CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-23340
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed …

Sep 24, 2025
CVE-2025-23339
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to …

Sep 24, 2025
CVE-2025-23338
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious …

Sep 24, 2025
CVE-2025-23308
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to …

Sep 24, 2025
CVE-2025-23273
2.5 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting …

Sep 24, 2025
CVE-2025-23271
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed …

Sep 24, 2025
CVE-2025-23255
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed …

Sep 24, 2025
CVE-2025-23248
3.3 LOW

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed …

Sep 24, 2025
CVE-2025-59546
2.4 LOW

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set …

Sep 23, 2025
CVE-2025-0672
3.3 LOW

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically …

Sep 23, 2025
CVE-2017-20200
3.7 LOW

A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. …

Sep 23, 2025
CVE-2025-8282
3.5 LOW

The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above …

Sep 23, 2025
CVE-2025-10837
3.5 LOW

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. …

Sep 23, 2025
CVE-2025-10823
3.3 LOW

A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer …

Sep 23, 2025
CVE-2025-58012
3.8 LOW

Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask content-mask allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Mask: from n/a …

Sep 22, 2025
CVE-2025-58009
3.8 LOW

Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event …

Sep 22, 2025
CVE-2025-10778
3.1 LOW

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift …

Sep 22, 2025
CVE-2025-10776
3.7 LOW

A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in …

Sep 22, 2025
CVE-2025-10761
3.7 LOW

A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads …

Sep 21, 2025
CVE-2025-10758
2.4 LOW

A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component …

Sep 21, 2025
CVE-2025-9081
3.1 LOW

Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board …

Sep 19, 2025
CVE-2025-59692
3.7 LOW

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to …

Sep 18, 2025
CVE-2025-59691
3.7 LOW

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or …

Sep 18, 2025
CVE-2025-10671
3.7 LOW

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The …

Sep 18, 2025
CVE-2025-4444
3.7 LOW

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation …

Sep 18, 2025
CVE-2025-30187
3.7 LOW

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to …

Sep 18, 2025
CVE-2025-10642
3.5 LOW

A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument …

Sep 18, 2025
CVE-2025-10632
3.5 LOW

A security flaw has been discovered in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of …

Sep 18, 2025
CVE-2025-10631
3.5 LOW

A vulnerability was identified in itsourcecode Online Petshop Management System 1.0. Impacted is an unknown function of the file addcnp.php of the component Available Products …

Sep 18, 2025
CVE-2025-59410
3.7 LOW

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file …

Sep 17, 2025
CVE-2025-59349
3.3 LOW

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths …

Sep 17, 2025
CVE-2025-59414
3.1 LOW

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism …

Sep 17, 2025
CVE-2025-10591
3.5 LOW

A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função …

Sep 17, 2025
CVE-2025-10584
3.5 LOW

A vulnerability was identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_calendario_anotacao_cad.php. Such manipulation of the argument nm_anotacao/descricao …

Sep 17, 2025
CVE-2025-30075
2.2 LOW

In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL …

Sep 16, 2025
CVE-2025-59270
3.1 LOW

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position …

Sep 16, 2025
CVE-2025-26710
3.5 LOW

There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces …

Sep 16, 2025
CVE-2025-59453
3.2 LOW

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency …

Sep 16, 2025
CVE-2025-59437
3.2 LOW

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via …

Sep 16, 2025
CVE-2025-59436
3.2 LOW

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via …

Sep 16, 2025
CVE-2025-43357
3.3 LOW

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26. An app …

Sep 15, 2025
CVE-2025-43349
2.8 LOW

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, …

Sep 15, 2025
CVE-2025-43344
3.3 LOW

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, …

Sep 15, 2025
CVE-2025-43328
3.3 LOW

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user …

Sep 15, 2025
CVE-2025-43301
3.3 LOW

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS …

Sep 15, 2025
CVE-2025-43294
3.3 LOW

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS …

Sep 15, 2025
CVE-2025-43283
3.3 LOW

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected …

Sep 15, 2025
CVE-2025-59399
3.1 LOW

libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.

Sep 15, 2025
CVE-2025-59398
3.1 LOW

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object …

Sep 15, 2025
CVE-2025-59377
3.7 LOW

feiskyer mcp-kubernetes-server through 0.1.11 allows OS command injection, even in read-only mode, via /mcp/kubectl because shell=True is used. NOTE: this is unrelated to mcp-server-kubernetes and …

Sep 15, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.