CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-37123
8.8 HIGH

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of …

Sep 16, 2025
CVE-2025-10565
7.3 HIGH

A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing …

Sep 16, 2025
CVE-2025-10564
7.3 HIGH

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the …

Sep 16, 2025
CVE-2025-56264
7.5 HIGH

The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.

Sep 16, 2025
CVE-2025-56263
8.8 HIGH

by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.

Sep 16, 2025
CVE-2025-34187
8.8 HIGH

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts …

Sep 16, 2025
CVE-2025-34185
7.5 HIGH

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from …

Sep 16, 2025
CVE-2025-34183
7.5 HIGH

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from …

Sep 16, 2025
CVE-2025-10563
7.3 HIGH

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_category. Such manipulation of …

Sep 16, 2025
CVE-2025-10562
7.3 HIGH

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_product. This manipulation of …

Sep 16, 2025
CVE-2025-57625
8.8 HIGH

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and …

Sep 16, 2025
CVE-2025-57624
7.8 HIGH

A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.

Sep 16, 2025
CVE-2025-56562
7.5 HIGH

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.

Sep 16, 2025
CVE-2025-54262
7.8 HIGH

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read …

Sep 16, 2025
CVE-2025-59050
8.4 HIGH

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message using BinaryFormatter.Deserialize without prior validation …

Sep 16, 2025
CVE-2025-43801
7.5 HIGH

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, …

Sep 16, 2025
CVE-2023-53333
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet …

Sep 16, 2025
CVE-2023-53331
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat …

Sep 16, 2025
CVE-2023-53322
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after …

Sep 16, 2025
CVE-2023-53321
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: drop short frames While technically some control frames like ACK are shorter and …

Sep 16, 2025
CVE-2023-53320
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() The function mpi3mr_get_all_tgt_info() has four issues: 1) It calculates …

Sep 16, 2025
CVE-2023-53316
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Free resources after unregistering them The DP component's unbind operation walks through the submodules …

Sep 16, 2025
CVE-2023-53311
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput During unmount process of nilfs2, …

Sep 16, 2025
CVE-2023-53308
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handle pm_runtime_get() failing in .remove() In the (unlikely) event that pm_runtime_get() (disguised …

Sep 16, 2025
CVE-2023-53307
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails If getting an ID or setting up …

Sep 16, 2025
CVE-2023-53305
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.

Sep 16, 2025
CVE-2022-50339
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at …

Sep 16, 2025
CVE-2025-8894
7.8 HIGH

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to …

Sep 16, 2025
CVE-2025-8893
7.8 HIGH

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

Sep 16, 2025
CVE-2025-59333
8.1 HIGH

The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" …

Sep 16, 2025
CVE-2025-56295
7.3 HIGH

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information …

Sep 16, 2025
CVE-2025-4953
7.4 HIGH

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This …

Sep 16, 2025
CVE-2025-36244
7.4 HIGH

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files …

Sep 16, 2025
CVE-2024-13174
8.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection.This issue affects Web Application: …

Sep 16, 2025
CVE-2025-52044
7.5 HIGH

In Frappe ERPNext v15.57.5, the function get_stock_balance() at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by …

Sep 16, 2025
CVE-2025-44034
8.0 HIGH

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController

Sep 16, 2025
CVE-2025-39836
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setup_mm_hdr() is later …

Sep 16, 2025
CVE-2025-39835
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a …

Sep 16, 2025
CVE-2025-55118
8.9 HIGH

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS …

Sep 16, 2025
CVE-2025-55116
8.8 HIGH

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This …

Sep 16, 2025
CVE-2025-55115
8.8 HIGH

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This …

Sep 16, 2025
CVE-2025-55112
7.4 HIGH

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. …

Sep 16, 2025
CVE-2025-39828
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() …

Sep 16, 2025
CVE-2025-39826
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used …

Sep 16, 2025
CVE-2025-39824
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: asus: fix UAF via HID_CLAIMED_INPUT validation After hid_hw_start() is called hidinput_connect() will eventually be …

Sep 16, 2025
CVE-2025-39823
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled …

Sep 16, 2025
CVE-2025-39821
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu->start()/stop() on perf events in PERF_EVENT_STATE_OFF …

Sep 16, 2025
CVE-2025-39818
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary …

Sep 16, 2025
CVE-2025-39817
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: …

Sep 16, 2025
CVE-2025-39810
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix memory corruption when FW resources change during ifdown bnxt_set_dflt_rings() assumes that it is …

Sep 16, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.