CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-54376
7.5 HIGH

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication …

Sep 10, 2025
CVE-2025-59049
7.5 HIGH

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach …

Sep 10, 2025
CVE-2025-10201
8.8 HIGH

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted …

Sep 10, 2025
CVE-2025-10200
8.8 HIGH

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Sep 10, 2025
CVE-2025-8696
7.5 HIGH

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system …

Sep 10, 2025
CVE-2025-57392
7.8 HIGH

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or …

Sep 10, 2025
CVE-2025-55976
8.4 HIGH

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the …

Sep 10, 2025
CVE-2025-50892
7.8 HIGH

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. …

Sep 10, 2025
CVE-2025-57642
7.2 HIGH

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to …

Sep 10, 2025
CVE-2025-43888
8.8 HIGH

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local …

Sep 10, 2025
CVE-2025-43887
7.0 HIGH

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit …

Sep 10, 2025
CVE-2025-43885
7.8 HIGH

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. …

Sep 10, 2025
CVE-2025-43884
8.2 HIGH

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. …

Sep 10, 2025
CVE-2025-43725
7.8 HIGH

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could …

Sep 10, 2025
CVE-2025-20340
7.4 HIGH

A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, …

Sep 10, 2025
CVE-2025-56466
7.5 HIGH

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information.

Sep 10, 2025
CVE-2025-56413
8.8 HIGH

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.

Sep 10, 2025
CVE-2025-56407
8.8 HIGH

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/mysql.php. The manipulation …

Sep 10, 2025
CVE-2025-56406
7.5 HIGH

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position …

Sep 10, 2025
CVE-2025-56405
7.5 HIGH

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol.

Sep 10, 2025
CVE-2025-56404
7.5 HIGH

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.

Sep 10, 2025
CVE-2025-10231
7.0 HIGH

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user …

Sep 10, 2025
CVE-2025-7718
8.8 HIGH

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up …

Sep 10, 2025
CVE-2025-10225
7.5 HIGH

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier …

Sep 10, 2025
CVE-2025-10215
7.8 HIGH

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a …

Sep 10, 2025
CVE-2025-10214
7.8 HIGH

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a …

Sep 10, 2025
CVE-2025-10213
7.8 HIGH

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a …

Sep 10, 2025
CVE-2025-7049
8.8 HIGH

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the …

Sep 10, 2025
CVE-2025-41714
8.8 HIGH

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts …

Sep 10, 2025
CVE-2025-10049
7.2 HIGH

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all …

Sep 10, 2025
CVE-2025-10040
7.7 HIGH

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability …

Sep 10, 2025
CVE-2025-10001
7.2 HIGH

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation …

Sep 10, 2025
CVE-2025-58750
8.2 HIGH

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` …

Sep 9, 2025
CVE-2025-10172
8.8 HIGH

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the …

Sep 9, 2025
CVE-2025-54260
7.8 HIGH

Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read …

Sep 9, 2025
CVE-2025-54259
7.8 HIGH

Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the …

Sep 9, 2025
CVE-2025-54258
7.8 HIGH

Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Sep 9, 2025
CVE-2025-49459
7.8 HIGH

Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of …

Sep 9, 2025
CVE-2025-10171
8.8 HIGH

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer …

Sep 9, 2025
CVE-2025-58765
7.1 HIGH

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the 404 error …

Sep 9, 2025
CVE-2025-58763
8.0 HIGH

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with …

Sep 9, 2025
CVE-2025-54245
7.8 HIGH

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Sep 9, 2025
CVE-2025-54244
7.8 HIGH

Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Sep 9, 2025
CVE-2025-54243
7.8 HIGH

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Sep 9, 2025
CVE-2025-23344
7.3 HIGH

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A successful …

Sep 9, 2025
CVE-2025-23343
7.6 HIGH

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may …

Sep 9, 2025
CVE-2025-23342
8.2 HIGH

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . A successful exploit of this …

Sep 9, 2025
CVE-2025-10170
8.8 HIGH

A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the …

Sep 9, 2025
CVE-2025-10169
8.8 HIGH

A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation …

Sep 9, 2025
CVE-2025-7635
7.7 HIGH

Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.

Sep 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.