH

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch …

Sep 28, 2025
CVE-2025-11077
7.3 HIGH

A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/add_content.php. Executing manipulation of the argument …

Sep 27, 2025
CVE-2025-11076
7.3 HIGH

A vulnerability was found in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_teacher.php. Performing manipulation of the argument …

Sep 27, 2025
CVE-2025-11075
7.3 HIGH

A vulnerability has been found in Campcodes Online Learning Management System 1.0. This affects an unknown function of the file /admin/de_activate.php. Such manipulation of the …

Sep 27, 2025
CVE-2025-11074
7.3 HIGH

A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of …

Sep 27, 2025
CVE-2025-8014
7.5 HIGH

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior …

Sep 27, 2025
CVE-2025-7647
7.3 HIGH

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux …

Sep 27, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.