CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-7665
8.1 HIGH

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in …

Sep 19, 2025
CVE-2025-9969
7.1 HIGH

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - …

Sep 19, 2025
CVE-2025-10468
7.5 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal.This issue affects CityPlus: before 24.29375.

Sep 19, 2025
CVE-2025-9906
7.3 HIGH

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .keras model archive that, …

Sep 19, 2025
CVE-2025-9905
7.3 HIGH

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, …

Sep 19, 2025
CVE-2025-10647
8.8 HIGH

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in …

Sep 19, 2025
CVE-2025-7403
7.6 HIGH

Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.

Sep 19, 2025
CVE-2025-10458
7.6 HIGH

Parameters are not validated or sanitized, and are later used in various internal operations.

Sep 19, 2025
CVE-2025-10456
7.1 HIGH

A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a …

Sep 19, 2025
CVE-2025-5955
8.1 HIGH

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to …

Sep 19, 2025
CVE-2025-7937
7.2 HIGH

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially …

Sep 19, 2025
CVE-2025-6198
7.2 HIGH

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially …

Sep 19, 2025
CVE-2025-59220
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Sep 18, 2025
CVE-2025-59216
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Sep 18, 2025
CVE-2025-59215
7.0 HIGH

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Sep 18, 2025
CVE-2025-54860
7.7 HIGH

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as …

Sep 18, 2025
CVE-2025-54818
8.0 HIGH

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The …

Sep 18, 2025
CVE-2025-54810
8.0 HIGH

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The …

Sep 18, 2025
CVE-2025-54497
8.1 HIGH

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, …

Sep 18, 2025
CVE-2025-53969
8.8 HIGH

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as …

Sep 18, 2025
CVE-2025-52873
8.1 HIGH

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, …

Sep 18, 2025
CVE-2025-57295
8.0 HIGH

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and …

Sep 18, 2025
CVE-2025-57293
8.8 HIGH

A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is …

Sep 18, 2025
CVE-2025-55068
8.2 HIGH

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time …

Sep 18, 2025
CVE-2025-54754
8.0 HIGH

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then …

Sep 18, 2025
CVE-2025-53947
7.7 HIGH

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data …

Sep 18, 2025
CVE-2025-59424
7.3 HIGH

LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting (XSS) vulnerability has been identified on the /system/audit page. …

Sep 18, 2025
CVE-2025-10688
7.3 HIGH

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/operation/paid.php. This manipulation of the argument …

Sep 18, 2025
CVE-2025-10687
7.3 HIGH

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/add_teacher.php. The manipulation of the argument Username …

Sep 18, 2025
CVE-2025-55912
7.3 HIGH

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any …

Sep 18, 2025
CVE-2025-50255
7.8 HIGH

Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.

Sep 18, 2025
CVE-2023-53446
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer …

Sep 18, 2025
CVE-2023-53432
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: firewire: net: fix use after free in fwnet_finish_incoming_packet() The netif_rx() function frees the skb so …

Sep 18, 2025
CVE-2023-53427
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix warning and UAF when destroy the MR list If the MR allocate failed, …

Sep 18, 2025
CVE-2023-53426
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible …

Sep 18, 2025
CVE-2023-53420
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Here is a BUG report from syzbot: …

Sep 18, 2025
CVE-2023-49367
8.8 HIGH

An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.

Sep 18, 2025
CVE-2022-50419
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times device_add shall not be called multiple …

Sep 18, 2025
CVE-2022-50417
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only …

Sep 18, 2025
CVE-2022-50413
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assoc_data at this point, so need to …

Sep 18, 2025
CVE-2022-50412
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cec_unregister_adapter() assumes that the underlying …

Sep 18, 2025
CVE-2022-50411
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion …

Sep 18, 2025
CVE-2022-50410
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD …

Sep 18, 2025
CVE-2022-50408
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() > ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb); may be …

Sep 18, 2025
CVE-2022-50406
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I …

Sep 18, 2025
CVE-2022-50401
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure On error situation `clp->cl_cb_conn.cb_xprt` should not …

Sep 18, 2025
CVE-2025-10673
7.3 HIGH

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of …

Sep 18, 2025
CVE-2025-10672
7.8 HIGH

A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. …

Sep 18, 2025
CVE-2025-10670
7.3 HIGH

A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. …

Sep 18, 2025
CVE-2025-10668
7.3 HIGH

A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/compose_msg_admin.php. Such manipulation of the …

Sep 18, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.