CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-57577
8.0 HIGH

An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their …

Sep 12, 2025
CVE-2025-39797
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which …

Sep 12, 2025
CVE-2025-39796
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger lock dependency in xsk_notify via register_netdevice. …

Sep 12, 2025
CVE-2025-39793
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's …

Sep 12, 2025
CVE-2025-6638
7.5 HIGH

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is …

Sep 12, 2025
CVE-2025-27240
7.2 HIGH

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

Sep 12, 2025
CVE-2025-10265
8.8 HIGH

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them …

Sep 12, 2025
CVE-2025-21043
8.8 HIGH KEV

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Sep 12, 2025
CVE-2025-21042
8.8 HIGH KEV

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Sep 12, 2025
CVE-2025-9086
7.5 HIGH

1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, …

Sep 12, 2025
CVE-2025-8575
7.2 HIGH

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' function in all versions …

Sep 12, 2025
CVE-2025-6454
8.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have …

Sep 12, 2025
CVE-2025-2256
7.5 HIGH

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have …

Sep 12, 2025
CVE-2025-10269
7.5 HIGH

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for …

Sep 12, 2025
CVE-2025-9807
7.5 HIGH

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 …

Sep 12, 2025
CVE-2025-58754
7.5 HIGH

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 …

Sep 12, 2025
CVE-2025-55319
8.8 HIGH

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

Sep 12, 2025
CVE-2025-36222
8.7 HIGH

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that …

Sep 11, 2025
CVE-2025-9319
7.5 HIGH

A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.

Sep 11, 2025
CVE-2025-9201
7.8 HIGH

A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with …

Sep 11, 2025
CVE-2025-8557
8.8 HIGH

An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo …

Sep 11, 2025
CVE-2025-8061
7.0 HIGH

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could …

Sep 11, 2025
CVE-2025-58060
8.0 HIGH

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set …

Sep 11, 2025
CVE-2025-43790
8.1 HIGH

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through …

Sep 11, 2025
CVE-2025-39790
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a …

Sep 11, 2025
CVE-2025-39788
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer …

Sep 11, 2025
CVE-2025-39786
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7173: fix channels index for syscalib_mode Fix the index used to look up …

Sep 11, 2025
CVE-2025-39783
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field …

Sep 11, 2025
CVE-2025-39776
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table entries …

Sep 11, 2025
CVE-2025-39766
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING …

Sep 11, 2025
CVE-2025-39761
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not …

Sep 11, 2025
CVE-2025-39760
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type …

Sep 11, 2025
CVE-2025-39759
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between …

Sep 11, 2025
CVE-2025-39757
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified …

Sep 11, 2025
CVE-2025-39750
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Correct tid cleanup when tid setup fails Currently, if any error occurs during …

Sep 11, 2025
CVE-2025-39749
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked …

Sep 11, 2025
CVE-2025-39744
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to IRQ work During rcu_read_unlock_special(), if this happens during irq_exit(), …

Sep 11, 2025
CVE-2025-39743
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the …

Sep 11, 2025
CVE-2025-39740
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent potential UAF If we hit the error path, the previous fence (if there …

Sep 11, 2025
CVE-2025-39738
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report …

Sep 11, 2025
CVE-2025-58145
7.5 HIGH

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping …

Sep 11, 2025
CVE-2025-58144
7.5 HIGH

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping …

Sep 11, 2025
CVE-2025-9018
8.8 HIGH

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'tt_update_table_function' and …

Sep 11, 2025
CVE-2025-58320
7.3 HIGH

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

Sep 11, 2025
CVE-2025-9874
7.5 HIGH

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwp_dashboard' shortcode. …

Sep 11, 2025
CVE-2025-9693
8.0 HIGH

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path …

Sep 11, 2025
CVE-2025-9073
7.5 HIGH

The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 3.2 …

Sep 11, 2025
CVE-2025-8425
8.8 HIGH

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability …

Sep 11, 2025
CVE-2025-8422
7.5 HIGH

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the …

Sep 11, 2025
CVE-2025-8417
8.1 HIGH

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is …

Sep 11, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.