CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-9900
8.8 HIGH

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing …

Sep 23, 2025
CVE-2025-9844
8.8 HIGH

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.

Sep 23, 2025
CVE-2025-8354
7.8 HIGH

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause …

Sep 23, 2025
CVE-2025-6921
7.5 HIGH

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the …

Sep 23, 2025
CVE-2025-10244
8.7 HIGH

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may …

Sep 23, 2025
CVE-2025-9798
8.9 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from …

Sep 23, 2025
CVE-2025-10857
7.3 HIGH

A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file …

Sep 23, 2025
CVE-2025-10851
7.3 HIGH

A security flaw has been discovered in Campcodes Gym Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=login. Performing manipulation of the …

Sep 23, 2025
CVE-2025-39888
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the …

Sep 23, 2025
CVE-2025-39883
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: …

Sep 23, 2025
CVE-2025-39882
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The for_each_child_of_node() helper drops the reference it takes to …

Sep 23, 2025
CVE-2025-39881
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was …

Sep 23, 2025
CVE-2025-39880
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c …

Sep 23, 2025
CVE-2025-39877
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in state_show() state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock. This allows a use-after-free …

Sep 23, 2025
CVE-2025-39873
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and …

Sep 23, 2025
CVE-2025-39871
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Remove improper idxd_free The call to idxd_free() introduces a duplicate put_device() leading to …

Sep 23, 2025
CVE-2025-39870
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a …

Sep 23, 2025
CVE-2025-39869
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug …

Sep 23, 2025
CVE-2025-39868
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncate_folio_batch_exceptionals() Commit 0e2f80afcfa6("fs/dax: ensure all pages are idle prior to …

Sep 23, 2025
CVE-2025-10843
7.3 HIGH

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing …

Sep 23, 2025
CVE-2025-10842
7.3 HIGH

A vulnerability was detected in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/wew.php. Performing manipulation of the argument ID …

Sep 23, 2025
CVE-2025-10841
7.3 HIGH

A security vulnerability has been detected in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/weweee.php. Such manipulation of the …

Sep 23, 2025
CVE-2025-1131
7.8 HIGH

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in …

Sep 23, 2025
CVE-2025-10838
8.8 HIGH

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto …

Sep 23, 2025
CVE-2025-10836
7.3 HIGH

A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/print1.php. Executing manipulation of the …

Sep 23, 2025
CVE-2025-10380
8.8 HIGH

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and …

Sep 23, 2025
CVE-2025-10834
7.3 HIGH

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. This affects an unknown function of the file /jobportal/admin/login.php. Such manipulation of the argument …

Sep 23, 2025
CVE-2025-10833
7.3 HIGH

A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the …

Sep 23, 2025
CVE-2025-10832
7.3 HIGH

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetch_product_details.php. The manipulation of …

Sep 23, 2025
CVE-2025-10831
7.3 HIGH

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/pro_edit1.php. The manipulation of …

Sep 23, 2025
CVE-2025-10830
7.3 HIGH

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. This issue affects some unknown processing of the file /pages/inv_edit1.php. Executing manipulation …

Sep 23, 2025
CVE-2025-10829
7.3 HIGH

A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the …

Sep 23, 2025
CVE-2025-10817
7.3 HIGH

A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the …

Sep 22, 2025
CVE-2025-10816
7.3 HIGH

A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing …

Sep 22, 2025
CVE-2025-10815
8.8 HIGH

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component …

Sep 22, 2025
CVE-2025-59527
7.5 HIGH

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability …

Sep 22, 2025
CVE-2025-10813
7.3 HIGH

A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home …

Sep 22, 2025
CVE-2025-10812
7.3 HIGH

A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument …

Sep 22, 2025
CVE-2025-8892
7.8 HIGH

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to …

Sep 22, 2025
CVE-2025-59588
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue …

Sep 22, 2025
CVE-2025-59572
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06.

Sep 22, 2025
CVE-2025-59570
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: …

Sep 22, 2025
CVE-2025-59430
8.2 HIGH

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the …

Sep 22, 2025
CVE-2025-58973
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows PHP Local File …

Sep 22, 2025
CVE-2025-58956
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < …

Sep 22, 2025
CVE-2025-58690
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.

Sep 22, 2025
CVE-2025-58688
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= …

Sep 22, 2025
CVE-2025-58687
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through <= …

Sep 22, 2025
CVE-2025-58686
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects …

Sep 22, 2025
CVE-2025-58677
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through <= …

Sep 22, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.