CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-10793
7.3 HIGH

A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the …

Sep 22, 2025
CVE-2025-10792
8.8 HIGH

A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage …

Sep 22, 2025
CVE-2025-10791
7.3 HIGH

A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument …

Sep 22, 2025
CVE-2025-5962
7.7 HIGH

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of …

Sep 22, 2025
CVE-2025-10789
7.3 HIGH

A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteslide.php. The manipulation of …

Sep 22, 2025
CVE-2025-10788
7.3 HIGH

A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the file deleteroominventory.php. Executing manipulation of …

Sep 22, 2025
CVE-2025-10786
7.3 HIGH

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_user. This manipulation of …

Sep 22, 2025
CVE-2025-10785
7.3 HIGH

A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the …

Sep 22, 2025
CVE-2025-10784
7.3 HIGH

A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. …

Sep 22, 2025
CVE-2025-10783
7.3 HIGH

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing …

Sep 22, 2025
CVE-2025-10782
7.3 HIGH

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of …

Sep 22, 2025
CVE-2025-10781
7.3 HIGH

A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument …

Sep 22, 2025
CVE-2025-10779
8.8 HIGH

A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the …

Sep 22, 2025
CVE-2025-10773
8.8 HIGH

A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of …

Sep 22, 2025
CVE-2025-53692
7.1 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site …

Sep 21, 2025
CVE-2025-10757
8.8 HIGH

A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of …

Sep 21, 2025
CVE-2025-10756
8.8 HIGH

A security flaw has been discovered in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of …

Sep 20, 2025
CVE-2025-9079
8.0 HIGH

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which …

Sep 19, 2025
CVE-2025-54815
8.8 HIGH

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.

Sep 19, 2025
CVE-2025-54761
8.0 HIGH

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.

Sep 19, 2025
CVE-2025-52159
8.8 HIGH

Hardcoded credentials in default configuration of PPress 0.0.9.

Sep 19, 2025
CVE-2025-34202
8.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a …

Sep 19, 2025
CVE-2025-34201
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation …

Sep 19, 2025
CVE-2025-34200
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, …

Sep 19, 2025
CVE-2025-34199
8.1 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and …

Sep 19, 2025
CVE-2025-34197
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account …

Sep 19, 2025
CVE-2025-34194
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling …

Sep 19, 2025
CVE-2025-34191
8.4 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability …

Sep 19, 2025
CVE-2025-34190
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (macOS/Linux client deployments) are vulnerable to an authentication …

Sep 19, 2025
CVE-2025-34189
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the …

Sep 19, 2025
CVE-2025-34188
7.8 HIGH

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local …

Sep 19, 2025
CVE-2025-26515
7.5 HIGH

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit …

Sep 19, 2025
CVE-2025-59344
7.7 HIGH

AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery (SSRF) vulnerability exists in the favicon extraction feature of AliasVault API …

Sep 19, 2025
CVE-2025-39866
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback …

Sep 19, 2025
CVE-2025-39864
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track …

Sep 19, 2025
CVE-2025-39863
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work The brcmf_btcoex_detach() only shuts down the btcoex …

Sep 19, 2025
CVE-2025-39862
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, …

Sep 19, 2025
CVE-2025-39861
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files …

Sep 19, 2025
CVE-2025-39860
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the …

Sep 19, 2025
CVE-2025-39859
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog …

Sep 19, 2025
CVE-2025-39855
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx->in_use in ice_ptp_ts_irq The E810 device has support for a …

Sep 19, 2025
CVE-2025-39854
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx->in_use in ice_ll_ts_intr Recent versions of the E810 firmware have …

Sep 19, 2025
CVE-2025-39853
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - …

Sep 19, 2025
CVE-2025-39849
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN …

Sep 19, 2025
CVE-2025-39841
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by …

Sep 19, 2025
CVE-2025-39840
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an …

Sep 19, 2025
CVE-2025-39839
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. …

Sep 19, 2025
CVE-2025-39837
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: platform/x86: asus-wmi: Fix racy registrations asus_wmi_register_driver() may be called from multiple drivers concurrently, which can …

Sep 19, 2025
CVE-2025-57528
7.7 HIGH

An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm …

Sep 19, 2025
CVE-2025-10712
7.3 HIGH

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of …

Sep 19, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.