CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-59010
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: …

Sep 26, 2025
CVE-2025-59002
7.7 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content …

Sep 26, 2025
CVE-2025-4957
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through …

Sep 26, 2025
CVE-2025-48107
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through < …

Sep 26, 2025
CVE-2025-11021
7.5 HIGH

A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. …

Sep 26, 2025
CVE-2025-10858
7.5 HIGH

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause …

Sep 26, 2025
CVE-2025-35027
7.3 HIGH

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a …

Sep 26, 2025
CVE-2025-10747
7.2 HIGH

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up …

Sep 26, 2025
CVE-2025-60017
8.2 HIGH

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).

Sep 26, 2025
CVE-2025-59408
7.3 HIGH

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.

Sep 25, 2025
CVE-2025-59404
7.5 HIGH

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification …

Sep 25, 2025
CVE-2025-10973
7.3 HIGH

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation …

Sep 25, 2025
CVE-2025-59817
8.4 HIGH

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control …

Sep 25, 2025
CVE-2025-59816
7.3 HIGH

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords …

Sep 25, 2025
CVE-2025-59815
8.4 HIGH

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can …

Sep 25, 2025
CVE-2025-59814
8.8 HIGH

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire …

Sep 25, 2025
CVE-2025-57632
7.5 HIGH

libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without …

Sep 25, 2025
CVE-2025-43993
7.8 HIGH

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low …

Sep 25, 2025
CVE-2025-43816
7.5 HIGH

A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, …

Sep 25, 2025
CVE-2025-10967
7.3 HIGH

A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username …

Sep 25, 2025
CVE-2025-48707
7.5 HIGH

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which …

Sep 25, 2025
CVE-2025-34227
8.8 HIGH

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query …

Sep 25, 2025
CVE-2025-10880
7.5 HIGH

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol …

Sep 25, 2025
CVE-2025-57446
7.5 HIGH

An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted …

Sep 25, 2025
CVE-2025-55560
7.5 HIGH

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled …

Sep 25, 2025
CVE-2025-55559
7.5 HIGH

An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.

Sep 25, 2025
CVE-2025-55558
7.5 HIGH

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a …

Sep 25, 2025
CVE-2025-55557
7.5 HIGH

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service …

Sep 25, 2025
CVE-2025-55553
7.5 HIGH

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

Sep 25, 2025
CVE-2025-55552
7.5 HIGH

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Sep 25, 2025
CVE-2025-10953
8.8 HIGH

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation …

Sep 25, 2025
CVE-2024-48014
7.5 HIGH

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, …

Sep 25, 2025
CVE-2025-59830
7.5 HIGH

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting …

Sep 25, 2025
CVE-2025-55551
7.5 HIGH

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Sep 25, 2025
CVE-2025-40838
7.5 HIGH

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of …

Sep 25, 2025
CVE-2025-40837
8.8 HIGH

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than …

Sep 25, 2025
CVE-2025-27262
7.8 HIGH

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.

Sep 25, 2025
CVE-2025-10951
7.3 HIGH

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of …

Sep 25, 2025
CVE-2025-10541
7.8 HIGH

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files …

Sep 25, 2025
CVE-2025-59839
8.6 HIGH

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video …

Sep 25, 2025
CVE-2025-59831
8.8 HIGH

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. …

Sep 25, 2025
CVE-2025-57317
7.5 HIGH

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru …

Sep 25, 2025
CVE-2025-26278
7.5 HIGH

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Sep 25, 2025
CVE-2025-10948
8.8 HIGH

A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads …

Sep 25, 2025
CVE-2025-10467
8.9 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs …

Sep 25, 2025
CVE-2025-10449
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This …

Sep 25, 2025
CVE-2025-10942
8.8 HIGH

A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument …

Sep 25, 2025
CVE-2025-10941
7.8 HIGH

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. …

Sep 25, 2025
CVE-2025-10438
8.6 HIGH

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: …

Sep 25, 2025
CVE-2025-59833
7.5 HIGH

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in …

Sep 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.