CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-39809
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-quicki2c: Fix ACPI dsd ICRS/ISUB length The QuickI2C ACPI _DSD methods return ICRS …

Sep 16, 2025
CVE-2025-39806
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a …

Sep 16, 2025
CVE-2025-10537
8.8 HIGH

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption …

Sep 16, 2025
CVE-2025-10535
7.5 HIGH

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.

Sep 16, 2025
CVE-2025-10534
8.1 HIGH

Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

Sep 16, 2025
CVE-2025-10533
8.8 HIGH

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Sep 16, 2025
CVE-2025-10528
7.3 HIGH

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, …

Sep 16, 2025
CVE-2025-10527
7.1 HIGH

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Sep 16, 2025
CVE-2025-56706
8.0 HIGH

Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function.

Sep 16, 2025
CVE-2024-12913
8.8 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.This issue …

Sep 16, 2025
CVE-2025-41249
7.5 HIGH

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This …

Sep 16, 2025
CVE-2025-41248
7.5 HIGH

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This …

Sep 16, 2025
CVE-2024-12367
8.6 HIGH

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 …

Sep 16, 2025
CVE-2023-53301
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix kernel crash due to null io->bio We should return when io->bio is null …

Sep 16, 2025
CVE-2023-53286
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, the result …

Sep 16, 2025
CVE-2023-53285
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would …

Sep 16, 2025
CVE-2023-53282
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write …

Sep 16, 2025
CVE-2023-53274
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183: Add back SSPM related clocks This reverts commit 860690a93ef23b567f781c1b631623e27190f101. On the MT8183, …

Sep 16, 2025
CVE-2023-53272
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances occasionally reset. …

Sep 16, 2025
CVE-2023-53265
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size <= alloc, size Ensure that …

Sep 16, 2025
CVE-2023-53263
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create We can't simply free the connector after …

Sep 16, 2025
CVE-2025-43372
7.8 HIGH

The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS …

Sep 15, 2025
CVE-2025-43371
8.2 HIGH

This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.

Sep 15, 2025
CVE-2025-43358
8.8 HIGH

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS …

Sep 15, 2025
CVE-2025-43341
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to …

Sep 15, 2025
CVE-2025-43340
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of …

Sep 15, 2025
CVE-2025-43333
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.

Sep 15, 2025
CVE-2025-43330
8.2 HIGH

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able …

Sep 15, 2025
CVE-2025-43329
8.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26. …

Sep 15, 2025
CVE-2025-43316
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to …

Sep 15, 2025
CVE-2025-43304
7.0 HIGH

A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app …

Sep 15, 2025
CVE-2025-43298
7.8 HIGH

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma …

Sep 15, 2025
CVE-2025-43287
7.1 HIGH

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.

Sep 15, 2025
CVE-2025-43286
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may …

Sep 15, 2025
CVE-2025-43263
7.1 HIGH

The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside …

Sep 15, 2025
CVE-2025-43204
7.8 HIGH

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out …

Sep 15, 2025
CVE-2025-31271
7.5 HIGH

This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on …

Sep 15, 2025
CVE-2025-24088
7.5 HIGH

The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings …

Sep 15, 2025
CVE-2025-56274
8.1 HIGH

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions …

Sep 15, 2025
CVE-2025-10482
7.3 HIGH

A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the …

Sep 15, 2025
CVE-2025-59056
7.5 HIGH

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause …

Sep 15, 2025
CVE-2025-55211
8.8 HIGH

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell …

Sep 15, 2025
CVE-2025-10479
7.3 HIGH

A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. …

Sep 15, 2025
CVE-2025-59332
8.6 HIGH

3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8, the <3d> parser tag and the {{#3d}} parser function allow users to provide custom …

Sep 15, 2025
CVE-2025-10203
7.8 HIGH

Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to …

Sep 15, 2025
CVE-2025-57248
7.3 HIGH

A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the application …

Sep 15, 2025
CVE-2025-43793
7.5 HIGH

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update …

Sep 15, 2025
CVE-2025-10491
7.8 HIGH

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via …

Sep 15, 2025
CVE-2025-10459
7.3 HIGH

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of …

Sep 15, 2025
CVE-2023-53262
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix scheduling while atomic in decompression path [ 16.945668][ C0] Call trace: [ 16.945678][ …

Sep 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.