CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-10880
7.5 HIGH

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol …

Sep 25, 2025
CVE-2025-57446
7.5 HIGH

An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted …

Sep 25, 2025
CVE-2025-55560
7.5 HIGH

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled …

Sep 25, 2025
CVE-2025-55559
7.5 HIGH

An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.

Sep 25, 2025
CVE-2025-55558
7.5 HIGH

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a …

Sep 25, 2025
CVE-2025-55557
7.5 HIGH

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service …

Sep 25, 2025
CVE-2025-55553
7.5 HIGH

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

Sep 25, 2025
CVE-2025-55552
7.5 HIGH

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Sep 25, 2025
CVE-2025-10953
8.8 HIGH

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation …

Sep 25, 2025
CVE-2024-48014
7.5 HIGH

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, …

Sep 25, 2025
CVE-2025-59830
7.5 HIGH

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting …

Sep 25, 2025
CVE-2025-55551
7.5 HIGH

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Sep 25, 2025
CVE-2025-40838
7.5 HIGH

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of …

Sep 25, 2025
CVE-2025-40837
8.8 HIGH

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than …

Sep 25, 2025
CVE-2025-27262
7.8 HIGH

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.

Sep 25, 2025
CVE-2025-10951
7.3 HIGH

A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of …

Sep 25, 2025
CVE-2025-10541
7.8 HIGH

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files …

Sep 25, 2025
CVE-2025-59839
8.6 HIGH

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video …

Sep 25, 2025
CVE-2025-59831
8.8 HIGH

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. …

Sep 25, 2025
CVE-2025-57317
7.5 HIGH

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru …

Sep 25, 2025
CVE-2025-26278
7.5 HIGH

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Sep 25, 2025
CVE-2025-10948
8.8 HIGH

A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads …

Sep 25, 2025
CVE-2025-10467
8.9 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs …

Sep 25, 2025
CVE-2025-10449
8.6 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This …

Sep 25, 2025
CVE-2025-10942
8.8 HIGH

A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument …

Sep 25, 2025
CVE-2025-10941
7.8 HIGH

A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. …

Sep 25, 2025
CVE-2025-10438
8.6 HIGH

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: …

Sep 25, 2025
CVE-2025-59833
7.5 HIGH

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in …

Sep 24, 2025
CVE-2025-57319
7.5 HIGH

fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before …

Sep 24, 2025
CVE-2025-57318
7.5 HIGH

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, …

Sep 24, 2025
CVE-2025-57329
7.5 HIGH

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 …

Sep 24, 2025
CVE-2025-57328
7.5 HIGH

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A …

Sep 24, 2025
CVE-2025-57327
7.5 HIGH

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 …

Sep 24, 2025
CVE-2025-57326
7.5 HIGH

A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, …

Sep 24, 2025
CVE-2025-57325
7.5 HIGH

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface …

Sep 24, 2025
CVE-2025-57323
7.5 HIGH

mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version …

Sep 24, 2025
CVE-2025-59251
7.6 HIGH

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Sep 24, 2025
CVE-2025-57349
7.5 HIGH

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key …

Sep 24, 2025
CVE-2025-57330
7.5 HIGH

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows …

Sep 24, 2025
CVE-2025-55322
7.3 HIGH

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.

Sep 24, 2025
CVE-2025-59305
7.6 HIGH

Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to …

Sep 24, 2025
CVE-2025-57350
8.6 HIGH

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. …

Sep 24, 2025
CVE-2025-56241
7.5 HIGH

Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows …

Sep 24, 2025
CVE-2025-52907
8.8 HIGH

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

Sep 24, 2025
CVE-2025-48869
7.5 HIGH

Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing …

Sep 24, 2025
CVE-2025-20352
7.7 HIGH KEV

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, …

Sep 24, 2025
CVE-2025-20327
7.7 HIGH

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service …

Sep 24, 2025
CVE-2025-20315
8.6 HIGH

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device …

Sep 24, 2025
CVE-2025-20312
7.7 HIGH

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial …

Sep 24, 2025
CVE-2025-20311
7.4 HIGH

A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker …

Sep 24, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.