CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-20160
8.1 HIGH

A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to …

Sep 24, 2025
CVE-2025-56816
8.8 HIGH

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. …

Sep 24, 2025
CVE-2025-56815
7.1 HIGH

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a …

Sep 24, 2025
CVE-2025-20334
8.8 HIGH

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root …

Sep 24, 2025
CVE-2025-10892
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Sep 24, 2025
CVE-2025-10891
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Sep 24, 2025
CVE-2025-10502
8.8 HIGH

Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium …

Sep 24, 2025
CVE-2025-10501
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Sep 24, 2025
CVE-2025-10500
8.8 HIGH

Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Sep 24, 2025
CVE-2025-47329
7.8 HIGH

Memory corruption while handling invalid inputs in application info setup.

Sep 24, 2025
CVE-2025-47328
7.5 HIGH

Transient DOS while processing power control requests with invalid antenna or stream values.

Sep 24, 2025
CVE-2025-47327
7.8 HIGH

Memory corruption while encoding the image data.

Sep 24, 2025
CVE-2025-47326
7.5 HIGH

Transient DOS while handling command data during power control processing.

Sep 24, 2025
CVE-2025-47318
7.5 HIGH

Transient DOS while parsing the EPTM test control message to get the test pattern.

Sep 24, 2025
CVE-2025-47317
7.8 HIGH

Memory corruption due to global buffer overflow when a test command uses an invalid payload type.

Sep 24, 2025
CVE-2025-47316
7.8 HIGH

Memory corruption due to double free when multiple threads race to set the timestamp store.

Sep 24, 2025
CVE-2025-47315
7.8 HIGH

Memory corruption while handling repeated memory unmap requests from guest VM.

Sep 24, 2025
CVE-2025-47314
7.8 HIGH

Memory corruption while processing data sent by FE driver.

Sep 24, 2025
CVE-2025-27077
7.8 HIGH

Memory corruption while processing message in guest VM.

Sep 24, 2025
CVE-2025-27037
7.8 HIGH

Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.

Sep 24, 2025
CVE-2025-27032
7.8 HIGH

memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.

Sep 24, 2025
CVE-2025-21488
8.2 HIGH

Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.

Sep 24, 2025
CVE-2025-21487
8.2 HIGH

Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.

Sep 24, 2025
CVE-2025-21484
8.2 HIGH

Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.

Sep 24, 2025
CVE-2025-21482
7.1 HIGH

Cryptographic issue while performing RSA PKCS padding decoding.

Sep 24, 2025
CVE-2025-21481
7.8 HIGH

Memory corruption while performing private key encryption in trusted application.

Sep 24, 2025
CVE-2025-21476
7.8 HIGH

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

Sep 24, 2025
CVE-2025-48868
7.2 HIGH

Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to …

Sep 24, 2025
CVE-2025-23354
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful …

Sep 24, 2025
CVE-2025-23353
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A …

Sep 24, 2025
CVE-2025-23349
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this …

Sep 24, 2025
CVE-2025-23348
7.8 HIGH

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. …

Sep 24, 2025
CVE-2025-10906
8.4 HIGH

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the …

Sep 24, 2025
CVE-2025-39889
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C …

Sep 24, 2025
CVE-2025-48392
7.5 HIGH

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version …

Sep 24, 2025
CVE-2025-58319
7.8 HIGH

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Sep 24, 2025
CVE-2025-58317
7.8 HIGH

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute …

Sep 24, 2025
CVE-2025-55069
8.3 HIGH

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the …

Sep 23, 2025
CVE-2025-59484
8.3 HIGH

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the …

Sep 23, 2025
CVE-2025-59826
7.6 HIGH

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. …

Sep 23, 2025
CVE-2025-59822
7.5 HIGH

Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling …

Sep 23, 2025
CVE-2025-59534
7.3 HIGH

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the …

Sep 23, 2025
CVE-2025-57638
7.5 HIGH

Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.

Sep 23, 2025
CVE-2025-57637
7.5 HIGH

Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial …

Sep 23, 2025
CVE-2025-51005
7.5 HIGH

A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the …

Sep 23, 2025
CVE-2025-8410
7.4 HIGH

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.

Sep 23, 2025
CVE-2025-56394
7.5 HIGH

Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.

Sep 23, 2025
CVE-2025-55780
7.5 HIGH

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split …

Sep 23, 2025
CVE-2025-52905
7.5 HIGH

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

Sep 23, 2025
CVE-2025-4582
7.1 HIGH

Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from …

Sep 23, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.