CVE Database

36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-58761
8.6 HIGH

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and prior is vulnerable to path …

Sep 9, 2025
CVE-2025-58760
8.6 HIGH

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `/image` API endpoint in Tautulli v2.15.3 and earlier is vulnerable to …

Sep 9, 2025
CVE-2025-58753
7.5 HIGH

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a …

Sep 9, 2025
CVE-2025-58180
8.8 HIGH

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker …

Sep 9, 2025
CVE-2025-58063
7.1 HIGH

CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion …

Sep 9, 2025
CVE-2025-54257
7.8 HIGH

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the …

Sep 9, 2025
CVE-2025-57278
8.8 HIGH

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, …

Sep 9, 2025
CVE-2025-57060
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-55047
8.4 HIGH

CWE-798 Use of Hard-coded Credentials

Sep 9, 2025
CVE-2025-54256
8.6 HIGH

Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context …

Sep 9, 2025
CVE-2025-54242
7.8 HIGH

Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Sep 9, 2025
CVE-2025-29089
7.5 HIGH

An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information

Sep 9, 2025
CVE-2025-10164
7.3 HIGH

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of …

Sep 9, 2025
CVE-2025-57086
7.5 HIGH

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause …

Sep 9, 2025
CVE-2025-57078
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-10199
7.8 HIGH

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.

Sep 9, 2025
CVE-2025-10198
7.8 HIGH

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.

Sep 9, 2025
CVE-2025-5005
7.3 HIGH

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation …

Sep 9, 2025
CVE-2025-59008
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection zip-code-based-content-protection allows SQL Injection.This issue …

Sep 9, 2025
CVE-2025-58993
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS tutor allows SQL Injection.This issue affects Tutor LMS: …

Sep 9, 2025
CVE-2025-58991
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through …

Sep 9, 2025
CVE-2025-58215
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue …

Sep 9, 2025
CVE-2025-57087
7.5 HIGH

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause …

Sep 9, 2025
CVE-2025-57072
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57071
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57070
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57069
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57064
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57063
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57062
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57061
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability …

Sep 9, 2025
CVE-2025-57059
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-57058
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers …

Sep 9, 2025
CVE-2025-57057
7.5 HIGH

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. This vulnerability allows attackers to cause a …

Sep 9, 2025
CVE-2025-55317
7.8 HIGH

Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-55316
7.8 HIGH

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-55245
7.8 HIGH

Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-55243
7.5 HIGH

Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.

Sep 9, 2025
CVE-2025-55236
7.3 HIGH

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-55234
8.8 HIGH

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make …

Sep 9, 2025
CVE-2025-55228
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-55227
8.8 HIGH

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Sep 9, 2025
CVE-2025-55224
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-55223
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54919
7.5 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54918
8.8 HIGH

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

Sep 9, 2025
CVE-2025-54916
7.8 HIGH

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

Sep 9, 2025
CVE-2025-54913
7.8 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54912
7.8 HIGH

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

Sep 9, 2025
CVE-2025-54911
7.3 HIGH

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

Sep 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.